The mathematics of privacy-friendly data sharing
In our data-driven society, it’s imperative to protect confidential and personal data. Cryptographer Thomas Attema conducts groundbreaking mathematical research in the field of multi-party computation and zero-knowledge proofs: cryptographic solutions that allow parties to create value by using each other’s data without having to disclose them to each other. He received TNO’s Young Excellent Researcher Award 2021 for this work.
Thomas, before we delve into your research and discuss what the award means to you, what exactly is cryptography? What do you do as a cryptographer at TNO?
‘Cryptography is about protecting information. A cryptographer encrypts messages so that they can only be decrypted by a party with the correct key. The science of cryptography is increasingly relevant and even critical, including within TNO, as today’s society revolves around the gathering and sharing of huge amounts of data. This is necessary to enable economic growth and address social challenges.
With advanced cryptographic techniques, you can even create a setting in which parties can use each other’s data to create valuable insights without having to share those data. This ensures that the basic right to privacy of data subjects is protected and safeguards the security of sensitive business information.’
"With advanced cryptographic techniques, you can even create a setting in which parties can use each other’s data to create valuable insights without having to share those data."
Are these advanced cryptographic techniques already applied in practice?
‘Yes, they are. They were first developed in the 1980s. At the time, however, they weren’t very efficient. In addition, computers weren’t powerful enough back then to run these techniques on. That is beginning to change, so research to develop this further is now in full swing. Together with CWI, the Dutch national research institute for mathematics and computer science, we’re working on advanced cryptographic techniques, such as multi-party computation (MPC) and zero-knowledge proofs.
One of the applications of MPC is in detecting and tackling fraudulent bank transactions and other forms of financial and economic crime. Banks only see the transactions that involve their own account numbers. For a fuller picture, they also need access to the data of other financial institutions. However, legal restrictions apply to such sharing of client data. We’ve developed proofs of concept that enable financial institutions to analyse data and draw conclusions, without being able to see each other’s data. We’re now testing this, which is obviously very exciting.’
"With MPC, you can ensure privacy in facial recognition and analyse PATIENT DATA to improve HIV treatment."
What else can these techniques be used for?
‘MPC can also be used for things like facial recognition. We recently conducted research into this application on behalf of the Johan Cruyff Arena, the municipality of Amsterdam, and the police. The police can use MPC to identify suspicious persons or situations from CCTV footage recorded in the area around the stadium without being given access to this footage. As the use of facial recognition without a subject’s cooperation is controversial, I believe that we should consider and start a conversation about not only the technological aspects of this, but also the legal and ethical implications.
A less controversial application is the use of MPC to analyse patient data to improve the treatment of HIV. HIV is a complex virus with over 70 different treatment regimens. The effectiveness of each of these regimens varies depending on the specific HIV variant the patient has contracted. To determine which treatment is most effective, you need access to data on patients’ treatment outcomes. MPC enables you to analyse this without accessing patient data.’
What is the biggest challenge in cryptography today?
‘The biggest challenge is the anticipated arrival of quantum computing. Traditional cryptographic techniques rely on mathematical problems. The fact that those problems are difficult to solve ensures that encrypted data are secure. However, quantum computers would be able to solve some of those problems much more quickly, meaning that the current cryptographic protocols would no longer guarantee the confidentiality, authenticity and integrity of encrypted data.
We therefore need a new form of cryptography, based on mathematical problems that even quantum computers would struggle to solve. In our field, we call this post-quantum cryptography. As some data have to be kept secure for decades, our research into post-quantum cryptography is of critical importance.’
"What I like about cryptography is that it allows you to create counter-intuitive functionalities, like those of MPC."
What excites you so much about cryptography?
‘Cryptography can help address social issues, so it has highly practical applications, but it requires that you really delve into mathematics. Cryptography relies heavily on number theory, which to me is one of the most elegant forms of mathematics. Problems in number theory with a very simple description sometimes have very complex solutions.
What I like about cryptography is that it allows you to create counter-intuitive functionalities, like those of MPC. You start out with a problem that appears impossible to solve – in this case, how to perform calculations with multiple parties using data that are not shared – but then you discover cryptographic techniques that provide a solution. I can really immerse myself in such challenges.’
Immersing yourself in theory: is that valued at TNO, with its strong focus on practical applications?
‘The jury gave the four nominees for the award a copy of The Usefulness of Useless Knowledge by Abraham Flexner, the founder of the Institute for Advanced Study in Princeton, New Jersey. In it, Flexner argues that scientific research is often too narrowly focused on practical applications. I wholeheartedly agree. Scientists have made discoveries that at first seemed to have no practical use, but years later turned out to have a huge impact. A good example is the theory of quantum mechanics, developed at a time when there were no computers yet and no one imagined the possibility of quantum computers. That said, I like to be inspired by practical challenges and I find it very rewarding to solve them.’
Is your love of mathematical theory the reason why you combine your job at TNO with conducting PhD research at CWI?
‘Yes, absolutely. At TNO, we try to solve socially relevant problems by applying new and innovative technologies. In addition, my work with CWI allows me to work together with the best cryptographers worldwide on the underlying theoretical and mathematical issues. For me, it’s an ideal balance between theory and practice.’
TNO has been working together with your PhD supervisor, Ronald Cramer, for quite some time, right?
‘Yes, certainly. One of the theories we introduced together is the compressed Σ-protocol theory. It combines the mathematical elegance of an existing theory with a number of practical efficiency improvements made in recent years. You want to perform calculations as efficiently as possible, using as little computing capacity as possible, but at the same time you want the mathematical model behind it to remain elegant and theoretically sound. The theory has a great deal of potential. We’ve already published several papers on it, which have been cited by peers fairly often over a short period.’
What does winning this award mean to you and your colleagues?
‘It’s been great to receive this added recognition. It’s the icing on the cake for me. Our team has achieved a lot over the past five years. When I first started working in cryptography in 2016, there were a handful of people in our team. Now there are more than 30. That tells you something about the value of our research. We’re doing great work on fascinating issues. This award is a confirmation of that. I work closely together with the colleagues who nominated me and they know me well. My PhD supervisor also endorsed my nomination. All those things make winning the award very valuable to me.’
What does the future of cryptography hold for you, TNO and society at large?
‘Cryptography is vital to TNO. We use machine learning, AI and data analysis techniques to achieve great technological and social innovations. However, the data required for this are often confidential. Cryptography should help us find a way to reconcile these seemingly contradictory requirements.
"And then there is quantum computing. If and when a practical quantum computer is developed, it will have disastrous consequences for our digital society."
And then there is quantum computing. If and when a practical quantum computer is developed, it will have disastrous consequences for our digital society. All kinds of new post-quantum protocols are now being developed, also in the academic research community, but their practical application remains a challenging task. If we don’t speed up this process, we’ll be too late. Part of our job, therefore, is to make society aware of this urgent issue. I want to make a contribution in this respect as well.’