Libertas: Privacy-Preserving Collective Computation for Decentralised Personal Data Stores
Rui Zhao, Naman Goel, Nitin Agrawal, Jun Zhao, Jake Stein, Wael Albayaydh, Ruben Verborgh, Reuben Binns, Tim Berners-Lee, Nigel Shadbolt
TL;DR
Libertas tackles the challenge of performing privacy-preserving collective computations in decentralised Personal Data Stores by introducing a modular, Solid-compatible architecture that enables delegated-decentralised MPC guided by individual, user-centric trust. It systems-engineers data-provider trust preferences, encryption and computation agents, and an MPC App to orchestrate secure secret-sharing and computation without protocol changes. Through two real-world use cases—gig worker earnings analysis and differentially private synthetic data generation—Libertas demonstrates scalability, feasibility, and practical benefits while preserving input and output privacy. The work provides a path toward large-scale, privacy-respecting collaborative data processing that preserves user autonomy and supports diverse stakeholder trust, with empirical results indicating linear scalability and exploitable optimisations for production deployments.
Abstract
Data and data processing have become an indispensable aspect for our society. Insights drawn from collective data make invaluable contribution to scientific and societal research and business. But there are increasing worries about privacy issues and data misuse. This has prompted the emergence of decentralised personal data stores (PDS) like Solid that provide individuals more control over their personal data. However, existing PDS frameworks face challenges in ensuring data privacy when performing collective computations with data from multiple users. While Secure Multi-Party Computation (MPC) offers input secrecy protection during the computation without relying on any single party, issues emerge when directly applying MPC in the context of PDS, particularly due to key factors like autonomy and decentralisation. In this work, we discuss the essence of this issue, identify a potential solution, and introduce a modular architecture, Libertas, to integrate MPC with PDS like Solid, without requiring protocol-level changes. We introduce a paradigm shift from an `omniscient' view to individual-based, user-centric view of trust and security, and discuss the threat model of Libertas. Two realistic use cases for collaborative data processing are used for evaluation, both for technical feasibility and empirical benchmark, highlighting its effectiveness in empowering gig workers and generating differentially private synthetic data. The results of our experiments underscore Libertas' linear scalability and provide valuable insights into compute optimisations, thereby advancing the state-of-the-art in privacy-preserving data processing practices. By offering practical solutions for maintaining both individual autonomy and privacy in collaborative data processing environments, Libertas contributes significantly to the ongoing discourse on privacy protection in data-driven decision-making contexts.