We are proud to introduce to the community one of our major roadmap items, the BYOC framework.
Interoperability and decentralization is one of our core values of our blockchain and one of our goals is to enable anyone to harness the capabilities of MPC. This is why our BYOC architecture was created in the first place, allowing the onboarding of any liquid assets to be usable as transaction fees (gas) on our blockchain.
Until now the foundation has proposed and enabled the onboarding of ETH, Polygon USDC and BNB as forms of payment. But our long term goal always was to allow for the community to make decisions on what tokens should be enabled on our chain.
The BYOC framework will now allow for the community to propose any tokens running on the Ethereum, BNB or Polygon chains to be usable as gas payment. The proposal then will go to our validators who will then make the final vote on whether or not to onboard the token as form of payment on Partisia Blockchain.
In the coming days we will share additional details and instructions on how the community can create a proposal for a token to be enabled on Partisia Blockchain. The foundation will initially start by submitting proposals to enable both USDT and MATIC tokens, and create detailed instruction guides using these two tokens as templates to help guide the community to onboard other tokens of their choice.
We are very excited to introduce this new feature and looking forward to seeing other great tokens being introduced by the community into our bridge.
When planning a supply chain from a logistics perspective, it is often useful to conduct a little thought experiment and think of yourself in the position of the products involved. In order to do this, you should “be the box” and trace each step you take from the factory to your customer, how much time you need to arrive and all of the steps you need to go through to get there. Let’s say you are a product, a piece of machinery made in a factory in Pennsylvania, United States. Post-production, you need to be packaged a certain way and the relevant paperwork prepared for export and import to the client’s destination, e.g., Germany. For this purpose, export and import documentation need to be prepared, product specification sheets, customs declaration forms, etc. Before “leaving” the factory you need to be packaged and the documentation needs to be prepared and added to the packaging. You are then picked up by a courier, who potentially needs a copy of certain documentation, and brought to a storage/sorting facility. You need to be marked clearly beforehand or afterwards in order to insure you are not confused with another piece of machinery. Then when ordered by a client, you may need to be re-packaged, for which the necessary documentation needs to be available to the courier before being shipped out. You are then picked up by a logistics company, either the same as the one the courier was from, or another one, and transported to where you will be exported. This is one of two places where all of the paperwork has to be in order, as customs officials now could inspect the paperwork and potentially block or delay your export. Customs declaration forms, material safety data sheets, shipment listings, the invoice to the client, etc., all need to be available and correct.
Congratulations, you have passed customs and are now in “international customs limbo”. After being “exported” you are usually transferred to a toll-free storage area and are then sorted into a container or loaded onto an airplane. When you do land, let’s say in Germany, the customs officials will want the same, or even different paperwork — perhaps even the same paperwork but in a slightly different format (I cannot emphasize enough how sensitive managing customs can be). VAT and other import taxes are (or are not) charged based on the required product declaration, which can sometimes differ greatly between countries, and the purpose of use. The product (you) is then released to a logistics company that sends you to your customer’s address. Hurray, you have arrived at your destination!
What this thought experiment shows us, is that during every single one of these steps, there are multiple touchpoints with many different people involved. Each one of these touchpoints represents a moment where a variety of things could go wrong. What if one of the documents falls off the package? What if one of the logistics employees accidentally confuses one of the packages during re-packing at the storage facility, or confuses the documentation? While logistics companies tend to have contingencies and redundancies, things sometimes go wrong causing unnecessary delays in supply chains and, in some cases, lost business.
Blockchain could be used to mitigate such logistics risks: a QR code representing a tokenization of a product could be added to each individual product package, in order to provide information on each individual product instantly and reduce the potential for confusion. Paperwork could be added to these product’s QR codes making them easily accessible to different parties along the supply chain and could also help in compiling different documents. If used correctly, a blockchain could also help keep track of shipments, both internally for logistics companies and externally for those managing supply chains. Sometimes shipments can be a bit like a black box and yes, sometimes products even get “lost”.
Furthermore, not only could documentation be made more accessible, but smart contracts could be created to streamline processes and e.g., create country-specific documentation automatically depending on where the product’s QR code is scanned. This could particularly come in handy if a product’s route is changed short notice, the product is checked by another country’s customs (e.g., another EU port of entry that wants things just ever so slightly differently) or the documentation required is changed at some point. The transparency provided by the blockchain could also make different actors such as customs authorities and/or logistics companies more accountable and provide a better basis for auditing/compliance. Furthermore, payment processes e.g., for VAT and other taxes, could potentially be automated, greatly increasing the speed of the customs clearing process.
