

Secure and privacy-preserving data processing.
Obscura is a platform for secure and privacy-preserving general-purpose data processing. Powered by privacy-enhancing technologies (PETs) such as multiparty computation (MPC) and fully homomorphic encryption (FHE), Obscura enables the execution of complex algorithms over significantly large data sets by combining advanced cryptographic tools and protocols with sophisticated software engineering and ingenious application design.
The Problem
There are both great opportunities and risks when working with data. A deep dive on data exploration without properly addressing the threats associated with it can lead to corporate losses of dramatic proportions. On the other hand, paralysis by analysis and other forms of operational inactivity inevitably lead to strategic and financial losses. What should organizations do? Choose the lesser of two evils? Just move forward, count their losses and try to survive? In face of such complex problem many organizations find themselves caught between a rock and a hard place.
Over 80% of the data in organizations is inadequately protected and stored in systems using protocols using technologies from the 1990s. Over 34% of data breaches world-wide involve insiders, a 47% increase over recent years. The greatest risk to the organization today comes from actors such as privileged users (1). It takes in average 228 days to detect a data breach and around 80 days to contain it (2).
Security and privacy go hand-in-hand. While often confused for one another, the two are not synonymous as each relates to different aspects of information technologies. While security focuses on safeguarding information from unauthorized access, data privacy concerns itself with collecting and processing personal data.
The world saw an alarming 105% rise in ransomware cyberattacks in 2021 (3) with around $2.5T in cost of data loss due to cybercrime in 2021 (4). In fact, there are nearly 20 ransomware attempts every second.
With so many incidents, strict privacy regulations such as the General Data Protection Regulation (GDPR) are increasingly closing in on organizations that fail to observe rules and guidelines protecting the collection and processing of personal data. Considering only GDPR fines issued in 2021, the penalties for improper use of sensitive already exceed 800 million dollars (5).
Over 80% of organizations rely on data that does not reflect the reality and is not relevant to the working source. Lack of reliable and real-time insights from major integrated systems used by large corporations leads to incorrect decisions and loss of revenue (6).
Data embodied with strategic value can enable new revenues as well as a series of profitable collaborations however the fear of disclosing information that can compromise intellectual property, trade secrets, and other sensitive information associated with competitive advantage are many times the reason many organizations refrain from taking on new commercial opportunities and establish innovative service offerings.
The Solution: obscura by Algemetric
Obscura is a general-purpose secure computation platform that is available in two fundamental versions, powered by fully homomorphic encryption (FHE) and multiparty computation (MPC). With FHE, security is provided via an encryption that allows meaningful computation on encrypted data (without the decryption requirement). With MPC, security is provided by secret sharing where random shares (each one meaningless in isolation) are individually sent to distinct parties (servers). In both cases, the original data is transformed in such a way that it looks and behaves as random data, that is, no information can be inferred about the original data without the conditions for recovering the plaintext (in the case of FHE is the secret key and in the case of MPC is the control of the required number of parties for jointly reconstruct the secret). These two technologies allows for two versions of Obscura: Obscura MPC (a privacy-preserving report builder over financial data for data analytics and business intelligence) and Obscura FHE (a privacy-preserving unified database connecting to multiple distinct data sources aiding performance marketing and providing data analytics and business intelligence). On top of advanced cryptographic technologies such as FHE and MPC, Obscura uses Spectra for protecting communication between machines as well as data at rest.
Algemetric employs superior safeguards to many of the provisioned data protection procedures recommended by major privacy laws such as data minimization, de-identification, anonymization, pseudonymisation, and others. While these techniques reduce the risk of privacy violation by allowing the identification of data subjects via data processing, they still reveal a large portion of the plain data and a number of attacks for overcoming these techniques have been demonstrated to be feasible over the past few years.
More generally speaking, Obscura is a platform for secure data processing. It brings all business applications under strict security policies in order to enable the execution of processes on encrypted data, in compliance with ISO 27001 and privacy regulations such as GDPR.
Obscura provides a set of cryptographic primitives and protocols for secure computation. The core feature of this platform is the ability to perform computations on encrypted data, making it suitable for applications such as secure data transfer and machine learning over encrypted datasets.
How Obscura Works
- The Obscura Data Sync is under the customer’s control. This is the only instance where data of any kind (including personal data) is unencrypted and therefore readable. However this data is never processed under any circumstance. The Obscura Data Sync is responsible for double encrypting data (an inner encrypting for homomorphic operations and an outer encrypting for protecting both homomorphic manipulations as well as data at rest. Therefore data that leaves the customer’s infrastructure is unreadable by non-key owners using a GDPR recommended safeguard.
- Double encrypted data is securely transmitted from the customer’s infrastructure to the Obscura Secure Execution Environment (OSEE) by Spectra. The payload between the Data Sync and the OSEE is also encrypted with an ephemeral secret key (used only once) this generated via standard key exchange protocol. Therefore data in transit is unreadable by non-key owners using GDPR recommended safeguard.
- In the OSEE, the outer decryption layer of the data is decrypted so secure homomorphic operations can be performed. Plain data is never expose and therefore data being processed is also unreadable for non-key owners. Algemetric’s approach to data processing is far superior than allowed measures by GDPR such as data minimization, de-identification, anonymization, and pseudo-anonymization.
- Once reports are secure generated, aggregated data is also securely transmitted to the Obscura Dashboard using standard cryptography. When data arrives at the Obscura Dashboard, only aggregated data that does not allow identification of data subjects, which is allowed by the GDPR, is then visualized.
- Throughout the entire application lifecycle, Algemetric does not have access to any data that is not encrypted (OSEE) or GDPR compliant (Obscura Dashboard).
An overview of Obscura FHE and Obscura MPC can be seen below.
