The market for privacy-preserving technologies and privacy-enhancing computation (PEC) is multifaceted. According to Gartner’s definition, “PEC provides robust, sustainable measures to gain, pool, process or share information while data remains protected in use.” This is an umbrella term encapsulating multiple technical approaches which solve different challenges facing data and analytics leaders today.
The need for PEC solutions is clear, as organizations look to solve their unique data utilization challenges. However, it is important for data and analytics leaders to fully understand and weigh the options available today, how they can complement one another, and how their performance compares and contrasts in different environments.
WHAT DOES TRIPLEBLIND DO?
TripleBlind provides a complete and scalable solution for privacy-enhancing computation built on several underlying advancements to existing concepts like federated computing and secure multi-party computing (MPC). The product is delivered via a set of intuitive, approachable APIs that integrate beautifully into existing data science processes. The capabilities available through the product are scalable and performant for a host of business cases across healthcare, financial services, and more. The solution enables organizations to remain in compliance with strict privacy regulations including HIPAA and GDPR while leveraging protected data to solve problems and drive progress.
WHAT DOES ENVEIL DO?
Enveil is a vendor of homomorphic encryption, a privacy-enhancing technology (PET) for data in use. Homomorphic encryption has been referred to as the “holy grail” of encryption, as it allows for computation to happen on ciphertext, or encrypted data. Users of homomorphic encryption may, however, experience frustrations with computational performance and difficulty-of-use. No regulatory or compliance assurances can be made on top of homomorphic encryption, which is a cybersecurity technique, used in public clouds to keep data safe from other tenants on the same machine. It does not solve for regulatory privacy concerns: restricting access and usage of data for specified, permissioned purposes.
TripleBlind’s product is a comprehensive software-based solution enabling data users to compute analytics, query datasets, and train and infer on machine learning models using third party or protected data without “seeing”, copying, or hosting any raw data. Data owners leverage one-way data encryption and enforce strict permissions controls over who can use their data and for what purpose. The solution works for all data types, structured and unstructured, including images and genomic sequences and across a wide range of computational tasks, including the training and inference of machine learning models.
Enveil’s ZeroReveal® product is a software-based solution delivering homomorphic encryption tools. This technology allows for searches and simple analytics to occur on third-party tabular data without moving it from its place of storage. Enveil is one of several homomorphic encryption technology vendors. The company also provides a federated learning offering, a method of training AI models on distributed datasets without having to move them, by instead training the model separately at each data provider and averaging the resulting models.
PRIVACY ENHANCING COMPUTATION
Degree of Privacy
TripleBlind has undergone a detailed technical evaluation by MITRE, a federally-funded research and development center that works in the public interest across federal, state, and local governments, as well as industry and academia. Additionally, key partners and investors have conducted thorough analyses of the technology, and have concluded that TripleBlind provides the highest level of privacy and interoperability in the privacy-enhancing computation space. Additionally, TripleBlind holds formal mathematical proofs showing that the encryption is irreversible and quantum-safe. This means that TripleBlind meets the criteria for information-theoretic security (also known as Unconditional Security), a qualifier that refers to systems that are secure against adversaries with unlimited time and resources.
Enveil’s homomorphic encryption has been NIAP/CSfC certified for nation-state level protection. Vendors of this technology refer to it as the “holy grail” of data encryption due to the ability it provides to compute on data while it exists in an encrypted state. However, the process of homomorphic encryption still involves the creation of a decryption key, and though that key remains in the possession of the data provider, the requirement of trust is not eliminated – the key could end up in the wrong hands through negligence or malicious activity. Anywhere trust is a requirement, risk is inherently present. Homomorphic encryption is also not proven to be quantum-safe, meaning that as the available computing power increases, the risk of cracking this scheme may increase.
TripleBlind enables organizations to easily add any number of counterparties to a data process without incurring computational burden or speed costs. In fact, some processes are actually faster with the addition of more parties than they would be on raw data, due to calculations being distributed among the participants, with the different pieces running in parallel. Even for complex multi-party computations, results are achieved in comparable time to executing the same operations locally on raw data. The solution exhibits strong performance even for computationally complex tasks including training deep neural networks on unstructured data.
