Privacy-Preserving Matching and Computation in the Browser

There are a variety of obstacles that can make it a challenge to deliver the benefits of privacy-preserving secure computation capabilities to organizations. These can include a lengthy process for obtaining approval to install new software, the cost and personnel effort associated with provisioning new cloud resources, and the technical hurdles involved in integrating existing infrastructure with new APIs. Fortunately, there is a way to sidestep these challenges for at least some secure computation workflows by delivering them via a web browser.

Privacy-Preserving Matching and Computation

Facebook AI Research (FAIR) recently released an open-source framework that makes it possible for two parties to match their respective data sets based on a common identifier — and to perform some aggregate computations over the results of that match — without requiring that either party share data with the other party. The framework is implemented in Rust, with Facebook’s stated rationale for the choice including “superior safety features and ease of writing multithreaded code”.

There are a variety of compelling use cases for a software solution that makes it possible to align the rows within two private or sensitive data sets (based on common row attributes) and to subsequently perform a computation such as a count or a sum over some of the columns in the combined data set. We enumerated some of these use cases in our white paper: enabling business-to-business decision-making without introducing the cost or complexity of third parties or data clean rooms, supporting benchmarking efforts involving multiple organizations, and the evaluation of sensitive or proprietary models or data.

Facebook’s release consists of a command-line software solution that allows two data owners to perform a join operation followed by an aggregation on a pair of data sets (with each data owner contributing one of these data sets). For example, a hospital may have information about the length of each patient’s stay and an insurance provider may know whether each patient visits their primary care physician regularly. The hospital and insurance provider can use this solution to create a report that lists the average hospital stay for each of the two categories of patients (at least for the patients they both have in common). What is unique about this solution is that it uses a cryptographic approach known as secure multi-party computation (including a specific technique known as private set intersection for the join step) to make this computation possible without requiring that either data owner reveal their data set to the other side.

Secure Computation in the Browser

The members of our team at Nth Party have extensive experience developing and deploying secure computation libraries, frameworks, and software applications that can run in a standard web browser. We were excited by Facebook’s announcement of their framework, but we were particularly pleased with the choice of Rust for its implementation. This is because over the past few years, we have seen that it possible to improve the performance of browser-based secure computation solutions by implementing them using WebAssembly. It so happens that it is possible to compile Rust to WebAssembly, with a variety of tools available for accomplishing this task.

Leveraging our team’s experience and combining FAIR’s framework with our own JavaScript secure multi-party computation libraries, we were able to assemble a solution that can deliver via a standard browser the same privacy-preserving matching and computation capabilities available in Facebook’s original solution. This is accomplished by first compiling the client-side and server-side components of the original Rust framework into WebAssembly. It is then possible to tie the client-side portion to a user interface that can run in a browser and to package the server-side component inside a Node.js application.

The Result: Scalable Browser-Based Join and Aggregation Workflows

Our browser-based application displaying some simulated input data (left-hand pane) and the output of a privacy-preserving computation (right-hand pane).

Our open-source solution is available on GitHub. The application as a whole scales reasonably well for a browser-based application, performing in under one minute a privacy-preserving join and aggregation workflow over data sets that number in the thousands. This demonstrates not only that secure computing techniques are ready to address real-world problems, but that they are relatively straightforward to adapt for modern software application stacks. This reinforces our views at Nth Party that secure computation is ready to help make business-to-business and consumer-facing data-oriented services and workflows more secure.