The majority of financial organizations managing confidential data are aware
of security threats and leverage widely accepted solutions (e.g., storage
encryption, transport-level encryption, intrusion detection systems) to prevent
or detect attacks. Yet these hardening measures do little to face even worse
threats posed on data-in-use. Solutions such as Homomorphic Encryption (HE) and
hardware-assisted Trusted Execution Environment (TEE) are nowadays among the
preferred approaches for mitigating this type of threat. However, given the
high-performance overhead of HE, financial institutions — whose processing
rate requirements are stringent — are more oriented towards TEE-based
solutions. The X-Margin Inc. company, for example, offers secure financial
computations by combining the Intel SGX TEE technology and HE-based
Zero-Knowledge Proofs, which shield customers’ data-in-use even against
malicious insiders, i.e., users having privileged access to the system. Despite
such a solution offers strong security guarantees, it is constrained by having
to trust Intel and by the SGX hardware extension availability. In this paper,
we evaluate a new frontier for X-Margin, i.e., performing privacy-preserving
credit risk scoring via an emerging cryptographic scheme: Functional Encryption
(FE), which allows a user to only learn a function of the encrypted data. We
describe how the X-Margin application can benefit from this innovative approach
and — most importantly — evaluate its performance impact.

By admin