The complexity of a supply chain increases with the added burden of quality assurance requirements, laid out by e.g., pharmaceutical GxP (Good practice, the “x” standing for a variety of different areas) regulations. Medical and pharmaceutical, food and cosmetic products require differing levels of traceability and quality assurance from the initial ingredients all the way to the patient. Each step in the production, testing, manufacturing, and distribution needs to be carefully and extensively documented and regarding logistics, the regulation laid out for e.g., pharmaceuticals is that of “Good Distribution Practice” (GDP). If you take the example of an agriculturally derived ingredient for a medicine, the process would be as follows:
A plant is harvested following (and documenting everything) according to Good Agricultural Practice (GAP) or Good Agricultural and Collection Practice (GACP) and then processed (e.g., the relevant ingredients extracted) according to Good Manufacturing Practice (GMP) and tested to Good Laboratory Practice (GLP). The product is then sent, of course following Good Distribution Practice (GDP), to the production facility, where it is further processed and combined with other ingredients to make a final product (under GMP) and then distributed to a pharmacy (again under GDP). Every individual production, testing and transportation step of each individual ingredient is meticulously documented and requires the ability to be audited by different parties as well as government entities. The idea being, that GxPs can assure two things for quality assurance quickly: 1) the assurance of quality of medical products on the market and 2) the ability to trace exactly where something went wrong in a pharmaceutical supply chain if there is some sort of defect. This all undoubtedly brings with it an immense amount of documentation, often in paper format, that needs to be stored for years by each individual party. Not exactly the most efficient way to store or audit a supply chain.
Both regarding the GxP traceability and less-regulated supply chains, blockchain technology could be used to reduce errors, streamline processes, facilitate documentation availability, and allow for better traceability and auditability for all parties involved. However, companies have legitimate reasons not to want to reveal certain information about their supply chains. A pharmaceutical company for example may not want to reveal the source of their ingredients, as a competitor may use that information to their advantage. This is where MPC could come in and be used to obfuscate certain sensitive information about the supply chain. Moreover, necessary documentation could only be made available to certain parties, such as customs authorities.
An MPC-blockchain solution built on Partisia Blockchain for logistics and quality assurance could look as follows: each step set out by GxP could be documented and listed on the blockchain, while only making the source of each documentation available to the parties necessary (e.g., a regulatory body of a manufacturing company). Each package shipped could be traced transparently by the customer, with a smart contract automatically generating documentation for each individual step in the supply chain and customs touchpoint. All of this can be done without revealing too much information to parties that do not need to have the full picture. Such a system could reduce errors, increase efficiency, allow for better auditability and more transparency of supply chains — while MPC keeps valuable trade secrets private.
Partisia Blockchain is dedicated to facilitating innovative solutions to real-life problems. Better supply chain and quality assurance are two of these problems.
Please contact us, if you have any questions about how our technology could improve your supply chain management or quality assurance.
Contact information: build@partisiablockchain.com
Website • Twitter • Discord • Telegram • LinkedIn • Facebook • Instagram • GitLab • Medium • YouTube
In today’s context, the healthcare sector by itself contributes to around 30% of the global data volume, while the pharmaceutical industry significantly adds to this data generation. Handling and utilizing data from these sectors are also subject to some of the strictest regulations due to the nature of data that often includes personally identifiable information. GDPR, internal policies, and other regulatory frameworks pose tough challenges when data is collected or shared beyond isolated data silos for analytical purposes.
Public and private blockchains serve as effective tools for maintaining an immutable and transparent log of transactions, which can be relied upon and examined by various stakeholders such as public authorities. However, when it comes to the actual manipulation and processing data, both public permissionless blockchains and private blockchains are insufficient due to the lack of privacy features. This is where Partisia Blockchains’ distinctive and proprietary secure multiparty computation (MPC) technology emerges as exceptionally valuable
Our MPC technology empowers individuals and organizations to preserve privacy right from the input stage. This entails breaking down data into many encrypted secrets, which are then shared with specialized MPC network nodes. Critically, these nodes remain unaware of the specific content they store or compute on. Predetermined private and public smart contracts establish protocols for computations and determine access privileges to the outcomes, as authorized by permissions.
