Google just published Private Join and Compute, a set of protocols to allow two parties to work on and intersect two data sets without compromising the data set and revealing it to the other party. This is also called multi-party computation.
It consists of two fundamental things:
- a private set interaction - allows two parties to privately join their sets and discover the identifiers they have in common.
- homomorphic encryption - allows certain types of computation to be performed directly on encrypted data without having to decrypt it first, which preserves the privacy of raw data - this is especially interesting because it is considered as the holy grail of encryption - work on encrypted content without revealing the original data. When you think of it, it will of course not work for all sorts of computations, but only simple ones like addition or multiplication and probably will stay the holy grail of encryption in the future
How is this relevant to us IT security folks?
It might be a way to join data in a safe and private way and allow one to do deep analytics on log data or audit data and combine it with data that might not be considered due to privacy and e.g. GDPR reasons. You could still create a result but without revealing personal identifiable information.
Homomorphic encryption allows certain types of computation to be performed directly on encrypted data without having to decrypt it first, which preserves the privacy of raw data. Throughout the process, individual identifiers and values remain concealed. For example, you can count how many identifiers are in the common set or compute the sum of values associated with marked encrypted identifiers – without learning anything about individuals.