How does Sharemind work?

A two-minute explanation

Sharemind Application Server

  • Sharemind is an application server platform similar to the ones available for Java EE or .NET.
  • The developer tags data as public or private in the database and in application code.
  • Sharemind automatically enforces cryptographic protection for private data throughout the analysis process.
  • Private data cannot be made public without the use of special functions that require the consensus of several servers before publishing data.

Secure computing enabled by homomorphic encryption

With Sharemind, all input data is encrypted at the data source. Each individual value is split into random pieces that are distributed among several Sharemind Application Server computation nodes. None of the individual pieces provide any information about the original value. This process is called secret sharing and can be thought as encryption without a key. No plaintext value leaves data owner's premises unencrypted.

Data encrypted by secret sharing has homomorphic properties that allow computations on it without decrypting it first. Sharemind employs secure multi-party computation (MPC) technology, where several computation nodes engage in cryptographic protocols to compute on encrypted values. During this process, no values are decrypted and the computation result also remains secret. This allows using an output of one primitive MPC protocol as an input for the next to build privacy-preserving algorithms and applications. The final computation result can be decrypted by an authorised analyst if all computation nodes agree to send their computation output (random pieces) to this party.

Sharemind deployment with homomorphic encryption

Building privacy-preserving applications

Building workflows with Sharemind does not mean that you have to be a cryptographer. Applications running on Sharemind Application Server are written in SecreC programming language. SecreC separates encrypted and public data workflows and hides the complicated cryptography and secure multi-party computation protocols from the application developer. You just mark the necessary value as sensitive and SecreC takes care of enforcing the data usage policies throughout the application lifecycle, from data input to application output.

SecreC code can in principle compiled for an unlimited number of secure computation backends, including fully homomorphic encryption

Research

Sharemind Application Server is based on man-decades of original research into secure multi-party computation technology, homomorphic encryption and domain specific languages.

List of Sharemind papers