TrustForge Overview
TrustForge is Agita Labs’ privacy-enhanced technology (PET) product that supports secure computation on always-encrypted sensitive data, including support for encrypted and verified computation, and safe datagrants. Programmers access TrustForge capabilities in the Azure and AWS clouds by means of standard programming language interfaces: C++, Python, and JavaScript. TrustForge delivers cryptographic-strength defenses against disclosures, integrity attacks, and side-channel attacks. In turn, TrustForge protects sensitive data from software hacking, prying eyes, and supply chain malware.
At the heart of TrustForge lies Agita Labs’ sequestered encryption technology. Co-developed with support from Intel Corporation and DARPA, sequestered encryption is the most comprehensive and capable privacy-enhanced computation framework in existence today. The TrustForge enclave is a hardware component that implements sequestered encryption in the Microsoft and Amazon clouds. Channeling the security and performance of dedicated hardware, TrustForge delivers cryptographic-strength data security defenses that are significantly more performant, programmable, and capable than other secure computation technologies, including homomorphic encryption and multi-party computation.
TrustForge Capabilities
TrustForge is a programming framework for building zero-trust data sharing applications. Both flexible and secure, TrustForge gives DevOps programmers the ability to craft zero-trust data sharing strategies (rather than implementing specific security policies). And unlike other secure computation solutions, developers need not be a cryptographer or mathematician to build a zero-trust data sharing solution. Users need only to harness the basic TrustForge defense capabilities in C++, Python or JavaScript. TrustForge delivers to DevOps programmers four powerful data security defense features: data encryption, encrypted computation, guardrailing, and safe datagrants.
Data encryption: The TrustForge framework provides high-entropy data encryption capabilities for data owners (and client-side developers) to encrypt sensitive data. Data encryption ensures that TrustForge data shared with another (potentially untrustworthy) party cannot be re-engineered by analyzing the encrypted data. TrustForge-protected data possesses “semantic security” and passes “ciphertext indistinguishability” tests, which are the gold standard for data encryption protection.
Encrypted computation: All server-side TrustForge-protected computation occurs directly on encrypted data, meaning that, from the software side, there is no access to a data decryption key. Programmers access TrustForge’s encrypted computation capability in C++, Python, or JavaScript by declaring sensitive variables as TrustForge encrypted data types. These encrypted variables can then be used like any other program variable, except their true data value is hidden from the program. TrustForge-protected programs are secure-by-construction, which means that any program that utilizes TrustForge is fully protected from data disclosures and timing-based side channels. Attackers who launch software hacks or side-channel attacks will fail against TrustForge’s cryptographic-strength defenses.
Guardrailing: TrustForge’s guardrailing capability reliably detects if any changes occurred during an application’s execution due to software hacking or unauthorized code changes. All TrustForge applications possess a unique fingerprint, which changes whenever the application is changed. With this feature, TrustForge users can reliably detect the occurrence of any hacking or supply chain attacks. Like all TrustForge defenses, defeating these integrity checks requires a cryptographic attack on an industry-standard hash function.
Safe datagrants: TrustForge safe datagrants permit a specific analysis or computation on encrypted data to release its results in decrypted form to the TrustForge user. With safe datagrants, it is possible to safely release privacy preserving statistics, auditing information, machine learning training results, etc. This powerful facility was built to carefully prevent exploitation by attackers and malicious programmers. If any changes occur to the agreed-upon computation, the datagrant becomes invalid. Defeating these protections requires a cryptographic attack on an industry-standard hash function.