The potential applications for private computations within the healthcare and pharmaceutical sectors are virtually limitless. In this article, we will explore some of the extensively discussed scenarios.
Privacy technologies play a pivotal role in enhancing the security and confidentiality of private DNA sequencing. With the advancements of genetic analysis techniques, individuals are increasingly seeking to unlock insights from their genomic data, but the sensitive nature of genetic information demands robust measures to preserve privacy. MPC offers solutions by enabling private computations on encrypted genetic data without the need to expose the raw data. This allows for collaborative research, personalized medical insights, and genetic advancements while ensuring that individuals retain control over their sensitive genetic details.
By employing these technologies, private DNA sequencing initiatives can preserve privacy, encourage data sharing for scientific progress, and mitigate the risks associated with unauthorized access or breaches of genetic information.
Traditional data sharing approaches often raise concerns about privacy breaches and data ownership when it comes to the almost abundant amount of sensitive patient information and proprietary research data for healthcare and pharmaceuticals. MPC addresses these challenges by allowing multiple parties to jointly analyze and derive insights from their respective datasets without actually revealing the raw data to each other, but only share valuable outputs.
In the context of clinical research, pharmaceutical companies and healthcare institutions can collaboratively conduct analyses on aggregated datasets while keeping individual patient information and proprietary data secret. This facilitates cross-institutional research without the need to centrally consolidate data, eliminating the risks of data exposure and unauthorized access. Different pharmaceutical companies, each possessing valuable proprietary data, can engage in joint studies without revealing their confidential insights.
This collaborative approach unlocks opportunities for discovering broader trends, identifying potential drug interactions, and conducting large-scale analyses that draw from diverse datasets. By preserving privacy and ownership, MPC encourages cooperation among entities that might have otherwise hesitated due to privacy concerns. In essence, MPC bridges the gap between robust data-driven insights and the need for privacy, fostering a new era of collaborative clinical research across previously isolated data silos and organizations.
MPC offers robust primitives to revolutionize supply chain management within the pharmaceutical and healthcare industries. In these sectors, ensuring the integrity, transparency, and security of the supply chain is of all importance, as any inefficiencies or vulnerabilities can have serious consequences for patient safety and product quality.
MPC provides a solution by enabling various stakeholders, including manufacturers, distributors, regulatory bodies, and even healthcare providers, to collaboratively manage the supply chain without revealing sensitive proprietary information to one another. This is particularly valuable when dealing with complex global supply networks involving multiple parties, each with their own data and interests. Parties can jointly verify and validate critical supply chain information, such as the authenticity of raw materials, production processes, transportation routes, and inventory levels.
For example, pharmaceutical companies can verify the authenticity and quality of raw materials supplied by third-party vendors without sharing their precise formulation details. Regulatory agencies can conduct audits and ensure compliance across the supply chain while preserving the confidentiality of manufacturing processes. Healthcare providers can track the provenance of medical devices or drugs to enhance patient safety and prevent counterfeiting.
MPC-driven supply chain management ensures trust among stakeholders by providing a secure environment for collaboration. It prevents fraud, minimizes the risk of data breaches, and streamlines information sharing. By harnessing the power of MPC, the pharmaceutical and healthcare industries can establish a more efficient, transparent, and secure supply chain ecosystem that ultimately benefits patients, regulatory compliance, and business operations alike.
MPC presents a transformative way for streamlining the recruitment process in clinical trials while upholding patient privacy and data security. Clinical trial recruitment often entails the sharing of sensitive patient information across multiple stakeholders, including healthcare providers, research institutions, and pharmaceutical companies. MPC offers an innovative approach by allowing these entities to collaboratively identify eligible participants without revealing individual patient details.
Using MPC, each participant contributes encrypted data, maintaining the confidentiality of their personal information. The parties can collectively perform computations on this encrypted data to match potential participants with specific trial criteria, such as medical history, demographic characteristics, or genetic markers. This process ensures that no party gains access to the raw data of others, mitigating privacy concerns.
MPC technology not only accelerates the participant matching process but also encourages broader collaboration among stakeholders who might otherwise hesitate to share sensitive patient data. This approach streamlines the recruitment process, reduces administrative burden, and respects patients’ privacy rights. Ultimately, MPC revolutionizes clinical trial recruitment by combining efficiency and data security, fostering trust among stakeholders and contributing to the advancement of medical research.
