KRAKEN's ambition of developing a secure and privacy-friendly market platform for personal, potentially sensitive, data poses multiple challenges regarding privacy and confidentiality of data providers' data, as well as the authenticity of the result sold to a data consumer. In the following we will explain how KRAKEN addresses these challenges using state-of-the-art privacy-enhancing cryptographic mechanisms.
The core primitive leveraged by the KRAKEN platform is secure multi-party computation. In such a system, a set of parties (so-called nodes) can jointly perform a computation without each node learning the input data of the other nodes. Data providers can now decompose their data into fragments such that no single fragment contains any information about the original data. For each data item, each node is then granted access to one of the shares, and the nodes can jointly perform analytics, compute statistics, or answer queries from consumers, without learning the individual data provider's data. The careful choice of parameters in KRAKEN guarantees that the data provider's privacy is maintained as long as a single node behaves honestly, even if all other nodes collude and try to compromise the system.
KRAKEN's cryptographic design also allows data providers to apply fine-grained policies to their data that specify which computations may and may not be performed on their data. These policies are checked by the nodes before participating in any further computation, thereby avoiding potential misuse through unauthorized consumer requests.
In addition to the privacy and integrity guarantees of secure multi-party computation, KRAKEN deploys further privacy-enhancing technologies such as group signatures and zero-knowledge proofs. By signing their input data using a group signature scheme, data providers can, e.g., attest that their data was generated using a certified hardware token, without revealing their actual identity. After having finished their computations, the nodes will then be able to compute a zero-knowledge proof that they performed the correct computations, and that the input data was authentic. By doing so, the data consumer receives strong and undeniable cryptographic evidence about the correctness of the received results.
All selected cryptographic techniques used in KRAKEN are based on well-studied mathematical complexity assumptions and have rigorous security proofs. In addition, an in-depth privacy analysis was performed according to the LINDDUN framework to also detect and mitigate potential threats, e.g., from a leak of metadata. The result is a cryptographically secured and feature-rich market platform that achieves an unprecedented level of privacy for personal input data.
Karl Koch, Stephan Krenn, Donato Pellegrino and Sebastian Ramacher: Privacy-preserving Analytics for Data Markets. In: Privacy and Identity Management 2020, Springer IFIP AICT 619. (to appear)