Accessible and Scalable Secure Data Evaluation
Infutor protects customer data using multi-party computation
Members of the Nth Party team have spent the last six years building and enhancing libraries, applications, and products that deliver or incorporate secure multi-party computation (MPC) protocols and capabilities. More recently, browser-based tools released by Nth Party (such as nth.link) have demonstrated that MPC is ready to secure common data workflows and transactions encountered in domains such as marketing and advertising.
Over the last several months, Nth Party has had the opportunity to collaborate with Infutor Data Solutions in building an accessible, scalable secure MPC solution for a common data workflow: evaluation of a prospective customer’s data against a full-scale identity graph. Launched as part of Infutor’s new Test Drive experience, the solution allows prospects and customers to explore how Infutor’s products can add value without revealing their data to Infutor or any other third party.
Secure Data Evaluation at Scale with Infutor
Within the fractured value chains of the data-driven marketing and advertising spaces, companies engage in an innumerable quantity of data transactions on a daily basis. Often, even transactions that may be exploratory in nature (such as those in which a prospective customer is evaluating a vendor’s product or service) involve the transfer of sensitive data about consumers. Conducting these transactions in a safe and compliant manner can require lengthy negotiations, the assembly of legal agreements, the use of data governance tools and platforms, and investment in secure data storage infrastructure or services. But these mitigation techniques are not addressing the root issue: data must be transferred between parties and processed in its decrypted form.
Secure MPC eliminates the root issue: only encrypted data is ever transferred, and no one except the original data owner has a decryption key. This is a key feature of secure MPC protocols, and is sometimes misunderstood: transfer of encrypted data to a recipient who has no key involves no transfer of information — and thus carries no risk— because the data cannot be decrypted.
Using MPC techniques and protocols, Infutor’s Test Drive experience ensures that data is encrypted in a prospective customer’s browser and never decrypted after that point. Quoting the press release:
“Data security and privacy has always been our #1 priority,” says Gary Walter, Chief Executive Officer of Infutor, “With Nth Party’s encryption technology we don’t need to see the data to demonstrate value. It’s a win-win for us and our clients.”
In only a few minutes, the secure computation compares the customer’s encrypted data to Infutor’s identity graph (which features hundreds of millions of records). The customer can then view the results to instantly explore how Infutor’s products can help them achieve their business objectives.
Accessible and Scalable MPC
Nth Party’s work with Infutor builds on previous product releases and demonstrates once again that given the right delivery mechanism and configuration, MPC protocols are more than ready to address real-world data analysis workflows at industrial scales. While some skepticism is sometimes expressed about the maturity of MPC techniques, we hope this work builds confidence in the marketplace that services providers can offer their customers the strong security benefits of well-studied technologies such as secure MPC and private set intersection (which underlie nth.link, Facebook’s Private-ID, and Google’s Private Join and Compute, among others). Furthermore, the security benefits of MPC can be incorporated into on-premise software-only solutions…
- without the need for trusted third parties or clean rooms,
- without use of any specialized hardware, and
- without moving data (either that of the service providers or their customers) to expensive third-party SaaS platforms.
How was the MPC solution for Infutor’s Test Drive experience designed and developed? Throughout its work on practical use cases involving MPC, the Nth Party team has focused on identifying low-hanging fruit opportunities: find the simplest protocol that leverages asymmetry of participant roles to offer the required privacy benefits at scale, combine it with well-understood and long-established algorithms and data structures, and build software libraries and applications that leverage contemporary serverless computing platforms and operate within ubiquitous environments such as web browsers.
The Nth Party team looks forward to building more commercial MPC applications that help secure data-driven workflows, and to contributing open-source libraries that help everyone build production-quality, at-scale secure applications.
