The Future of Privacy Preserving Credit Scoring
By Giovanni Mazzeo, Matt Ficke, Arne Hollum & Darshan Vaidya
Trading firms typically access credit through central intermediaries that are trusted to take borrowers’ private data, run risk computations, and provide credit to them, often into accounts they control.
Credora (formerly X-Margin) is reimagining this model. We use privacy preserving risk engines to act as a neutral arbitrator of risk, and are able to assess risk without viewing the underlying data. Our system produces cryptographic proofs of the privacy of the data and the accuracy of the computations. Furthermore, acting as a neutral oracle of risk, Credora is able to exert programmatic control over credit that is extended bilaterally, ensuring lenders’ funds are protected. This leads to trading firms being able to access multiple sources of credit, driving a more transparent and scalable credit market.
Today, Credora’s architecture achieves neutrality, accuracy, and privacy, while maintaining the speed of computations. This is done by leveraging a combination of secure Intel SGX enclaves and cryptographic proofs that prove a) the data came into the enclave encrypted, b) the data was only computed on in a specific way, and c) no data was leaked by the enclave. Our architecture ensures there is no need to trust the entity running the enclaves, and anyone can theoretically run these nodes to produce provably neutral credit scoring of trading firms.
That said, the dependency on hardware-based Trusted Execution Environments (TEEs) creates certain risks that are hard to mitigate, including that TEE manufacturers produce uncorrupted hardware and maintain uptime. Of course, manufacturers are incentivized to produce reliable hardware. In fact, Intel SGX is widely used by others in the industry to secure keys. Still, in an effort to remove all dependencies, Credora has been exploring a new frontier for privacy-preserving computing: the use of a recent cryptographic scheme known as Functional Encryption (FE) to enable confidential credit scoring at scale and without the need for a TEE.
FE is a generalization of public-key schemes, which allows users to outsource the computation of specific functions on encrypted data using special keys that can be used only to decrypt the result of the computation but not the data itself.
Let’s consider a simple example to show how FE works. Alice wants to run the following on an untrusted platform:
if (x + y) > 10 return 1; else return -1;
Now, assuming that x and y must be kept confidential, the computation with FE will allow us to perform the comparison (x + y) > 10 on encrypted data and directly know the results without the need for client decryption.
There are existing hardware-less solutions that can perform privacy preserving computations — including Homomorphic Encryption (HE) and Secure Multi-party Computation (MPC). Comparing them to FE explains why these solutions aren’t suitable solutions for scalable credit scoring. Homomorphic Encryption, unlike FE, requires that all computations where intermediate results are needed to proceed must be sent back to the entity holding the private key in order to perform decryption. In conditional programs, this could require a number of decryptions resulting in serious performance overhead.
MPC is an improvement from this point of view since data is broken into smaller parts that are computed in a distributed fashion. However, the generation of large amounts of random numbers and the frequent inter-node communications entail an overhead that is non-negligible for credit scoring computations where trading risk is changing constantly.
Credora recently published a research paper with the University of Naples ‘Parthenope’ (IT) at the ICCSA2021 conference where the FE-based credit scoring solution is described. We review our proof-of-concept and show the results of the experimental evaluation made with synthetic data.
The performance outcomes are promising and leave open the possibility of leveraging functional encryption in production to give further guarantees of neutrality and privacy to our clients.
We are currently exploring multiple use cases for functional encryption, especially as it relates to interaction with blockchains. Publicly posting credit evaluations is not desirable for active trading firms, especially if it invites the possibility of alpha leakage or can be used to infer large positions or vulnerabilities.
What if we could leverage the immutability of blockchains as a database, and allow institutions to maintain control over their credit score? FE is a technology that can enable the on-chain recording of encrypted private credit evaluations, and allow the use of those credit evaluations by parties upon permissioning them, letting those parties see the output of certain credit computations only, through a private key.
We view FE as a fundamental part of how private data gets represented on blockchains in the future and will be a big part of Credora’s growth as a private credit oracle used by DeFi applications. We are already working with multiple partners in this arena, and we are excited to publicly announce our partnerships in the coming months.