Secure Multiparty Computation: Running AI Predictions on Encrypted Data

  • Reesha Dedhia
    Reesha Dedhia
Secure MPC - Running Secure AI Predictions on Encrypted Data

When discussing the application of prediction intelligence with the financial services industry, we usually end up uncovering a lot of latent conflict within organizations that recognize the potential for making better, more timely decisions with AI-based tools. Decision-makers and portfolio managers see the possibilities for mining rich data stores for critical insights that can improve the results of their products and trades. Security, legal and privacy officers, uneasy with the idea of putting sensitive and personal data in play and at risk, are understandably raising questions and intervening on the side of caution. Meanwhile, CTOs are caught in the middle, trying to maximize the value of their organizations' data, while operating within the boundaries set by legal to steer clear of regulatory violations.

That is because the encryption required to protect private data makes it difficult to work with. Traditionally, whether training algorithms, building and testing data models, or generating predictions, the use of encrypted data is notoriously complex. Decrypting data for the purpose of using it to extract prediction intelligence puts the data at risk of compromise. And the risks are higher when using data that is stored in the cloud.

That is why Cape Privacy developed a cloud-based platform that supports the creation of prediction intelligence that allows organizations to access and use the rich, encrypted data they have stored in data clouds like Snowflake. The privacy of this sensitive data is protected by default, because the data remains encrypted throughout the entire process. We've done this through a novel application of two well-known techniques known as secret sharing and secure, multiparty computation (MPC).

What are Secret Sharing and Secure Multiparty Computation?

Secret sharing and multiparty computation are both concepts that have existed in computer science for more than four decades. Cape Privacy's combination of these approaches takes advantage of innovations in data processing and artificial intelligence that make it possible to operationalize what had once been only theoretical.

In secret sharing, data is broken up into parts that have no informational value to any entity that has it. The pieces have no context that hints at what the data may have been before being broken up. And because the data fragments are encrypted, when a data set is in use, only the entity where the data originated can make sense of it.

Once the data has been broken up into pieces with secret sharing, secure multiparty computation is the process by which the Cape Privacy platform takes those pieces and runs them through an organization's chosen prediction model. Information is extracted from the secret shared data, and the resulting prediction intelligence is delivered to the party running their models.

Every aspect of the process is secure, and even though the computations take place within one platform, the use of secret sharing and secure MPC ensures there is no single point of failure. No threat actor, operator error, or inadvertent observation could result in a breach of the data in any way that would violate individual privacy, or compromise the integrity of an organization's intellectual property.

Privacy and Security Compliance Assured

That means personally identifiable information (PII), payment card information (PCI), or confidential data that is protected by state and federal regulations like the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley (SOX), the Payment Card Industry Digital Security Standard (PCI-DSS), or any of the various state data privacy and security laws, can now be accessed safely for use in running prediction models. When financial services organizations can safely access rich and complete sources of data, they can deliver more precise decision intelligence for tasks like market risk calculations, personalization of customer services, accurate financial fraud detection, and Know Your Customer (KYC) compliance.

What's more, Cape Privacy's platform is cost efficient, easy to use, and does not require the sort of process complexity or heavy computing resources that traditional privacy protecting technologies, like homomorphic encryption, require. And because prediction models are run using complete datasets, the results are far more accurate and without the biases that occur when using incomplete samples, synthetic data, or federated learning models. One financial services organization used the Cape Privacy platform to safely run prediction models on 17 years of PCI data and used the resulting decision intelligence to improve the results of its volume trading automations. Even a fraction of a percent improvement in performance was enough to increase returns by tens-of-millions of dollars.

If you are one of the thousands of organizations with private data in Snowflake's data cloud, Cape Privacy's platform can turn your sensitive data stores into a key that unlocks powerful predictions and more accurate, timely decision intelligence—without the friction of managing security and compliance requirements. If that sounds like something you could use, reach out to learn more.

Share this post