Website • Twitter • Discord • Telegram • LinkedIn • Facebook • Instagram • GitLab • Medium • YouTube
Changing the data market business model from buying and selling of your data to buying and selling the “use” of your data.
Current advertising data market industry involves selling and buying of data. Regardless of the type of data the advertisers are looking for, it’s all about collecting the data from various means, categorizing it, perhaps pseudo anonymizing it and selling the data to advertisers. And data, as it turns out, is a very lucrative business. The global market size of the advertising market is estimated to be US$600–800 billion and the internet makes up about half of that size.
You probably have heard this statement before. If it is free, you are probably the product being sold. And this is a very common way for the data market players to create a “free” application that allows the collection of data that the market players will buy and sell. The more accurate the data, the more valuable. Google, Facebook, Twitter, Microsoft, etc all use similar business models. But there are other players in this market, some you may have heard of in the news (Cambridge Analytics for example) or smaller companies that trade your data under the covers. They will collect from various sources, reshuffle, and resell the data to others.
But as with any business model, there are challenges and the data market is not without its share of issues.
Partisia Blockchain’s privacy first blockchain with research lead secure multiparty computation (sMPC) can help solve these issues and also provide data market participants with alternate business models that can bridge the gap between consumer privacy concerns and better data overall.
This changes the data market business model from buying and selling of your data to buying and selling the use of your data. By shifting the paradigm to a services model, new potential revenue streams become available while being able to solve some of the difficult challenges facing the advertising industry.
Projects like Blockchain-Ads and Kin are already looking to take advantage of this new model and we are exited to see where this will lead in the future.
Connect with us at build@partisiablockchain.com to see how we can help you create new business models, solve challenges and provide new incentives for the users to use your system.
Website • Twitter • Discord • Telegram • LinkedIn • Facebook • Instagram • GitLab • Medium • YouTube
Throughout the ages, famous philosophers have grappled with the concept of good governance. From Aristotle, Machiavelli, and Hobbes to Rousseau, Voltaire and Rawls, different perspectives have existed and challenged each other over the ages on the topic. Today, in democratic societies at least, the general consensus is that of a government that is accountable to the people, with checks and balances, the guarantees of fundamental rights, and integrity in how it operates. New technologies, such as blockchain, can aid in the pursuit of good governance — this article outlines a few possible examples of how Partisia Blockchain could help governments innovate and better their governance practices:
Paperwork, licenses and standing in lines — bureaucracy is something that regardless of political affiliation, people love to hate. But the true purpose of bureaucracy (whether well-designed or not) is to ensure due process and guarantee people’s rights. This in essence very noble pursuit can run into a variety of different problems, from potential inefficiency to outright corruption. A public blockchain could help to streamline processes and make them more transparent, paperwork can be filed and traced through different steps on the blockchain, whereas combined with MPC the private information in these processes can be kept secret, or only available to certain parties. In certain countries, where corruption is an issue, the intransparency of bureaucracies can allow for wrongdoing in e.g. bureaucratic processes such as ignoring, changing and/or the outright fabrication of documents. A public blockchain could allow for more trust in bureaucratic institutions, especially if those institutions don’t have control over the nodes that operate the blockchain. This is the principle behind a project called DelNorte.
DelNorte is currently running pilot projects in Latin America creating NFTs out of real estate deeds and adding them to a public blockchain. This is meant to make the bureaucratic process more efficient, give more stability and transparency regarding real estate ownership in the participating countries, circumvent potential corruption and maintain the integrity of the institution. While the government is the door to access to the system, the government does not have control over the blockchain and the listed real estate deed NFTs. Partisia Blockchain is proud to have entered into a partnership with DelNorte, helping them to add privacy and security to their e-government solutions.
Governments provide goods and services to their citizens, from parks, highways and schools to militaries for the national defense. While some governments have more resources than others, many of the goods used to e.g., build and maintain a public highway, need to be contracted to third parties. What is usually the case when a government has to contract such goods or services out, is that they publish a tender for which parties can bid. This ideally leads to many different companies bidding for the contract with the government, attempting to underbid each other and/or outclass each other with the quality of the good/service that they provide.
Nonetheless, public procurement bidding processes are often highly intransparent and even prone to corruption, which cheat the taxpayers out of the best possible deal they could have had. Blockchain technology could also help combat this problem, making the bidding process transparent and establishing trust with the general public. However, a major issue with the transparency of a public blockchain is that it does not allow for the hiding of certain sensitive information e.g., a company’s capabilities, classified technology, etc. that could be part of the bidding process. This is where E-Trusty comes in: E-Trusty is a dApp building on Partisia Blockchain to use the public blockchain to create transparency, while obfuscating sensitive information in the bidding process using MPC. The goal is to create a platform for public procurement that allows for the transparency of seeing multiple bids for a given contract, while using MPC to hide and protect sensitive information.
