Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

BEDCrypt: Privacy-preserving interval analytics with homomorphic encryption

Kimon Antonios Provatas, Ilias Georgakopoulos-Soares

TL;DR

BEDCrypt is presented, a privacy-preserving system for genomic interval analytics based on homomorphic encryption in an honest-but-curious server setting, enabling core functionalities such as coverage summaries, interval intersections, proximity (window-style) queries, and set-similarity statistics, without revealing plaintext intervals or query genomic locations to the server.

Abstract

Motivation. Genomic data and derived interval datasets can carry sensitive information, and the analysis itself can reveal an analyst's intent. As genomic workloads are increasingly outsourced to third-party infrastructure, there is a need for privacy-preserving technologies that protect both the data and the queried loci. Results. We present BEDCrypt, a privacy-preserving system for genomic interval analytics based on homomorphic encryption in an honest-but-curious server setting. The server operates only on encrypted data and returns encrypted answers that the client decrypts locally, enabling core functionalities such as coverage summaries, interval intersections, proximity (window-style) queries, and set-similarity statistics, without revealing plaintext intervals or query genomic locations to the server.

BEDCrypt: Privacy-preserving interval analytics with homomorphic encryption

TL;DR

BEDCrypt is presented, a privacy-preserving system for genomic interval analytics based on homomorphic encryption in an honest-but-curious server setting, enabling core functionalities such as coverage summaries, interval intersections, proximity (window-style) queries, and set-similarity statistics, without revealing plaintext intervals or query genomic locations to the server.

Abstract

Motivation. Genomic data and derived interval datasets can carry sensitive information, and the analysis itself can reveal an analyst's intent. As genomic workloads are increasingly outsourced to third-party infrastructure, there is a need for privacy-preserving technologies that protect both the data and the queried loci. Results. We present BEDCrypt, a privacy-preserving system for genomic interval analytics based on homomorphic encryption in an honest-but-curious server setting. The server operates only on encrypted data and returns encrypted answers that the client decrypts locally, enabling core functionalities such as coverage summaries, interval intersections, proximity (window-style) queries, and set-similarity statistics, without revealing plaintext intervals or query genomic locations to the server.
Paper Structure (38 sections, 2 figures, 1 table)

This paper contains 38 sections, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. Problem Definition and Threat Model
  3. Interval analytics model
  4. Database intervals ($B$).
  5. Database preprocessing (logical, per-array).
  6. Query intervals ($A$).
  7. Query selectors and permutation (physical addressing).
  8. Supported query classes.
  9. Threat model
  10. Server observations.
  11. Server non-observations.
  12. Leakage discussion
  13. Leakage and protection.
  14. System Overview
  15. Client-side responsibilities
  16. ...and 23 more sections

Figures (2)

  • Figure 1: Encrypted database layout (high level). The client converts the database intervals into linear plaintext arrays (coverage/start/end/depth), concatenates them into a logical vector, partitions the vector into fixed-size chunks (one BFV ciphertext per chunk), applies a client-secret permutation over chunk order, and encrypts each chunk for server-side storage. Query evaluation uses selectors that reference a permuted chunk identifier and an intra-chunk slot offset, enabling blind extraction without revealing logical genomic coordinates.
  • Figure 2: BEDCrypt System Design.(A) Architecture: The end-to-end protocol separating client-side logic (setup, query compilation, and decryption) from server-side storage and processing. (B) Functionality-to-Data Mapping: The relationship between genomic operations (e.g., Coverage, Depth, Jaccard) and the underlying encrypted segments (S1--S4), defining which arrays are accessed and the specific scalar payloads (e.g., prefix sums vs. exact values) returned. (C) Server-Side Computation: The oblivious extraction kernel that processes requests by loading specific ciphertext chunks, rotating target values to the zero-th slot, and masking the remaining slots to isolate the result.