Secure multi-party computation (SMPC), and its sister technology, Homomorphic encryption (HE) , allow computing on encrypted data. This means that you can put your data in a special box, where no-one except you can see what is inside, and let others manipulate what is in the box: kind of like letting someone bake a cake for you without them learning what the ingredients are, or letting someone do your laundry without ever unsealing the bag of clothes. It also allows multiple people to put things into the special box, for example an electronic health record from one source and a scan from another, and analysis to be done on both.

HE and SMPC provide enhanced privacy for the users and reduce the trust assumptions required in the entities that want to analyse sensitive data. But this comes at a cost: these technologies incur significant performance overheads compared with sending all of this (sensitive) data without the magical mathematical lockbox.

Let’s take a look at how it could work, in a setting where an entity B owns a powerful-yet-proprietary machine learning (ML) model that analyses images, and entity A has an image that they want to be analysed. The image could be for example an MRI, and the ML model could classify tumours. This setting of encrypted machine learning inference is a direct application of HE. The important actions here are encryption (putting the data in the box, scrambling the input), evaluation (blindly modifying what's inside the box), and decryption (unscrambling to get the output).

• B downloads the HE tool and the SECURED documentation from the Innohub detailing how to set up their system.
• B trains their ML model (performance will be better if this training is 'aware' of HE, but this is usually not completely necessary).
• B publishes/advertises the method to interact with their model, for example by publishing details on a public web page
• A downloads the HE library tool and SECURED documentation from the Innohub detailing how to set up their system.
• A takes their image and encrypts it, getting what's called a ciphertext. This ciphertext is sent to B.
• B then evaluates, by applying their clever model on the ciphertext. This transforms the ciphertext into something new!
• A decrypts the response, and learns the outcome of the model applied to their image.

In this whole process, A never learned anything about the machine learning model, and B never learned anything about the image. In some scenarios it is even possible to skip the second step, and directly use an existing ML model that is saved in a standard format!