Multiple central banks around the world are beginning to develop and implement so-called central bank digital currencies (CBDCs). As opposed to digital currencies, such as Bitcoin or Ethereum, these digital currencies are centralized and issued by a national bank. They are pegged to the value of a fiat currency and are meant to be a part of the existing financial system. There is however a major concern regarding CBDCs and that is that due to their centralized structure and control, they could essentially allow for a central bank, and by extension a government, to have complete insight into how people are spending their digital money. Furthermore, it is also feasible to imagine that a government could easily overreach, especially if it were to become corrupt, and easily seize such digital money. There would therefore need to be checks and balances guaranteed in the application of a CBDC. One solution for this problem, could be to use MPC to make the settlements of such a CBDC private. Such a system could also be designed to allow for certain transparency towards a government entity with the sufficient legal justification such as a warrant. The CBDCs settlements would be intransparent to e.g. the national bank or the government, however a court could allow for access to certain transaction data for a judicial institution.
In many places across the world, trust in elections is waning: the intransparency of voting systems, combined with distrust fueled by political rhetoric are a major threat to the integrity of democracies today. The recent coup in Bolivia or the storming of the U.S. Capitol have shown that even an unsubstantiated claim of fraud in an election can lead to political violence or even the overturning of a democratically elected government. E-voting, and particularly blockchain-based e-voting solutions, have attempted to solve this issue. They have however run into a variety of problems: intransparency or too much transparency, hardware and/or software vulnerabilities, among many others. Nonetheless, Partisia Blockchain’s MPC technology could help in solving many of these issues. MPC could be used to assure the privacy of a voter’s ballot, while showing votes being tallied for specific candidates in real-time. The election results could be publicly auditable and contestable and voters could be able to track their own votes. This kind of solution could in theory ensure safe, transparent and auditable elections, while keeping people’s votes secret.
Partisia Blockchain Foundation is dedicated to facilitating innovative solutions to real-life problems. Democratic innovation is one of the fields we are proud to contribute to.
Please contact us, if you have any questions about how our technology could enable better governance or if you think your organization could benefit from our technology.
Contact information: build@partisiablockchain.com
Website • Twitter • Discord • Telegram • LinkedIn • Facebook • Instagram • GitLab • Medium • YouTube
During the course of July, students, young professionals, academics, and industry leaders came together from across the globe for the SDG Summer School. This Summer School is organized by the University of Geneva and hosted in the SDG Innovation Lab, close to the United Nations as well as on different campuses around the world in parallel. Partisia Blockchain had the privilege of attending and actively participating in the program.
Groups of students were formed, assigned a coach and began to develop an idea into a project. The projects were all aimed at solving pressing problems and contributing to the Sustainable Development Goals (SDGs). After three weeks the groups pitched their projects to a jury consisting of decision makers from major institutions such as the University of Geneva, the Global Fund and the Olympic Committee.
I had the opportunity of representing Partisia Blockchain and coaching a group of students in creating an innovative solution to women’s health:
“Her Menstrual Trials” is an application using MPC and Blockchain to track women’s health trends and the effects of medications without revealing anyone’s personal health data. The blockchain would provide crypto-incentives to the participants and help store and track the data collected, while MPC would keep the data private, while allowing for real-time, continuous data collection from the participants.
Furthermore, Partisia Blockchain had the pleasure of sponsoring a student from Copenhagen to come to Geneva and participate in the Summer School.
The SDG Summer School is an impactful event empowering young minds to find solutions to the most pressing problems around the world. Partisia Blockchain is proud to support such an initiative and help to contribute to a brighter future for all.
Website • Twitter • Discord • Telegram • LinkedIn • Facebook • Instagram • GitLab • Medium • YouTube
In 2018, the European Union’s General Data Protection Regulation (GDPR) came into effect, causing a wave of changes to terms and conditions in your favorite applications across the globe. GDPR aims to increase people’s control and rights over their own personal information and heavily penalizes companies that infringe on these rights. Infringing on the rights of EU citizens laid out in GDPR could result in a fine of €20 million or 4% of the annual global turnover of an enterprise, so compliance is strongly incentivized. This new regulation is widely considered a major turning point in data protection and privacy rights, starting a policy diffusion of similar data protection laws across the globe. GDPR is law in every member country of the European Union and establishes a “single data market” within the EEA. Similar regulations have also been adopted in California, Chile, Japan, South Africa, Argentina, Turkey and Brazil, among others.