Enveil and other homomorphic encryption approaches can be applied across multiple parties, but only simple searches and analytics are practical. More sophisticated or complex tasks like machine learning model trainings are currently impossible, as they add exorbitant time penalties and computational burden. Even for less complex tasks, more resources are required and results are slower to obtain. According to an IBM study of the efficacy of homomorphic encryption, inferences on fully homomorphically-encrypted (FHE) machine learning models requires roughly 40 to 50 times the compute power and 10 to 20 times the memory than doing the same work on unencrypted models.
Digital Rights Management (DRM)
TripleBlind enables auditable digital rights on how the data may be used by a counterparty, ensuring illegal or non-compliant use of the data is impossible. Settings can be configured such that permissions for data and algorithm usage occur on a per-use basis. The digital rights management enables any business agreement, regulation, or other set of restrictions to be overlaid on top of the data collaboration process, and permissions can be fine-tuned at the granular level.
Enveil does not explicitly mention providing digital rights management over data and algorithm usage. An important point that should be considered is that homomorphically-encrypted data can be reused. Even if agreements are in place to allow only certain operations to be performed on the data, homomorphic encryption cannot enforce any governing rules or restrictions over how the data may be used beyond the agreed-upon purpose.
Ability to Operate at Scale
TripleBlind makes it extremely easy to add new partners to an existing data and analytics collaboration. Because of the flexibly configurable digital rights management capabilities, adding a new data provider or data user is as easy as updating permissions settings, either in the web user interface or through API configuration, to allow the new partner to participate at the appropriate, agreed-upon level. With listings in cloud marketplaces like Azure, TripleBlind is now easier than ever to start using. Because the product itself is delivered in the exact same format for every customer, whether a data provider or data user, documentation and customer support are standardized and easy to access.
Enveil likely has difficulties when it comes to operating at scale. Typically, with homomorphic encryption solutions, the larger the datasets being used and the more counterparties are involved, the more time, resources, and communication is needed to carry out the data operation. In the client-server system, each party must be running either the client or server app, configured to work with the designated parties. Adding or removing parties from this process may be burdensome and involve significant reconfiguration.
Customers can acquire Enveil through cloud stores including the AWS and Microsoft Azure marketplaces.
Types of Data
TripleBlind protects data at the bits and bytes level. Rather than requiring a human to designate which fields should be protected and which can be exposed, TripleBlind takes the approach that any bit of data could contain private or sensitive information requiring protection. As a result, everything is one-way encrypted, and everything in the dataset remains computable, meaning datasets retain their full fidelity/utility and remain protected in-use.
A key consequence of this approach is that it allows for any type of data, including tabular, image, voice, video, genomics, and even proprietary data types to be processed with the same protections. Whereas typically image and genomics data are extremely difficult to de-identify due to their inherent inclusion of identifying information, TripleBlind makes it easy to compute on those data types and more, while providing the same protections afforded to tabular data.
Enveil more than likely only deals with small sets of tabular datasets. Because of the increased compute and memory requirements needed to run such a computationally-heavy scheme, homomorphic encryption is limited in its practical usage for larger datasets and is unusable for more specialized sensitive data types like image, voice, video, or genetic data.
Training New AI and ML Models
TripleBlind offers a capability called Blind Learning which makes training new artificial intelligence and machine learning models on sensitive data easier, faster, and compliant with laws that require data to remain in place. Blind Learning is TripleBlind’s alternative to federated learning, a well-known concept by which a model is trained individually at multiple data sources, and the resulting models are averaged. With Blind Learning, the data providers never get to access the full model, which protects the IP in the model. Blind Learning also protects against membership inference attacks, which seek to predict or uncover the data used to train a model.
Enveil’s ZeroReveal® Machine Learning product provides a form of federated learning, which involves training a machine learning model separately at one or more data sources, before averaging the resulting models back at the data user’s side. Federated Learning is promising but has several downsides. The approach puts the computational burden on the data providers, who must have sufficient computational resources available to perform the model training. Additionally, it is inefficient, requiring training the model as many times as there are data providers, rather than training it one time. These issues add time and resource overhead, instead of creating efficiencies for an already-complicated process.
