Skip to content

Technical Architecture

Confidential computing securely unveils insights from data silos. By combining Multi-party Computation (MPC) and secret sharing, Confidential Computing can analyze sensitive data without exposing the original information, not even to the participants performing the computation.

Confidential Computing's architecture can be organized around three distinct functionalities:

  1. Data Providing: using secret sharing, data is transferred from the organization's data storage to Partisia's data runway. The runway encrypts and divides the data into separate pieces before sending these encrypted fragments to each node in the MPC cluster.
  2. Confidential Computation: Partisia Platform provides the blockchain infrastructure necessary to coordinate the confidential computation among multiple nodes.
  3. Report Delivery: Confidential Computing gives data providers and analysts detailed control over report delivery. This allows for flexible reporting, from one-time reports to scheduled reports over defined periods. Report release can be configured for manual or automated approval by the data provider.

architecture

1. Data Providing

The data providing process uses the data runway to securely retrieve, encrypt, and distribute data from existing secure storage solutions, ensuring only encrypted data leaves the system.

Data Sources

These are existing data storage solutions managed by the data providers. For example, a database storing data in plain text format. The organization sets internal access rules and secures its servers according to its security needs.

If the data is manually sent to the data runway's API endpoint (for example, through the user interface), it must be exported to comma-separated values (CSV) prior to submission.

Alternatively, Confidential Computing enables database integration, which enables data retrieval via SQL queries executed directly against the database. This feature supports data extraction without the need for manual CSV export. Instead, the data is fetched by the runway from the database periodically or on-demand.

Data Runway

The Data Runway is Partisia's solution for secret sharing data securely. It has three main functions:

  • Receives plain-text data from data sources through and API endpoint, or through database integration.
  • Transforms plain text data into encrypted secret shares.
  • Distributes these shares to MPC nodes for computation.

The runway needs access to the plain-text data that lives in the data source, to produce the secret shares. However, the runway does not store the plain text data it receives. Only encrypted data leaves the runway.

The data runway is distributed as a Docker image designed for secure operation within the organization’s premises. It is deployed in the same environment or on the same server as the data source, ensuring that all communication between the data source and the runway occurs within a secure environment.

The runway exposes REST endpoints on a specified network port, accessible exclusively within the organization’s internal network. The runway supports different types of authentication methods on these endpoints.

2. Confidential Computation

In Confidential Computing, multiple parties perform computations on the secret shared data they receive from the runway. The coordination of the parties is orchestrated through the Partisia Platform blockchain infrastructure.

MPC Cluster

A minimum of two parties are required to perform confidential computations. Each party runs an MPC node - the nodes form an MPC cluster. Each node interacts with a corresponding blockchain node. The MPC nodes work as off-chain engines, performing computations on secret shares of data.

Communication between these nodes remains restricted to the cluster, allowing nodes to coordinate without exposing data to other blockchain participants or external parties.

The number of participating MPC nodes can be adjusted based on the specific computational requirements.

MPC-orchestration Smart Contracts

In Confidential Computing, smart contracts are responsible for coordinating the MPC nodes and defining the computations they are meant to perform. Smart contracts are programs that run on the blockchain and facilitate programmatic interaction with the blockchain.

A set of smart contracts orchestrate the MPC process. For instance, a smart contract holds the analysis definition, another one manages the metadata of the data catalogs available for querying, another holds the instructions on how to perform the data merging, and so on.

The Blockchain

The Partisia Platform is a decentralized blockchain that provides the infrastructure that hosts the smart contracts. The MPC nodes interact with blockchain nodes when they perform the computation. Multiple organizations can join the blockchain by running their own node.

To deploy an instance of Partisia Platform, you need to run a minimum of four blockchain nodes.

Info

  • A minimum of 2 MPC nodes are needed to execute the MPC protocol - they form an MPC cluster.

  • A minimum of 4 nodes are needed to deploy Partisia Platform - the blockchain that orchestrates the MPC clusters.

3. Report Delivery

Once the computations are complete, the MPC nodes deliver their individual result to the Confidential Computing user interface, which aggregates the results and produces a report. Data providers can choose the type of approval for the delivery of reports. The report is delivered to the requesting analyst and designated report recipients. Analysts can choose the frequency of the report delivery.

Report delivery is managed through Confidential Computing's user interface.

Report Releasing

Report release configuration is customizable, supporting a range of options based on data sensitivity. Data providers can configure report releases from unrestricted to requiring manual approval for each report. Three methods are available for releasing reports to the requesting analyst and other authorized users.

  • No Approval. Data providers can choose to disclose reports without prior approval.
  • Automatic. Data Providers pre-approve report disclosure upon receiving the analysis request. Reports are released immediately upon generation.
  • Manual. Data providers approve each report individually before release. This option is available for analyses that may require review prior to distribution.

Report Scheduling

Depending on their use case, analyst can customize the schedule of their reports in two ways:

  • Continuous delivery. Analysts can set up a schedule for continuous delivery of reports, ensuring they stay up-to-date with the latest findings as new data becomes available.
  • Single research. Analysts can schedule a one-time report for immediate insights.

Partisia All Rights Reserved © 2023