A SCALABLE AND PRACTICAL PRIVACY-PRESERVING FRAMEWORK

The deluge of big data, accompanied by developments in software and hardware technologies leveraging them, has created new opportunities for research and industry. Vast databases of medical records and genomics hold the promise of shedding light to up to now hidden disease pathways and novel personalised treatments. Moreover, huge amounts of sensor and camera data can be exploited to improve the safety of self-driving vehicles, while analysis of computer logs from different organisations and from different sectors can mitigate cyberattack impacts. The main challenges, though, faced by researchers and service providers working with personal data in cases like the above, are stemming from the fact that these data need to be processed in a privacy-preserving way, as they contain sensitive information. Although several technologies have been developed to facilitate the processing of data while preserving privacy (hence reaching the ideal situation of maximizing data utility while preserving data privacy), they have not made significant inroads into real use cases, due to several reasons. Fully homomorphic encryption, for example, despite being versatile in allowing various computations over federated sets of encrypted data, it suffers from a significant performance degradation as the amount of data to be processed increases, while complex calculations in large-scale deployments take a significant toll when multi-party computation methods are used. Another reason for the lack of uptake of such technologies is related to their user-friendliness, both for researchers and service providers, as well as for data owners. The type and configuration of the privacy-preserving technology to be used, as well as the level of privacy required for a given dataset and a given output, is often unclear to all parties involved. This is further exacerbated by the fact that not all relevant actors are aware of the legal and technical terms used in guidelines related to the privacy requirements of certain types of data.
ENCRYPT will address the aforementioned challenges by providing researchers and service providers working with personal and other sensitive data, with a scalable, practical, adaptable privacy-preserving framework facilitating the GDPR-compliant processing of such data stored in federated cross-border data spaces. Within this framework, a recommendation engine for citizens and end-users will be developed, providing them with personalised suggestions on privacy preserving technologies depending on the sensitivity of data and the accepted trade-off between the degree of security and the overall system performance.
The ENCRYPT framework will be designed taking into consideration the needs and preferences of relevant actors, and will be validated in a comprehensive, 3-phase validation campaign, comprising i) in-lab validation tests, ii) use cases provided by consortium partners in three sectors, namely the health sector, the cybersecurity sector, and the finance sector, that include cross-border processing of data, and iii) external use cases including privacy preserving computations on federated medical datasets. Through this validation campaign, the consortium will assess the developed solution via a wide set of KPIs, including performance, efficiency and scalability, user friendliness, and practicality, and will ensure the applicability of the ENCRYPT framework in the common European Data Spaces.

In a nutshell, the project has successfully completed the following achievements during the first reporting period between M01-M18.
- The organizational structure and governance bodies of the project including the management procedures and management boards have been established and have been running smoothly. These include the a) Project Coordination, administration and Financial Management, b) the Technical Management, c) Communication and Dissemination Management, d) exploitation and Ιnnovation Management, e) data management, f) Ethics and Legal Management, establishment of the project’s external Advisory Board and g) Security Board being responsible to check the sensitivity level of the information shared in the project’s deliverables.
- Co-definition and co-shaping of the project’s three (3) use cases in the Medical, Fintech and CTI domains together with the ENCRYPT end-users
- Elicitation of the final version of end user requirements and needs and organization of end user-driven workshops within ENCRYPT consortium tailored to the project’s use cases
- Shaping and definition of the final version of the ENCRYPT requirements and technical specifications covering: a) functional and non- functional requirements, system technical specifications and legal and ethical requirements tailored to the project’s use cases
- Design and definition of the final version of ENCRYPT’s system architecture
- Implementation of the alpha versions of the privacy-preserving and supporting technologies
- Integration of the alpha versions of developed technologies into the first version of the integrated ENCRYPT platform.
- Submission of deliverables D1.1 D1.2 D1.4 D2.1 D2.2 D3.1 D4.1 D5.1 D5.2 D6.1 and D6.2
- Establishment of collaboration with five (5) EU funded projects in the cyber security realm and scheduled a joint workshop for 1st of June 2023 in order to explore the implementation of common test beds and use cases. The EU-projects selected for collaboration are the following

The ENCRYPT project is developing the following results beyond the current state of the art:
- ENCRYPT Acceleration Service
- ENCRYPT Combined TEE-HE Solution: VISE
- ENCRYPT adds-on for TFHE library
- ENCRYPT FHE optimized solution
- Cyber Threat Intelligence collection, extraction, and sharing module
- Advanced data pre-processing tool
- Data visualisation tool for privacy-protecting processing of data
- AI recommendation engine for the use of privacy-protecting technologies
- Knowledge Graph building tool
- DP privacy optimiser
- Integrated ENCRYPT Framework