Silent Compute
Enhancing Trust and Data Governance in Open Finance with Privacy Preserving Compute and Auditability
Created on 4th November 2024
•
Silent Compute
Enhancing Trust and Data Governance in Open Finance with Privacy Preserving Compute and Auditability
The problem Silent Compute solves
Our solution solves for trust - how to enable, enforce & audit sensitive collaborations between participants. Exposure of raw customer data to FIUs & TSPs broadens the attack surface and creates a trust gap between FIPs & FIUs, resulting in hesitant and limited participation due to insufficient assurance & clarity of data usage.
Silent Compute proposes an inference exchange model using PETs, where FIUs can perform compute for consented inferences, assuring FIPs that they can never access raw data. The cryptographic Multi-Party Computation (MPC) protocols allow FIUs to extract consent-bound insights from customer’s data, ensuring usage is tied to what customer has consented for, tackling key challenges like:
-
Privacy preserving inference network: FIUs are vulnerable to single point of failure via data breaches or misuse for non-approved purposes, or compromise with utility for privacy & compliance. Our distributed compute engine eliminates exposure of plaintext raw data to FIUs, ensuring usage aligns with the purpose of data fetch & eliminating risk of data misuse or breach while complying with key privacy principles
-
Governance & auditability via verifiable consent: Involvement of multiple entities, including certain unregulated participants like TSPs makes it difficult to establish clear guidelines for accountability. Furthermore, lack of transparency of data usage creates trust gaps with users. Silent Compute enhances governance & reinforces purpose limitation by marrying consent & computation to enforce consent terms in the usage of data
-
Balancing socio-economic incentives: FIUs & TSPs derive substantial value by utilising data to offer personalised services. However, FIPs and AAs do not equally share these benefits. A more equitable distribution of the value generated can be brought by a usage-based compensation model, incentivising better performance & availability from FIPs having financial outcomes directly linked to the quality of their service
Challenges we ran into
At the core of our solution is Multiparty Computation (MPC), an advanced cryptographic technique to derive utility from distributed private data. Despite its strong general foundations, the use of MPC in new contexts—such as the AA ecosystem—poses deep technical challenges. Designing protocols that are performant in the AA context required thorough scrutiny of the academic MPC literature, as well as new science to bridge gaps. Much of the design had a strong dependence on intricate technicalities of the AA specification (which were clarified only following sandbox access), necessitating a rapid path from algorithmic research to prototyping and testing. We will ultimately submit a full technical paper for peer reviewed academic publication, and make it available freely in the spirit of open access to science. We highlight below two of the key technical challenges:
Threshold Decryption: While bespoke ""MPC-friendly"" encryption algorithms do exist, most internet standards for encryption (including those of the AA ecosystem) induce substantial complexity to handle within MPC—an out-of-the-box MPC implementation might take several minutes to decrypt even a kilobyte of data. Our implementation decrypts entire AA-compatible bank statements in seconds, as a result of our algorithmic improvements in switching between elliptic curve and binary encodings in MPC.
Parsing Documents in MPC: Tasks that may be trivial over plaintext can become surprisingly complex in MPC. Parsing and retrieving data from an XML formatted file (as per the AA specification) in a secure fashion turned out to require sophisticated shuffling and padding algorithms, and is currently by far the most expensive component of our system—albeit executed only once. Our innovations here can find applications more generally in importing data from an encrypted stream into an MPC engine.
Tracks Applied (1)