Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Privacy-Enhancing Cryptography

Project Overview

PEC. The Cryptographic Technology Group (CTG) at the Computer Security Division (CSD) at NIST intends to follow the progress of emerging technologies in the area of privacy enhancing cryptography (PEC). The PEC project seeks to promote the use of cryptographic protocols that enable promoting privacy goals. In this area, the technical challenge is often to enable parties to interact meaningfully, towards achieving an application goal, without revealing unneeded private information to one another or to third parties.

ZK and SMPC. Some privacy-preserving applications can be based on zero-knowledge proofs (ZKPs) and, more generally, secure multi-party computation (SMPC). For example, ZKPs allow one party (the prover) to prove to another party (the verifier) that a given statement is true and/or that some mathematical solution is known to the prover. More generally, SMPC allows multiple parties, often mutually distrustful, to compute some functionality of their inputs, as if it were computed by a trusted third party. This means in particular that the computation occurs without sharing inputs, and while ensuring correct outputs.

Other primitives. There are many other cryptographic primitives of interest to privacy preserving application. For example, fully homomorphic encryption (FHE) allows performing computation on encrypted data without having to perform decryption, which in turn can be used to delegate computation to untrusted parties. Other examples of primitives include functional encryption, identity-based encryption, and attribute-based encryption.

Reference material. We believe the creation and dissemination of reference material (documents and implementations) is an important step for promoting the use of PEC. In the PEC project, we want to focus on reference material inspired by conceived use cases. Application areas include identification and authentication, commercial transactions, and social media. We give here a few examples:

  • Minimum-disclosure credential: A person has a credential, issued and digitally signed by an authority, and containing private identifiable information (PII). The credential is used to prove some predicate P() on the PII (e.g., the person is of voting age). We want to allow practical protocols by which only the predicate P() is revealed to a verifier. This capability is called for in the National Strategy for Trusted Identities in Cyberspace (NSTIC).
  • Brokered identification: Identity providers (IDPs) can enable users to authenticate to service providers (SPs, a.k.a., relying parties). Some settings require a broker to mediate this transaction, so as to allow authentication of a passive user (not having any specialized software) between the IDP and SPs. This allows blinding the IDP and SP from one another: the issuer (identity provider) of an assertion, such as “John Smith is an employee of the Department of Commerce,” does not need to know who the consumer of the assertion is. Using PEC, the mediator does not need to learn the assertion. This use-case was a major component of the (discontinued) US Government initiative “Federal Cloud Credential Exchange” (FCCX). A privacy-enhanced version of this is now identified as a desirable building block by NCCoE.
  • Students right to know: A proposed law seeks to mandate the use of SMPC to calculate, on behalf of college students, the monetary return on the investment they make on their education. The data required to make this calculation is held by multiple sources. Because of privacy concerns, these sources cannot simply release their data.
  • Combining privacy and public auditability.  The NIST Randomness Beacon publishes a random 512-bit number every minute. The numbers are signed by NIST, time-stamped, and chained into an immutable chain. A trusted source of public randomness can help numerous parties to coordinate on future randomness to use, while also allowing post-facto public verification that correct randomness was used. Using PEC, e.g., zero-knowledge proofs, it is possible to allow such public auditability, while also satisfying privacy requirements.

Also at NIST. Privacy Framework; Privacy Engineering Program.


About this webpage: The PEC project started in 2011 with a NIST meeting on PEC. This webpage will evolve to cover more material on previous activities related to the project. The project is reviving in 2019. This page is recently under reconstruction and will be updated with references and content.


Rene Peralta

Luís T. A. N. Brandão

Angela Robinson


Security and Privacy: cryptography, privacy

Related Projects

Cryptographic Research
Created January 03, 2017, Updated April 11, 2019