TripleBlind also provides protections for algorithms, which may contain sensitive intellectual property. Certain types of attacks such as reconstruction attacks target machine learning models, with the goal of recreating or guessing at the data used to train the model. Developing high-performing algorithms involves time and resources, so protecting algorithms from reverse-engineering has become an increasingly important objective. TripleBlind’s privacy-enhancing computation keeps the algorithms in a one-way encrypted state during computation. Therefore, the data provider is blind to the algorithm, the data user is blind to the raw data, and TripleBlind is blind to both – hence the name. Algorithm encryption is a distinctive feature of TripleBlind’s solution which is rarely addressed in other solutions.
Enveil does not appear to offer any special protections for algorithms.Even the most advanced fully homomorphic encryption (FHE) does not offer algorithm protections. It simply adds the ability to perform multiplications, but at a significant time and compute penalty.
TripleBlind enables organizations to achieve compliance with data privacy laws and regulations, including GDPR and HIPAA. Because the technology allows computations on the ciphertext of one-way-encrypted data, raw personal data can remain safely in place while it is being used for computation. Where de-identification is required, such as in HIPAA, TripleBlind’s one-way encryption at the byte level ensures that every element of a dataset can be protected and invisible to the data user, who can still derive all of the actionable value they need from the full dataset. No data is ever copied, transmitted, or physically aggregated. TripleBlind holds formal third-party legal opinions stating that the technology can be used in compliance with GDPR and HIPAA.
Enveil solves for computational privacy, but GDPR and data residency regulators have taken the position that homomorphic encryption does not solve for regulatory privacy, and where it does, certain safeguards must always be followed by the users of the technology. This largely has to do with the existence of a decryption key. Though a covered entity, in the case of HIPAA for example, may hold that key safe, human error or technological advancement could reasonably pose a risk to the key, and thus the sensitive data it protects, being revealed to unauthorized parties. Re-identification possibilities are a major concern for privacy regulators, and the existence of a decryption key that must be safeguarded provides a risk that sensitive data could be compromised.
TripleBlind is entirely software-based and API-driven, which makes it seamless for our customers to integrate privacy-enhancing computation into their existing tool suites and cloud solutions. The solution works on-prem or in the cloud, offering the flexibility customers need while reducing the requirements for extra data preparation and aggregation steps.
Enveil is also API-driven, but requires a separate client and server application, rather than offering both wrapped up in a single solution. Computationally-heavy solutions like homomorphic encryption also require data users to have sufficiently powerful and abundant computational resources, reducing opportunities for interoperability and limiting the number of players who can participate in privacy-enhancing computation.
TripleBlind’s solution is delivered as containerized software that sits behind the firewalls of the data provider and data user, whether on-prem or on a cloud server. All data operations occur in a peer-to-peer way between the two or more counterparties involved. A TripleBlind “router” assists in establishing these connections, but never takes possession of any data or algorithms. This process eliminates the need for any specific hardware requirements for the users.
Enveil’s product is delivered via software in the form of a client application and a server application. Despite Enveil’s API-based architecture, often users of homomorphic encryption face the issue of achieving acceptable speed and performance standards for real-world applications. As a result, special high performance compute hardware must often be introduced to speed up the processing of data, adding one more level of complexity to the process.
Accuracy Preservation at Speed
TripleBlind facilitates privacy-enhancing computation without sacrificing accuracy and stacks up extremely well compared to other approaches. In testing, compared to federated learning, Blind Learning was able to achieve more accurate model performance in much less time. Neural network inference using Blind Inference was also 15-2500% faster than other methods. The levels of accuracy achieved by the TripleBlind tools are acceptable in high-stakes environments like healthcare and financial services, where both speed and accuracy are critical to decision-making.
Enveil likely is also able to achieve accurate results for their search and machine learning functionality, but that accuracy most definitely comes at a significant cost of time and computational resources for any operations beyond simple searches. The methods employed, including homomorphic encryption and federated learning, are known for their impractically slow nature for semi-complex and complex tasks. Additionally, the inability to support multiple data types and to evaluate neural networks limits the user’s ability to train or use highly-tuned, industry-ready models.
Book A Demo
TripleBlind keeps both data and algorithms in use private and fully computable. To learn more about Blind Learning, or to see it in action, please book a demo!