Partisia’s privacy-enhancing technologies were picked for a project which will see the company, Squareroot8 and NuSpace develop secure satellite communications. More specifically, its multi-party computation (MPC) technology was chosen to ensure security of data.
MPC technology falls under the umbrella of privacy-enhancing technologies because it performs computations on encrypted data without identifying whose data is whose; particularly important in the wake of GDPR, which was introduced back in 2016 and set out strict laws for how personal data can be collected, processed and used.
Mark Medum Bundgaard, Chief Product Officer at Partisia credited the company with being responsible for a significant amount of research into the technology.
“If you go out into the industry and look at other companies doing multi-party computation, mainly the research comes from our co-founders or professors,” he said. Partisia was spun out of Aarhus University in Denmark in 2008, and the work it has done ranges from spectrum and agricultural auctions to humanitarian tokens and financial fraud analysis.
Although its expertise dates back to 2008, the rise in computational power, the advent of AI and the introduction of regulation like GDPR means the tide has been turning in favour of imposing more stringent protections on personal data.
“Over the last three to four years people are starting to understand, there have been a lot of breaches. There’s been a lot of data that’s gone forever … So we are starting to look inside this field of how we can do more with data where people aren’t just giving their data away,” said Bundgaard, noting that the bankruptcy of DNA sequencing company 23andme this year means there is a lot of personal data that was held by the company that must be protected.
The wide scope of multi-party computation
Providing one example of where MPC can be particularly beneficial, a doctor treating cancer patients could want to perform statistical analysis on other patients without learning about who they are or discovering identifying information.
“[As the doctor] I’d be able to use the data in a fully encrypted format and get a result … that is privacy preserved, as it’s called,” said Bundgaard. “So I can use that result and have no way of learning who was part of the computation.”
Using this technology, Partisia has worked with companies operating in sectors from healthcare to fintech, as well as quantum computing and IoT. The beauty of MPC is the wide applicability of the technology for protecting data; such as supporting the incoming EU regulation for Digital Identity Wallets, or eIDAS as it’s termed.
“Imagine if you want to buy alcohol today,” said Bundgaard. “I’d ask you, are you over 18? I’d ask for a driver’s licence or a social security number, which is not data I should learn about. In the perfect scenario, you should not give me your information. I should have verification that what you’re stating is true.”
In this way, people’s personal data is not accessed any more than it needs to be.
I noted that this seems to deviate from the mentality of not wanting to give any data away, and automatically opting out – arguably understandable, given the number of widespread data breaches – and instead provides a more balanced approach, where the personal data shared is limited.
“It’s an ownership thing,” stressed Bundgaard. “When people are born in Denmark, they are assigned a CPR number or a social security number. But when they go outside in the world, why should they give all of that away?”
How MPC supports quantum computing
The recently-announced partnership will give Partisia the chance to show how MPC can support quantum computing, which Bundgaard said was “post-quantum secure in the way it operates”.
Concerns over the possibility that quantum computing will be able to break existing encryption algorithms is not new. In 2024, NIST released the first of its standardised post-quantum cryptographic algorithms.
The question for Bundgaard, is how to utilise quantum computing to perform computations on sensitive data without being in breach of privacy laws.
“Let’s imagine I have a quantum computer in Germany. I have healthcare data in Denmark, I would like to utilise this quantum computer … First of all, I’m not allowed to take health data in the jurisdiction of Denmark, and then just upload it to a machine outside of that jurisdiction.
“That’s one thing I’ll be in breach of [with] GDPR. So one thing we attack here is looking at whether there are possibilities of operating inside these computational schemes in an encrypted fashion.”
This mindset mirrors Partisia’s openness to the possibility of technologies such as quantum computing, while maintaining data privacy.
“The statement we go in with is we want to do even more, but we want to do it in the state of protecting privacy, protecting the world we live in,” Bundgaard concluded.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.
