Secure multi-party computation (SMPC), and its sister technology, Homomorphic encryption (HE) , allow computing on encrypted data. This means that you can put your data in a special box, where no-one except you can see what is inside, and let others manipulate what is in the box: kind of like letting someone bake a cake for you without them learning what the ingredients are, or letting someone do your laundry without ever unsealing the bag of clothes. It also allows multiple people to put things into the special box, for example an electronic health record from one source and a scan from another, and analysis to be done on both.

HE and SMPC provide enhanced privacy for the users and reduce the trust assumptions required in the entities that want to analyse sensitive data. But this comes at a cost: these technologies incur significant performance overheads compared with sending all of this (sensitive) data without the magical mathematical lockbox.

Let’s take a look at how it could work, in a setting where an entity B owns a powerful-yet-proprietary machine learning (ML) model that analyses images, and entity A has an image that they want to be analysed. The image could be for example an MRI, and the ML model could classify tumours. This setting of encrypted machine learning inference is a direct application of HE. The important actions here are encryption (putting the data in the box, scrambling the input), decryption (unscrambling), and evaluation (blindly modifying what’s inside the box).

• B downloads the HE tool and the SECURED documentation from the Innohub detailing how to set up their system.
• B trains their ML model in a special way that is friendly to HE, as described in our documentation.
• B publishes/advertises the method to interact with their model, for example by publishing details on the SECURED Innohub
• A downloads the HE library tool and SECURED documentation from the Innohub detailing how to set up their system.
• A takes their image and encrypts it, getting what’s called a ciphertext. This ciphertext is sent to B.
• B then evaluates, by applying their clever model on the ciphertext. This transforms the ciphertext into something new!
• A decrypts the response, and learns the outcome of the model applied to their image.

In this whole process, A never learned anything about the machine learning model, and B never learned anything about the image. In some scenarios it is even possible to skip step 2, and directly used an existing ML model!