Revolutionizing Data Privacy: The Power of Secure Multiparty Computation
How iliadata is Leading the Charge in Private-Set Intersection (PSI) and Why its matter to increase security, combat fraud while preserve privacy and confidentialtiy.
Hello Cyber Builders 🖖
The European cybersecurity landscape is a hotbed of innovation, teeming with dynamic advancements and groundbreaking technologies. With the CyberBuilders publication, I aim to highlight these developments and bring my readership the freshest and most impactful insights from the cybersecurity world.
Today, I am excited to introduce you to one of the most exciting and transformative areas in cryptography: secure multiparty computation (MPC). This technique addresses a fundamental challenge in the digital age—how to perform calculations on encrypted data without ever needing to decrypt it. MPC allows multiple parties to collaborate on computing functions over their inputs while keeping them private. This has profound implications for industries handling sensitive data and requiring robust security and privacy measures.
In a world increasingly reliant on cloud computing and data sharing, the ability to ensure data privacy without compromising on collaborative capabilities is a game-changer. From financial institutions aiming to combat money laundering to healthcare providers seeking to enhance patient data security, MPC offers a solution that bridges the gap between privacy and collaboration.
In this post, we are delighted to partner with iliadata, a forward-thinking French startup specializing in secure multiparty computation. Julia and Celeste from iliadata have co-authored this article to delve deep into the potential of MPC and its applications. iliadata is at the forefront of implementing these cryptographic techniques in real-world scenarios, demonstrating how advanced methods like MPC and private set intersection (PSI) can revolutionize data security practices across various sectors. Julia and Celeste are too modest to brag, but their track record in cryptography, working in world-leading labs, French DoD, or leading the US NIST competition, speaks for them.
Our collaboration with iliadata underscores CyberBuilder’s commitment to bringing European innovation to the forefront. I believe in fostering a community-driven newsletter highlighting innovative projects and encouraging collaboration. I am eager to work with startups and cybersecurity professionals developing breakthrough technologies or have insightful perspectives on market trends.
Join Celeste, Julia, and me to discuss MPC and PSI and their real-world applications. Feel free to reach Julia and Celeste on their LinkedIn and visit the iliadata website.
Computing on Encrypted Data?!
Cryptography is, maybe surprisingly to some, a fast-moving field continuously evolving to meet the growing demands for data security in an increasingly digital world. Its rapid advancements have led to the development of sophisticated techniques that can address a wide range of security challenges, from ensuring the verifiability and truthfulness of computations through Zero-Knowledge Proofs to preparing for the arrival of large quantum computers with post-quantum cryptography.
One of the most exciting and impactful areas within cryptography focuses on the complex issue of computing encrypted data without ever decrypting it, allowing multiple parties to jointly compute a function over their inputs while keeping those inputs private. Doing so has profound implications for industries that handle sensitive data, require high security and privacy, and cannot (you would rather not) rely on trusted third parties to delegate their computations.
Secure multi-party computation (SMPC, or more commonly just MPC) belongs to this large family of cryptographic techniques and also offers the ability to compute arbitrary operations on data, relying on increased communication between parties. At its core, MPC allows parties to collaborate without revealing their private data to one another. This is achieved through cryptographic protocols that ensure computations are performed so that no individual party's data is exposed.
To manage this, MPC protocols usually rely on (and combine) techniques such as secure secret-sharing that allow the generation of “shares” of confidential data (on which computations are applied separately before the result is jointly reconstructed and revealed to the authorized parties) or homomorphic encryption.
An old idea coming to life with Private Set Intersection (PSI)
Although MPC has been formally studied since the late 1970s, its far-improved performance (thanks to more efficient protocols and faster hardware), as well as security and privacy considerations in a world of cloud computing, have made it one of the most active subfields of cryptography nowadays.
The democratization of such promising cryptography uses is extremely promising, especially in sectors such as finance, healthcare, and insurance, where data confidentiality is crucial. For instance, in finance, MPC can enable different banks to collaborate on anti-money laundering initiatives without exposing their clients' sensitive information.
Private-set intersection (PSI) is a specific and highly relevant MPC application. PSI is a family of cryptographic protocols that allow entities to determine the common elements in their datasets without revealing the actual datasets to each other.
While a less universal approach than generic MPC, PSI makes up for it with better scalability (such as the ability to deal with the billions of records that a real-world database may contain), ease of implementation (without relying on overly complex algorithms, and SDK) and deployment (by simplifying the underlying architecture).
Share data without disclosure - Many Real World Use Cases
This technique is particularly useful when organizations must compare large data sets in a privacy-preserving manner. For example, two companies might want to find overlapping customers without disclosing their entire customer lists. PSI enables them to do this securely and efficiently, maintaining the confidentiality of their data.