GDPR (as well as many of the similar regulations) involves multiple core tenets, among others setting out the principles for which personal data can be used and processed. Lawful purposes of the use of personal data and the digital rights that citizens have over their personal data. While there are many different compliance aspects of data protection regulations, such as GDPR, here are a few examples of how our technology could help your organization stay compliant:
GDPR requires organizations processing personal data to transform the data in such a way that it cannot be connected to the person it was collected from (pseudonymization). Partisia Blockchain could help an enterprise disassociate a person from their (encrypted) data, assuring such pseudonymization through the use of multiparty computation (MPC) technology. This pseudonymization can also be done in a way to allow for continuous collection of data from the same individual, if required for e.g. a longer-term study.
Furthermore, the concept of MPC also can also aid in maintaining an individual’s control over their data, as e.g. the concept of MPC secret sharing can allow for useful outputs being generated without compromising the underlying data (see Multiparty computation: The beacon of privacy solutions explained). MPC (especially combined with a blockchain) can also therefore increase the security of personal data, as the data and calculations are all run in a decentralized fashion by nodes that are all independent from each other. Partisia Blockchain’s nodes and their operators are all independent, run independent systems and have been vetted for cybersecurity by Partisia Blockchain experts.
Another right laid out by GDPR is the so-called right of access. This is the right of people to be able to see how their data is being processed and with whom it is being shared. The ledger kept on a blockchain could help an organization provide an immutable record to ensure this right. For the same reason, the blockchain could help organizations provide the record of processing activities required for GDPR-compliance under certain circumstances as well. As opposed to some other blockchains, Partisia Blockchain also allows for the possibility of private data to be removed from the record. Essentially meaning that data entered into the blockchain can be erased later on, allowing for compliance with GDPR’s right of erasure (the right for people to have their personal data removed from a database).
Lastly, the geographical location of servers used to process personal data could sometimes mean the difference between compliance and a criminal offense. Partisia Blockchain’s jurisdiction management v1.0 allows organizations’ developers to specify the geographic location of nodes to be used in calculating personal data. This could for example allow for private data from the EU to only be sent to EU-based nodes, ensuring that the integrity of the single data market and the data rights of EU-citizens are not breached.
Partisia Blockchain is committed to empowering others in solving real-world problems using our cutting-edge technology. Data rights and data privacy challenges are two of these problems.
Please contact us, if you have any questions about how our technology could enable data privacy or think we can help your organization in improving its data protection architecture.
Contact information: build@partisiablockchain.com
Website • Twitter • Discord • Telegram • LinkedIn • Facebook • Instagram • GitLab • Medium • YouTube
The point of this document is to provide the shortest (and most intuitive) possible introduction to each of the technologies mentioned in the title. I hope I succeed in this endeavor.
The technologies in this document all — with exception of differential privacy — deal with “secure” computation on data. At a very high level, this means they can be used to perform an arbitrary computation on one or more pieces of data, while keeping this data private.
Secure multiparty computation, which is what we do here at Partisia, is the term for a fairly broad class of protocols that enable two separate entities (called parties) to compute a function, while revealing nothing except the output.
An MPC protocol typically proceeds in three phases: First the inputters secret-share their private inputs. This step can be thought of as each user sending a special type of encryption of their inputs to the nodes doing the computation. The encryption ensures, for example, that at least two out of three nodes are required to recover the input, and thus, we get a security model that relies on non-collusion. It could also be the case that all three nodes must collude to recover the input — in this case, we have a full threshold model (since all servers must collude to break privacy).
The next step involves the nodes (the servers A, B, and C) performing the computation on the encryptions (i.e., secret-shares) received in the input step.
When the nodes finish the computation, they will hold a secret-sharing of the output. Each node’s share is returned to the users, so they can recover the actual output.
As might be inferred from the figures above, MPC works particularly well if the computation nodes are well-connected. Indeed, what makes MPC expensive to run is all the data that the nodes have to send between each other.
