Secure multi-party computation and collaboration

As various entities collaborate toward a common goal: the need for the individual data privacy as well as correct computation output. With confidential computing, it is possible to enable distributed multi-party computation and collaboration, where participants are ensured that their data or insights are protected even when being calculated outside their direct control.

Challenges

In multi-party collaborations (MPC), the biggest concern is how can the confidentiality and integrity of the data be preserved? For example, secure federated learning can be applied to cases in which multiple parties have private data that needs to be combined and analyzed without exposing the underlying data or machine learning models to any of the other parties. This technology can be applied to preventing fraud in financial services (as shown is Figure 1), detecting or developing cures for diseases in the healthcare industry (as shown in Figure 2), or gaining business insights. As the following diagram shows, multiple hospitals could combine data to train a machine learning model to clinically analyze medical images.

Secure multi-party computation - banks
Banks collaborate to find patterns of anti-money laundering

Secure multi-party computation - healthcare
Hospitals share data to help drug development and disease diagnostics

How can the Confidential Services Platform help?

With the Confidential Services Platform, each party brings encrypted data to a confidential computing enclave (such as a Hyper Protect Virtual Server) where data can be safely unencrypted and processed. Organizations can now ensure that data is protected against tampering and compromise, and data sovereignty and privacy regulations can be fulfilled. This includes threats within the partnering organizations and validating the integrity of the code processing that data. The data can be combined and analyzed and the results can be sent in an encrypted format back to each party. Data remains protected throughout the entire process: while in transit, in use and at rest. The following diagram illustrates a common SMPC implementation architecture with the Confidential Services Platform:

Hyper Protect implementation in SMPC
Hyper Protect implementation in SMPC

  • Sensitive data is processed within Hyper Protect Virtual Servers that are isolated computation enclaves with attestation records.
  • Data is stored in Cloud Object Storage, encrypted with keys generated in Hyper Protect Crypto Services backed by IBM LinuxONE and FIPS 140-2 Level 4 certified hardware security module (HSM).
  • Hyper Protect Crypto Services provide the third seed for generating the LUKS passphrase to encrypt your data volumes that are attached in Hyper Protect Virtual Server.