Analytics, Optimization, and
AI/ML on Encrypted Data
By using Stealth’s encryption mechanism, data can be analyzed without ever decrypting it. This means that even if an unauthorized user is able to penetrate the system’s defenses and gain access to the data, they are unable to learn anything meaningful. Indeed, decryption keys are not held by any single server, which means an attacker must simultaneously infiltrate numerous (often geographically dispersed) systems in order to have raw access to data being held.
Our secure computation engine can perform a wide variety of tasks on encrypted data, including:
- (Zero-Knowledge) Auditing/Compliance Checking
- (Private) Set Intersection and Various Operations on Lists
- Arbitrary (Polynomial) Arithmetic Computation
- Statistics, Optimization, and AI/ML
While most of the tooling for our secure computation engine is proprietary, we have built several open source libraries that can be used as part of a secure computation software solution, including:
- SAFRN: aggregate statistics across numerous users’ private data
- PULSAR: various MPC tools, including finding central meeting locations privately
- pfss: Function Secret Sharing (FSS) library
- tumbolandia: Homomorphic Secret Sharing (HSS) library
- sst: Basic cryptographic primitives (large numbers, hash, encryption, etc.)
Searchable Encryption with Policy Enforcement and Querier Privacy Protection
While there are other commercial solutions offering searchable encryption, Stealth’s software package offer several important enhancements that provide additional privacy features. For example, in most solutions for searchable encryption, the Cloud server learns who is accessing the data, what the user is interested in searching for, which records (and how many) are being accessed, how often data is added/updated/removed, etc. Additionally, any regulations that the data administrator wishes to enforce (in terms of who is permitted to access the system and/or rules regarding acceptable queries or which records are allowed to be accessed) must be revealed to the Cloud in order to enforce these.
Stealth’s tools alleviate these additional risks by hiding all this information from the Cloud server.
Processing and interpreting
Our WizToolKit Library is a C++ library and command-line toolkit for working with the ZK Intermediate Representation developed by Stealth and others as part of our work under the DARPA SIEVE Program. WizToolKit is geared towards consuming and processing the IR, however it can help in testing and debugging IR statements. It provides the following capabilities:
- Reading/parsing libraries for backends to ingest all forms of the IR.
- The “BOLT” interpreter library for easily and performantly bridging ZK backends with the IR.
- Tools for testing and debugging IR statements in the Non-ZK setting.
See our WizToolKit information site for additional blog posts and documentation.
While our work on the SIEVE program is ongoing, and much of it is proprietary, we will release and maintain open source libraries for certain ZK tasks, including:
- EMP Toolkit: Backend prover-verifier functionality
- Wizkit: Tools for reading and writing ZK statements
- AssemblyLine: An ultra-lightweight C library and binary for generating machine code of x86_64 assembly language and executing on the fly without invoking another compiler, assembler or linker
Resilient, private, and anonymous routing in adversarial networks
When peer-to-peer communication must pass between a network of server nodes, there are several security concerns that arise based on the vulnerabilities of the network. While protection of message contents is crucial (to prevent leakage, alteration, or deletion), so too is protecting the identities of the users — and in particular keeping hidden the linkage between sender and receiver. Stealth has developed tools to do precisely this: even if a large portion of the network becomes compromised, it is not possible to link a message’s sender to its receiver.
Additionally, Stealth has tools that offer robustness in repressive regimes and hostile networks. These tools include:
- Establishing ad hoc mobile peer-to-peer networks;
- Establishing a network of lightweight servers that can be setup spontaneously and cheaply;
- Strategies to identify and avoid faulty nodes and links in a network.
Private Information Retrieval,
Function Secret Sharing, &
Homomorphic Secret Sharing
As more organizations move their data storage services off-site (e.g. to Cloud servers), an extra layer of risk is introduced: unauthorized access, including compromise of the Cloud server itself. While encrypting all information stored remotely (which we do) partially addresses this concern, there are other damaging leakage issues that may arise, for example the Cloud server may learn who is accessing the data, which records or queries are of interest, how often data is added/updated/removed, etc. Our tools alleviate these additional risks by hiding all this information from the Cloud server.
These tools are built upon cryptographic primitives whose focus is less on the privacy of the data itself, but rather on protecting against indirect information leakage; e.g. learning patterns based on user behavior. For example, Stealth has a state-of-the-art toolsuite that implements the following primitives, in many cases offering the most performant implementations currently available:
- Oblivious Transfer (OT): A basic building block of the other primitives below, this is defined as behavior where a Client can retrieve one of two secrets from a Server, whereby the Server learns nothing about which of the two secrets the Client learned, and the Client learns nothing about the other secret.
- Private Information Retrieval (PIR): A natural extension of OT, whereby a Client receives one record from a database Server, and the Server does not learn which record was retrieved.
- Oblivious RAM (ORAM): This primitive allows for a processor to perform CRUD (Create, Read, Update, Delete) operations on a segment of memory, while hiding: which operation is performed, which memory location is being accessed, and what value is being read/updated.
- Function Secret Sharing (FSS): FSS is an extension of a related primitive in cryptography known as secret sharing. In (ordinary) secret sharing, a secret value is split into shares, with each share being given to a separate entity, with the property that the original value can be obtained if and only if each all shares are combined. FSS extends this functionality to functions, whereby a specific function is split into shares that are delivered to several entities, and then each entity can compute their function (share) on any input, and the actual function output on that input is now being shared between the entities. FSS is relevant here as one possible instantiating mechanism for PIR and ORAM. Our open source PFSS library contains tooling that instantiates state-of-the-art methods to achieve highly performant FSS in a variety of settings.
- Homomorphic Secret Sharing (HSS) is a special case of ordinary secret sharing, which allows for multiple secret (shares) to be combined (added). For example, HSS could be used to implement a Secure Multi-Party Computation (MPC) instance where multiple parties want to compute the sum (or average) of their private data: Each party uses HSS to secret-share their value(s), the shares are then combined locally by each party, and the final result is obtained by having each party ‘open’ their combined/final share. As part of our work under the DARPA Brandeis program, we helped develop an open-source HSS library for programmers to use, available at: https://tumbolandia.net/hss/.
Legacy C code -> GO
(with Memory protection)
As programming languages evolve to offer safety features and other enhancements, legacy software still in use becomes increasingly susceptible to bugs and security vulnerabilities. The programming cost of lifting legacy to code to newer languages is substantial, and impractical in many settings, e.g. if the original entity that authored the software is no longer in existence or has moved on to supporting other products. Therefore, having automated tools that are able to programmatically translate legacy code into safer languages can offer tremendous value to organizations and end users. Through our work on the our work on the DARPA LiLaC program, Stealth has built such a tool, which currently is able to lift legacy C code to the GO programming language.