The PEC project in the Cryptographic Technology Group (CTG), Computer Security Division (CSD) at NIST accompanies the progress of emerging technologies in the area of privacy-enhancing cryptography (PEC).
News
: WPEC 2024: NIST Workshop on Privacy-Enhancing Cryptography (Sept 24–26 @ Virtual). Quick links: Free Registration (ZoomGov Event); Call for Talks (PDF file); Submission Form (PDF file).The PEC project seeks to promote the development of reference material that can contribute to a better understanding of PEC, namely how advanced cryptographic tools can be used to enable achieving privacy goals in myriad applications. A better understanding of PEC may facilitate the identification of cryptographic techniques whose possible standardization may be pertinent in the future.
The technical challenge in applications of PEC is often to enable parties to interact meaningfully, toward an application goal, without revealing extraneous private information to one another or to third parties.
(The "additional pages" linked on the right-side frame have further details about each activity area.)
See detailed list in the pec/events page.
ZKProof is an open initiative, of academia and industry, that is developing reference material to promote the secure, efficient and interoperable use of zero-knowledge-proofs technology. Since 2019, the NIST-PEC team has provided public feedback and collaborated in the development of reference material open to the public. See related documentation in the pec/zkproof page.
The upcoming NIST Call for Multi-Party Threshold Schemes (see the initial public draft in NIST IR8214C ipd), jointly output by the multi-party threshold cryptography (MPTC) project and the privacy-enhancing cryptography (PEC) project, will solicit public proposals of threshold scheme (multi-party protocols) for various cryptographic primitives. The process involves consideration of various cryptographic techniques of interest to the PEC project, including MPC (secure multiparty computation), ZKP (zero-knowledge proofs), FHE (fully-homomorphic encryption), and IBE/ABE (identity-based and attribute-based encryption). See details in the pec/threshold page.
A PEC use-case suite would constitute a set of proofs of concepts, showcasing the use of cryptographic tools for enabling privacy in various applications. A preliminary draft is available (January 2021) to motivate initial public feedback. See details in the pec/suite page.
As part of a broad initiative by NIST researchers to address the Covid-19 pandemic, PEC team members looked at "encounter metrics": measuring the levels of interaction in a population of autonomous agents equipped with Bluetooth broadcasting devices. Our approach aims to mitigate privacy concerns related to automated contact tracing efforts, including to promote privacy by design in potential pilots of implementations of exposure notification and automated contact tracing. See details in the pec/encounters page.
In our exploration of "privacy-enhancing cryptography" (PEC), we consider selected "PEC tools" as cryptographic primitives, techniques and protocols of interest to privacy-enhancing/preserving applications. These PEC tools can serve as enablers of responsible data sharing and interactions, in settings where otherwise (without PEC) one may lack trust to partake in such processes, or be unable to meet privacy regulatory requirements.
Where to read more about "PEC tools":
Primitive | Description hint (informal) |
---|---|
Zero-knowledge Proof (ZKP) | Prove knowledge of a secret solution to a problem, without revealing the solution. |
(Secure) Multiparty Computation (MPC) | Jointly compute a function over inputs distributed across several parties, without each party revealing their input. |
Fully-Homomorphic Encryption (FHE) | Compute over encrypted data, without learning the plaintext in-put/output, but ensuring the intended functional transformation. |
Functional encryption (FnE) | Decrypt a function (as specified by a decryption key) of a plaintext that has been encrypted, without learning the clear plaintext. Specific cases of interest are identity-based encryption (IBE) and attribute based encryption (ABE). |
Group and ring signatures (GRS) | Produce an unforgeable digital signature, convincingly exhibiting that it has been signed by an unrevealed member of a group. |
Private Set Intersection (PSI) | Determine the intersection of sets held by multiple parties, without revealing the non-intersecting components. |
Private Information Retrieval (PIR) | Query a key-value database, with the database owner being assured that only one element was queried but not learning which. |
Structured Encryption (StE) | Allows privately querying encrypted data structures, e.g., searching for a keyword in a database of encrypted documents, obtaining the resulting documents without revealing the keyword. |
For example, zero-knowledge proofs (ZKPs) allow one party (the prover) to prove to another party (the verifier) that a given statement is true and/or that the solution to some mathematical problem is known to the prover, without revealing any information about the solution itself. More generally, secure multiparty computation (SMPC or MPC) allows multiple parties, often mutually distrustful, to compute some property of their joint inputs, as if it were computed by a trusted third party. This means that the computation occurs without sharing inputs, and while ensuring correct outputs. As another example, fully homomorphic encryption (FHE) allows performing computation on encrypted data without having to perform decryption, which in turn can be used to delegate computation to untrusted parties. Other PEC tools include group signatures, searchable encryption, private information retrieval, private set intersection and functional encryption.
Areas of interest for application of PEC include identification, authentication, statistics over distributed data, and public auditability, among many others. Here are a few examples:
Minimum-disclosure credential: A person has a credential, issued and digitally signed by an authority, and containing private identifiable information (PII). The credential is used to prove some predicate P() on the PII (e.g., the person is of voting age). We want to allow practical protocols by which only the predicate P() is revealed to a verifier.
Brokered identification: Identity providers (IDPs) can enable users to authenticate to service providers (SPs). Some settings require a broker to mediate this transaction, to allow authentication of a passive user (not having any specialized software) between the IDP and SP, while blinding the IDP and SP from one another. Using PEC, the user privacy can be preserved even with respect to the mediator.
Students right to know: A U.S. congress bill proposes the use of SMPC to calculate, on behalf of students, the expected monetary return on the investment made on their college degrees. The data required to make this calculation is held by multiple sources. Because of privacy concerns, these sources cannot simply release their data.
Combining privacy and public auditability: The NIST Randomness Beacon publishes a random 512-bit number every minute. The numbers are signed by NIST, time-stamped, and chained into an immutable chain. A trusted source of public randomness can help numerous parties to coordinate on future randomness to use, while also allowing post-facto public verification that correct randomness was used. Using PEC, e.g., zero-knowledge proofs, it is possible to allow such public auditability, while also satisfying privacy requirements.
A more comprehensive list of examples will be compiled in the scope of the PEC use-case suite. Feedback is appreciated.
NIST runs various privacy-related project/programs. Besides PEC (first row in the table below), there are various privacy-related projects, namely those involving systems engineering, prize challenges, cybersecurity research, and collaborative events. The table lists various examples.
Name (with hyperlink) | Brief description |
---|---|
Privacy-Enhancing Cryptography (PEC) | An initiative of the NIST Cryptographic Technology Group, to develop reference material and prepare future guidance about advanced cryptographic tools (such as MPC, ZKP, FHE, PSI) that can be used for applications of privacy and public auditability. |
Privacy Engineering Program (PEP) | A NIST program to support the development of trustworthy information systems by creating frameworks, risk models, guidance, tools, and standards that protect privacy. |
Privacy Framework | A tool to help organizations improve individuals' privacy through enterprise risk management |
PETS Prize Challenge (2022/2023) | A privacy-enhancing technologies (PETs) prize challenge for Advancing Privacy-Preserving Federated Learning |
Differential Privacy Temporal Map Challenge (2020) | A prize challenge on differential privacy (2020) |
NCCoE | The National Cybersecurity Center of Excellence develops various projects of interest to Privacy and Cybersecurity |
Collaborative Research Cycle Homepage | Series of workshops on selected topics of privacy engineering |
Usable Cybersecurity program | Research to improve the usability of privacy mechanisms |
NIST Privacy terms | The actual privacy terms related to interactions with NIST |
Security and Privacy: cryptography, privacy