TECHNOLOGY

Our new data analytics platform uses blind computations so firms never need to disclose their own data. Read about the technology and view our code below.

Background

Traditionally, when members of a group want to learn about trends across their membership without revealing information to other members in the group, they need to select a trusted third party. This third party will gather data from all the participants, pool it, run computations on the data to produce summary statistics and analysis, and then send only the results back to all the participants in the pool. The third party needs to be trusted because it can view the data sent in by all the participants. Individual participants cannot see the inputs of other contributors, but the trusted third party can see everything. The process works well when participants are comfortable sharing their information with the third party (a risk) in exchange for learning more about the dynamics of the group (a benefit).

But what if participants are unwilling to reveal sensitive data to even a trusted third party? Secure multi-party computation (MPC) offers the same functionality as the data pool described above, but without requiring a trusted third party to see the data. This is possible due to a combination of the mathematical properties of encrypted data and clever structuring of the computations.

SCRAM mimics the traditional aggregation technique, but works exclusively on encrypted data that it cannot see. The system takes in encrypted data from the participants, runs a blind computation on it, and returns an encrypted result that must be unlocked by each participant separately before anyone can see the answer. The security of the system comes from the requirement that the keys from all the participants are needed in order to unlock any of the data. Participants guarantee their own security by agreeing to unlock only the result using their privately held key.

SCRAM replaces the need for a trusted third party.

Cryptographic tools such as multi-party computation and public-key cryptography provide a way to perform mathematical operations on encrypted data without ever exposing the underlying data. While there are a variety of solutions to the challenge of secure computation, we choose an approach for SCRAM that provides simple, straightforward security guarantees as well as support for complex computation. The steps of our computations are provided below:

Our Proccess

Each firm individually generates its own key pair, where each key pair contains a public encryption key and a private decryption key.

All firms submit their public keys to the server.

The server combines all firms' public keys into a single joint/shared public key.

Each firm individually generates its own key pair, where each key pair contains a public encryption key and a private decryption key.

All firms submit their public keys to the server.

The server combines all firms' public keys into a single joint/shared public key.

Each firm individually generates its own key pair, where each key pair contains a public encryption key and a private decryption key.

Each firm individually generates its own key pair, where each key pair contains a public encryption key and a private decryption key.

Each firm encrypts its private data using this new joint/shared public key, generating a ciphertext (an encrypted block of data).

Each firm sends the ciphertext of its private data to the server. This ciphertext completely hides the firm's data.

Each firm encrypts its private data using this new joint/shared public key, generating a ciphertext (an encrypted block of data).

Each firm sends the ciphertext of its private data to the server. This ciphertext completely hides the firm's data.

The server runs computations on all the encrypted data, producing an encrypted result of the computation.

The server sends the encrypted result back to each firm.

Each firm uses the private key they generated in Step 1 to partially decrypt the answer.

The server runs computations on all the encrypted data, producing an encrypted result of the computation.

The server sends the encrypted result back to each firm.

Each firm uses the private key they generated in Step 1 to partially decrypt the answer.

Each firms sends this partially decrypted answer back to the server. Note that without all the partial decryption pieces from all firms, the result is still completely hidden.

Each firms sends this partially decrypted answer back to the server. Note that without all the partial decryption pieces from all firms, the result is still completely hidden.

The server combines the results of all the partial decryptions it receives from firms to produce the decrypted result that is then shared with all firms.