Hi all, founder of Evervault here — we're building encryption infrastructure for developers.
Cryptography is at the core of what we do. Evervault Papers is our way of continuing the legacy of cryptography giants like Shannon.
We're posting one new paper on evervault.com/papers each week and this is our first issue. Subscribe to get a cryptography paper in your inbox every Thursday!
Can you explain what exactly you do, other than saying that cryptography is at its core? Your website is a bit light on details. You say you encrypt data and can process encrypted data -- are you talking about TEEs, MPC, FHE, or something else entirely?
Sure! We build tooling that lets developers encrypt data before it hits their infrastructure (Relay) and which lets them process that encrypted data at a later date (Cages).
We manage keys, but we don't store data.
All crypto operations and encrypted data processing happens inside TEEs (AWS Nitro Enclaves, specifically [0]). Using Relay, you can pass data on to trusted third parties over TLS. With Cages, you can deploy custom code inside a TEE which can process data in whichever way you need.
For developers who don't want plaintext data on our infrastructure, we also provide SDKs which let them encrypt data using our PKI scheme — on their own infrastructure.
I've implemented a toy version of a 3+ MPC protocol for graduate school, specifically private set intersection. Would you mind sharing what kind of MPC protocols you design and if you can for what types of applications? I don't often see this discussed on HN and my curiosity is piqued!
Two-party set intersection and variants (intersection-sum, etc.), federated learning (secure aggregation) and its variants, and several things that are not yet public. I also did some work on anonymous trust tokens, which is kind of like a generalization of privacy pass that is meant to replace cookies for conveying e.g. whitelist/blacklist information. For the most part my work involves companies doing some kind of statistical analysis of joint data sets while maintaining some privacy constraint. Some of the work involves analyzing ads effectiveness, some involves public health, some involves machine learning, and there is a long tail of obscure applications that were deployed as a one-off. Resource constraints are the biggest technical challenge, but a bigger problem I and the rest of the people I work with face is lack of awareness or poor understanding of MPC (people often assume it is just a variant of DP, or that it is a blockchain something or other, or that it is totally impractical, etc.).
This is super exciting for me, I am very interested in MPC/PSI but I haven't been introduced to much about it outside of academia. A ton of potential applications obviously but limited by computational power, as I understand it. Would you mind sharing what company(ies) you work with/for? If you can't or don't want to disclose publicly you can email me: kyoji1@gmail.com or jowens17@fau.edu. I would love to hear more!
Anything worthwhile in fully homomorphic encryption yet? I keep seeing the tools get faster but security is still relatively unknown compared to modern symmetric/asymmetric ciphers. There's also several interesting papers on anonymous/garbled circuit evaluation that I'm assuming will lead to even better untrusted third-party computation services. What I'm waiting for is FHE/circuits/something that can selectively decrypt some of their own outputs.
FHE security is reasonably well understood but not as well understood as EC or RSA/DH security. For the most part today's FHE systems are all based on the (R)LWE problem and the hardness of that problem is not in doubt for the right parameter choices (though choosing the right parameters is a careful balancing act).
It is unlikely (in my opinion) that "true" FHE applications will be deployed any time soon, but "leveled" FHE applications are already being deployed for a small number of levels (e.g. 2). Beyond quartic functions the performance is probably going to be too much of a problem for most applications. Homomorphic encryption in general is commonly used as a building block in larger MPC systems and you will probably see more widespread use of leveled FHE as such a building block too.
As for selectively decrypting outputs, that sounds like functional encryption and it is still an active area of research (see also obfuscation, which was a hot topic a few years ago). I doubt you will see practical applications for a very long time.
Cryptography is at the core of what we do. Evervault Papers is our way of continuing the legacy of cryptography giants like Shannon.
We're posting one new paper on evervault.com/papers each week and this is our first issue. Subscribe to get a cryptography paper in your inbox every Thursday!