Secure and privacy-preserving data processing
With Obscura, organizations can securely analyze large amounts of unstructured data in near-real time. It consists of three components:
- Obscura Data Sync (ODS): A software provided by Algemetric that is under the control of Algemetric’s customer for accessing customer’s unencrypted database within the customer’s infrastructure. Once data is encrypted / shared, data is doubled encrypted by Spectra using standard cryptography and transmitted to the Obscura Secure Execution Environment.
- Obscura Secure Execution Environment (OSEE): In the trusted executed environment data is kept encrypted with standard symmetric cryptography. Once computation of a particular algorithm is required, the external layer of the double encryption is decrypted, which enables computation on the inner layer of the doubled encrypted data. Plain data is never exposed throughout this process.
- Obscura API (OA): The component responsible for requesting, receiving, and processing results from the OSEE. The OA only sees requests for execution of predefined algorithms and the result of these algorithms. Communication between these three components is always protected by Spectra.
- Customer-centric secure computation: There must be a reconciliation between data availability, security and privacy. Many areas of business and engineering are rapidly expanding the use and the scope of data analytics, business intelligence, machine learning, statistics, among other technologies and techniques while security and privacy violation incidents are each time more frequent and more severe. It is not enough to advance data science and security and privacy in isolation. Without intentional research and development for reconciling utility, security, and privacy, use cases for secure computation will be scarce and limited in purpose and relevance, which will contribute to slower adoption of privacy-enhancing technologies (PETs). We research and develop secure computation in collaboration with our customers so that our technologies and products are a direct reflect of their needs and expectations.
- Security, privacy, and efficiency or nothing at all: When it comes to secure computation, performance requirements must be as indispensable as security and privacy ones. If practical computations of interest cannot be performed on encrypted data via some solution, then such solution should be considered improper, just like insecure and privacy-violating ones would.
- From general-purpose to application specific: Obscura is designed to be a framework for secure computation in which general-purpose algorithms can be computed over encrypted data, as a foundation. From that, application-specific functionalities can be derived and refined for satisfying the requirements of each use case.
- It is about results, not technologies: Obscura is enabled by FHE and MPC but it is not about these technologies. Obscura is about providing desired functionalities over data without incurring in security and privacy issues. We are evangelists of the materialization of these goals over advocating for any technology in particular.
- Encrypted data only: Not all data is sensitive and therefore not everything must be encrypted for allowing computation on encrypted data. Obscura works well with hybrid scenarios in which different data with different purposes might be protected with distinct cryptographic tools. However, Obscura only possesses and processes encrypted data for a significant data breach risk reduction.
- On-database computation: Obscura allows for overriding some native operations in databases for better performance and less development complexity.
- Efficient built-in data encoder: Most of the data handled by Obscura is fractional data (from applications in finance, statistics, machine learning, etc.). Obscura uses a fractional encoder with better efficiency than typical high-precision techniques.
- Secure multiparty computation: The security of Obscura MPC protocol is provided by threshold secret sharing where input data is shared across multiple parties, each one containing meaningless data in isolation. Only upon collecting a required number of distinct shares, the data of interest can be retrieved. Security is achieved by ensuring that no unauthorized entity will control or corrupt such number of distinct shares.
- Fully homomorphic encryption: The security of Obscura FHE is provided by the hardness associated with the Ring Learning With Errors problem (RLWE). Such well-known cryptographic problem is considered to be quantum-resistant.
- Spectra: Obscura uses Spectra for authenticating, authorizing, and auditing communication between each component and for any communication between machines. Therefore, even before the security provided by MPC and FHE takes place, Spectra is protecting data and transactions from the world with standard cryptography.
- Data synchronization: The ODS The is deployed at the customer’s infrastructure under their control and it is responsible for automatic or on-demand synchronization between the unencrypted and the encrypted database on an iterative and incremental basis.
- Algorithm execution: The OSEE receives algorithmic instructions from the OA for execution. These algorithms are pre-approved by the customer under the scope of each particular application.
- Integration with Prisma and other visualization tools: Once results are available, Obscura can be easily integrated with Prisma for a number of data visualization options. Once data is integrated with Prisma, it can also be exported to external visualizations tools.
- Security and privacy compliance: Obscura goes beyond partial measures for security and privacy of data in use by exclusively working with encrypted data at all times.
- Corporate Sovereignty: Obscura helps organizations to protect their control, exclusivity, ownership, and advantages by enabling collaborations in which only aggregated data.
- Anti-data-breach plan: Data breaches can occur for a variety of reasons including product or service malfunction, unaddressed system and architecture vulnerabilities, human error, and malicious behavior. In any case, with Obscura, if a data breach occurs, only encrypted data will be exposed, giving no advantage to unauthorized parties.
- Enablement of economic opportunities and competitive advantage: Obscura is an efficient tool for reconciling utility, security, and privacy, therefore allowing strategic data exploration in a secure and privacy-preserving way. This data exploration enables new revenue streams from subscription-based and on-demand-based services.
- Not yet another hammer looking for a nail: Obscura is built based on insights of organizations in deep need of secure computation. It is therefore a response to concrete inquiries for from those struggling to reconcile utility, security, and privacy.
- Engineered for performance: Every component of Obscura is ruinously engineered for performance. Everything from solution design, libraries, algorithms, optimizations, and infrastructure is carefully researched and developed for satisfying our applications’ performance requirements.
- Crafted by data enthusiasts: At Algemetric, we take data very seriously. Even before considering any security and privacy matter, we are interested in the most efficient ways for data generation, representation, transmission, storage, compression, among other features. We are continuously invested in innovating on how we handle data. By doing so, we are able to find specific combinations of data treatments that significantly favors utility, security, and privacy.