Google has made available an open-source cryptographic tool called Private Join and Compute. The tool uses secure multi-party computation (MPC) to augment the core PSI protocol.
More than 70 million records were stolen or leaked from poorly configured databases last year, making privacy a top concern. That’s no doubt one motivation behind Google’s open-sourcing of Private Join and Compute, a new secure multi-party computation (MPC) tool designed to help organizations work together with confidential data sets.
Private Join and Compute combines two cryptographic techniques – private set intersection and homomorphic encryption. Private set intersection is a technique that finds common identifiers in two sets of data without either data owner needing to show the other owner the underlying data. Google uses an oblivious variant which only marks encrypted identifiers without learning any of the identifiers.
The second technique is homomorphic encryption. This takes encrypted data and carries out computation on it without having to decrypt it, preserving the privacy of the underlying raw data. Throughout the process, individual identifiers and values remain concealed. For example, you can count how many identifiers are in the common set or compute the sum of values associated with marked encrypted identifiers, without learning anything about individuals.
By using both techniques in conjunction, only the size of the joined set and the statistics (e.g. sum) of its associated values is revealed. Individual items are strongly encrypted with random keys throughout and are not available in raw form to the other party or anyone else.
The idea is that the library could be used to work on data sets from independent parties where each party holds their own information about a set of shared identifiers (e.g. email addresses), some of which are common, and get “aggregated insights” about each others data without either of them learning any information about individuals in the datasets.
“exploring a number of potential use cases across collaborative machine learning, user security, and aggregated ads measurement.”Google says
Other suggested uses include mainly fall into the category of finding answers where the data wouldn’t be available because of privacy issues, such as what the long-term health outcomes are of using a new preventative drug, or whether there’s a decrease in reported car accidents when an auto manufacturer adds more advanced safety features to vehicles.