MPC have been actively studied in academia since the early 1980s and there are a lot of good resources available to learn more about it:
Fully homomorphic encryption (FHE) solves a very old problem: Can I have my data encrypted and compute on it too? FHE is a tool that allows us to not only store data encrypted on a server, but which allows the server to compute on it as well, without having to decrypt it at any point.
A user encrypts their private data and uploads it to a server. However, unlike a traditional E2EE (End-to-End-Encrypted) scenario, the server can actually perform a computation on the user’s private data — directly on ciphertext. The result can then be decrypted by the user using their private key.
FHE, unlike MPC, relies on clever cryptographic computation, rather than clever cryptographic protocols. On the one hand, this means FHE requires less data to be sent between the server and client compared to MPC. On the other hand, FHE requires a lot of computation to be done by the server.
Practically speaking, FHE is slower than MPC (unless we have an incredibly slow network, or incredibly powerful computers).
Practical FHE is a relatively new technology that only came about in 2009. However, since then it has received quite a bit of interest, especially from “bigger” players like Microsoft or IBM.
Partisia Blockchain supports FHE solutions.
While both MPC and FHE allow us to compute anything, zero-knowledge proof (ZKP) systems allow us to compute proofs. In short, ZKP allows us to compute functions where the output is either “true” or “false”.
ZKPs are incredibly popular in the blockchain space, mainly for their role in “rollups”. The particular type of ZKPs used for rollups are ZK-SNARKs, which are succinct proofs. In a nutshell, a succinct proof is a proof whose size is some fixed (small) constant, and where verification is fast. This makes smart particularly useful for blockchains since the proof and verification are both onchain.
That said, ZK rollups don’t actually use the zero-knowledge property — they only use the soundness and succinctness properties of the proof scheme.
Soundness simply means that it is very difficult to construct a proof that appears valid, but in actuality is not.
ZKPs, like FHE, takes place between a single user and a verifier. The user has a secret and they wish to convince the verifier about some fact concerning this secret, without revealing the secret. ZKPs don’t designate a particular verifier, so anyone can usually check that a proof is correct.
The final private computation technology I will talk about here is trusted execution environments. A trusted execution environment, or TEE, is basically just a piece of hardware that is trusted to do the right thing. If we trust this particular type of hardware, then private computing is clearly doable.
TEEs, being hardware, are tightly connected to some hardware vendor. Often when TEEs are mentioned, what is really meant is something like Intel’s SGX or ARM TrustZone. SGX is the TEE used by Secret Network, for example.
The security model of TEEs is fairly different compared to the other technologies I have written about so far, in that it is a lot more opaque. Vulnerabilities have been demonstrated in different iterations of different TEE products, especially SGX.
Differential privacy is radically different from the previous technologies. (In this discussion I will exclude ZKPs since it does not allow general computations.)
While MPC, TEE and FHE all provide means of computing something on private data, they do not really care about what that something is.
For example, it is possible (albeit pointless) to compute the identity function using both MPC, TEE and FHE.
This is because MPC, TEE and FHE allow us to compute anything. In particular, they allow us to perform computations that are not really private.
At this point, we may ask: Well, why would we perform such a silly computation on private data? For some computations, it might be easy to see that it is not private (in the sense that the original input can easily be inferred from the output). However, there are many computations that are seemingly private, but which can also leak the input if we are not careful. For example, it has been shown that it is possible to extract machine learning models, simply by querying a prediction API. In another example it was shown that it is possible to extract the data that a model was trained on.
These issues all arise because there are no restrictions on the computation that is performed. Differential privacy tries to fix this.
Differential privacy is used to provide a fairly intuitive guarantee. Suppose we are given two databases A and B. The only difference between these two databases, is that a particular entry R exists in A but not in B. Differential privacy now states that, no matter which type of query we make on the database, we will not be able to guess whether we are interacting with A or B.
Naturally, this means that some queries cannot be allowed. For example, it is not possible to obtain differential privacy if one can simply ask “Is record R in the database?”. Generally, differential privacy is obtained by adding noise, or synthetic data, to the database as well as restricting the type of queries that are allowed.
What makes differential privacy different from MPC, TEE and FHE, is that differential privacy makes guarantees about the output of a computation, whereas MPC, TEE and FHE makes guarantees about the process of arriving at that output. In summary:
This also means that differential privacy is not in direct “competition” with MPC, TEE or FHE, but rather complements them.
