Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The Cryptographic Technology Group (CTG) in the Computer Security Division (CSD) at NIST intends to accompany the progress of emerging technologies in the area of privacy enhancing cryptography (PEC). The PEC project seeks to promote the development of reference material that can contribute to a better understanding of PEC, namely how advanced cryptographic tools can be used to enable achieving privacy goals in myriad applications. The technical challenge is often to enable parties to interact meaningfully, toward achieving an application goal, without revealing extraneous private information to one another or to third parties. A better understanding of PEC may facilitate the identification of next-level "basic" cryptographic techniques, whose possible standardization may be pertinent in the future.
There are various cryptographic primitives, techniques and protocols of interest to privacy enhancing applications. They can serve as enablers of responsible data sharing and interactions, in settings where otherwise (without PEC) one may lack trust to partake in such processes, or be unable to meet privacy regulatory requirements.
For example, zero-knowledge proofs (ZKPs) allow one party (the prover) to prove to another party (the verifier) that a given statement is true and/or that the solution to some mathematical problem is known to the prover, without revealing any information about the solution itself. More generally, secure multi-party computation (SMPC or MPC) allows multiple parties, often mutually distrustful, to compute some property of their joint inputs, as if it were computed by a trusted third party. This means that the computation occurs without sharing inputs, and while ensuring correct outputs. As another example, fully homomorphic encryption (FHE) allows performing computation on encrypted data without having to perform decryption, which in turn can be used to delegate computation to untrusted parties. Other PEC tools include group signatures, searchable encryption, private information retrieval, private set intersection and functional encryption.
See PEC tools under "additional pages" for a perspective based on ideal functionalities.
A blogpost published in the NIST differential privacy blog series illustrates at a high-level how some of these tools are distinct from (and may be used in complement to) differential privacy.
The following table (adapted from the PEC use-case suite) provides a succinct informal description of several relevant PEC tools.
| Primitive | Description hint (informal) |
|---|---|
| Zero-knowledge Proofs (ZKPs) | Prove knowledge of a secret solution to a problem, without revealing the solution. |
| Secure Multiparty Computation (SMPC) | Jointly compute a function over inputs distributed across several parties, without each party revealing their input. |
| Group and ring signatures | Produce an unforgeable digital signature, convincingly exhibiting that it has been signed by an unrevealed member of a group. |
| Functional encryption | Decrypt a function (as specified by a decryption key) of a plaintext that has been encrypted, without learning the clear plaintext. |
| Fully-Homomorphic Encryption (FHE) | Compute over encrypted data, without learning the plaintext in-put/output, but ensuring the intended functional transformation. |
| Private Set Intersection (PSI) | Determine the intersection of sets held by multiple parties, without revealing the non-intersecting components. |
| Private Information Retrieval (PIR) | Query a key-value database, with the database owner being assured that only one element was queried but not learning which. |
| Structured Encryption | Allows privately querying encrypted data structures, e.g., searching for a keyword in a database of encrypted documents, obtaining the resulting documents without revealing the keyword. |
(The "additional pages" linked on the right-side frame have further details about each activity area.)
The PEC project initiated the "Special Topics on Privacy and Public Auditability" (STPPA) series of talks in January of 2020. Each event will include talks on various interconnected topics related to privacy and public auditability. The goal is to convey basic technical background, incite curiosity, suggest research questions, and discuss applications. See details here.
As part of a broad initiative by NIST researchers to address the Covid-19 pandemic, PEC team members looked at "encounter metrics": measuring the levels of interaction in a population of autonomous agents equipped with Bluetooth broadcasting devices. Our approach aims to mitigate privacy concerns related to automated contact tracing efforts, including to promote privacy by design in potential pilots of implementations of exposure notification and automated contact tracing. See details here.
ZKProof is an open initiative, of academia and industry, that is developing reference material to promote the secure, efficient and interoperable use of zero-knowledge-proofs technology. Since 2019, the NIST-PEC team has provided public feedback and collaborated in the development of reference material open to the public. See related documentation here.
NIST held a PEC meeting in 2011, hosting talks on various PEC tools. A future workshop is under consideration.
Application areas of interest include identification, authentication, statistics over distributed data, and public auditability, among many others. Here are a few examples:
Minimum-disclosure credential: A person has a credential, issued and digitally signed by an authority, and containing private identifiable information (PII). The credential is used to prove some predicate P() on the PII (e.g., the person is of voting age). We want to allow practical protocols by which only the predicate P() is revealed to a verifier.
Brokered identification: Identity providers (IDPs) can enable users to authenticate to service providers (SPs). Some settings require a broker to mediate this transaction, to allow authentication of a passive user (not having any specialized software) between the IDP and SP, while blinding the IDP and SP from one another. Using PEC, the user privacy can be preserved even with respect to the mediator.
Students right to know: A U.S. congress bill proposes the use of SMPC to calculate, on behalf of students, the expected monetary return on the investment made on their college degrees. The data required to make this calculation is held by multiple sources. Because of privacy concerns, these sources cannot simply release their data.
Combining privacy and public auditability: The NIST Randomness Beacon publishes a random 512-bit number every minute. The numbers are signed by NIST, time-stamped, and chained into an immutable chain. A trusted source of public randomness can help numerous parties to coordinate on future randomness to use, while also allowing post-facto public verification that correct randomness was used. Using PEC, e.g., zero-knowledge proofs, it is possible to allow such public auditability, while also satisfying privacy requirements.
A more comprehensive list of examples will be compiled in the scope of the PEC use-case suite. Feedback is appreciated.
Other privacy-related projects at NIST.
Privacy Engineering Program; Privacy Framework; Differential Privacy Temporal Map Challenge; NCCoE.
Security and Privacy: cryptography, privacy