Variants of PSI exist for slightly more complex tasks, allowing one to compute specific functions (such as cardinality or some typical statistics) on the intersection result. This flexibility makes PSI a very viable choice in practice for a large chunk of case studies.
Hence, PSI's potential extends to many real-world applications. One prominent example is fraud detection and prevention.
Fraud is a significant concern for many industries, particularly insurers dealing with large claims and financial transactions. Detecting fraudulent activities requires comprehensive analysis and collaboration among multiple entities.
Consider the double-dipping fraud. Double-dipping fraud occurs when a policyholder files multiple claims for the same loss event with different insurers, aiming to receive numerous payouts. This fraud exploits the lack of communication and data sharing between insurers. By sharing claims data, insurers can (or rather could) compare claims across different companies, identify overlapping claims, and detect instances of double-dipping, thereby preventing fraudulent payouts.
PSI enables large-scale privacy-preserved data crunching
However, the challenge lies in sharing the necessary data without compromising the privacy of every policyholder and complying with regulations on handling sensitive data (such as the GDPR). These obstacles make detecting double-dipping extremely difficult in practice. This is where PSI comes into play.
Using PSI, insurers can securely and confidentially share and analyze claims data to identify fraudulent patterns. For instance, if multiple insurance companies want to detect fraud, they can use PSI to compare claims data and uncover common fraudulent activities without exposing the details of legitimate claims. This collaborative approach enhances the accuracy and efficiency of fraud detection, benefiting insurers and their clients by reducing fraud-related losses and ensuring total privacy, as no claim data is shared with anyone else.
iliadata, a European startup pioneer in the PSI market.
With iliadata, we are focused on implementing and deploying these cryptographic techniques. We are currently deploying a first release that leverages PSI to allow insurers to share claim data securely. We demonstrate how advanced cryptographic methods can enhance fraud detection at scale in the insurance industry while maintaining strict data confidentiality.
Such a solution begins with collecting and encrypting claims data from participating insurers. Each insurer encrypts their data using encryption keys, ensuring it remains confidential. The encrypted data is then uploaded to a secure platform where PSI protocols are applied. These protocols enable the detection of fraudulent behaviors on the encrypted data by privately aggregating data from multiple insurers, generating results that highlight potential fraud cases.
One of the significant advantages of this approach is that it eliminates the need for a trusted third party. In traditional data-sharing models, a third party is often required to aggregate and analyze the data, posing a significant risk. Beyond its loyalty, adding a new party with access to data in the clear greatly increases the system's attack surface and, in particular, the risk of data breaches. Such breaches of confidential and personal data have unfortunately quite often happened in the past and been (rightfully so) highly mediatized.
With MPC and PSI in particular, the computations are performed confidentially, with each party retaining control over its data. This always-encrypted approach enhances data security and eliminates data breach risks.
iliadata’s approach revolutionizes the way insurers approach fraud detection. This solution can significantly enhance the accuracy and efficiency of fraud detection processes by enabling secure data sharing and collaborative analysis. Insurers can benefit from reduced fraud-related losses, improved risk management, and increased client trust. Moreover, using advanced cryptographic techniques ensures that data privacy and confidentiality are always maintained, addressing one of the most significant challenges in an age of ubiquitous cloud computing.
Concluding Remarks
Beyond the insurance industry, the implications of MPC and PSI also extend to other sectors. In banking, for instance, they can enable secure collaboration on anti-fraud and anti-money laundering initiatives or transaction analysis. These techniques can facilitate secure data sharing for medical research and patient care coordination in healthcare. The potential applications are vast, highlighting the transformative power of advanced cryptographic methods.
In conclusion, the field of cryptography is continually evolving, pushing the boundaries of data security. Secure multiparty computation (MPC) represents a significant leap forward, enabling secure, collaborative computations while maintaining the privacy of all parties involved. Using iliadata use cases and the practical applications of MPC, particularly in the insurance industry, I feel we have a place where it promises to enhance fraud detection and data security.
At CyberBuilders, I want to continue highlighting innovative projects and foster a community-driven approach to cybersecurity. We are eager to collaborate with startups and other cybersecurity actors, developing breakthrough technologies or having unique insights into market trends.
If you have a groundbreaking idea or perspective, let’s connect and explore how we can bring more light to the innovative landscape of European cybersecurity.
Laurent 💚
Hey, if you missed the first post of the series, it is right here:
Nice. However all this is just a "feature" or "crypto method" by far and large not a product. This is always the same story with cryptography, always nice and cool but never becomes a product. All the post-quantum, full homomorphic encryption, etc, startups are fun with amazing math but this is just a lib somewhere in a feature of a product. Usually the crypto founders aren't willing to build a product in which the crypto stuff is an adjective, thus unfortunately going nowhere. So what's the plan to build a real product?