While each technology has its specific advantages and use cases, it is our feeling that Partisia Blockchain’s MPC, backed by 35 years of research and practical implementation does seem to provide the most overall coverage of all possible scenarios with very little drawback.
Website • Twitter • Discord • Telegram • LinkedIn • Facebook • Instagram • GitLab • Medium • YouTube
A blockchain, at its very core, is a way for everyone to agree on what the current state of the world is, without having to rely on a trusted authority.
Of course, by “everyone” we don’t actually mean everyone, but instead everyone who believes in the security model. Likewise, by “the world” we also don’t actually mean the world, but rather, whatever is currently written on the blockchain’s ledger. Nevertheless, well-known blockchains such as bitcoin or ethereum both have market caps in the 100s of billions of USD, which tells us that the technology excites people.
Programmable blockchains, in particular, are exciting because their “world” is very rich. On a programmable blockchain, the “world” is basically the current memory of a computer, and so, simply by being clever about how we design the programs that run on this computer, we can use it to accomplish almost anything.
Let’s digress for a bit and classify programs into three categories:
— Those that take a public input and produce a public output
— Those that take a private input and produce a public output
— Those that take a private input and produce a private output
A programmable blockchain such Ethereum supports programs of the first kind: Everyone sees what goes into a smart contract on Ethereum, and everyone sees what comes out again. This is great for some applications (like agreeing on who bought a NFT), but clearly not sufficient for others (like performing an auction).
Several solutions have surfaced which attempt to support the remaining two types of computations. Let’s take a brief look at some of them:
Zero-knowledge proofs (ZKPs) are, in a nutshell, a way for someone to convince (i.e., prove to) someone that they know or possess something, without revealing anything about that something. One situation where this shows up, is when someone wishes to prove to someone else that they control a certain amount of tokens.
ZKPs can therefore be used for private-public and private-private computation, to a limited degree. ZKPs can only compute, well, proofs. This in particular means that the computations are limited to a binary “yes” or “no” output. Moreover, ZKPs are inherently single-user oriented, so it is not possible to perform a computation that takes multiple private inputs.
Note that a program that takes a public input, but produces a private input does not make sense. If everyone can see the program and what goes into it, then everyone can obviously see the output as well.
Another private computation technique is fully homomorphic encryption, or FHE as it is called for short. At its very basic, FHE is a way of encrypting data such that it is possible to perform computations directly on the encryption.
This immediately tells us that FHE for sure supports private input private output type computations.
However, FHE, like ZKPs, are oriented towards a single user scenario. This means that, although FHE can perform any computation (which ZKPs cannot do), they cannot perform a computation that receives private inputs from multiple users.
In contrast to the two above technologies (as well as the next one), trusted execution environments (shortened as TEEs) are a purely hardware based solution to the private computing problem we’re looking at.
A TEE is simply a piece of hardware that have been hardened in certain ways that make it hard to break into. If we believe this to be the case, then a TEE can be used to perform the private input, public/private output computations we’re interested in.
Inputs are encrypted using a key stored only on the TEE, and computations take place on the TEE after decryption. When the computation is done, the output is encrypted (or not, depending on whether the output should be public or private) and then output by the TEE. In this way.
TEEs therefore clearly support the type of single-private-input computations talked about so far. However, the situation is a bit complicated if we want to receive inputs from multiple sources. Indeed, the only way that can be possible, is to make sure the same key is stored on everyone’s TEE.
The last tech I will look at is secure multiparty computation, or MPC. This privacy tech supports both types of computations, just like FHE and ZKPs, but where it distinguishes itself is that it naturally supports private inputs from multiple sources. Indeed, there’s a reason it’s called secure multiparty computation.
This makes MPC especially suited for a blockchain because of its multi-user nature.
The above categorization leaves out a lot of details, since it talked about neither the security models that each of the technologies use, nor about their efficiency.
Each of the four technologies above operate in a particular security model, and none of the models are exactly the same. Likewise, they each have some properties that make them desirable compared to the others. (For example, FHE requires more computation, but less communication, than MPC.)
In general, MPC does seem to come out on top, and is the only technology that easily supports computations where multiple users provide inputs. MPC, by its nature, is a decentralized technology, which is probably why it works so well in a blockchain setting. That being said, an ideal world would probably use all of the technologies in a carefully created orchestration to ensure the best guarantees in terms of both security and efficiency.
Website • Twitter • Discord • Telegram • LinkedIn • Facebook • Instagram • GitLab • Medium • YouTube