What is KeyMaker and why do we need it? Current collaborative and federated data analysis tasks require complex programming interfaces that utilize MPC or multi-key homomorphic encryption (HE) protocols. KeyMaker aims at relieving these challenges by providing a cloud-based key-sharing service and accompanying toolbase that makes it simple to encrypt/decrypt and securely analyze data among sites using federated and collaborative approaches. The sensitive data always stays encrypted and can only be decrypted by a collective decryption protocol that all sites must participate. While similar efficient protocols exist (Asharov et al), there is lack of easy-to-use frameworks that can be used in genomic and biomedical data analysis. These can be used for international collaborations that are heavily regulated (e.g. GDPR) because sensitive data is always encrypted.

How does KeyMaker work? KeyMaker utilizes RLWE-based schemes and modifies underlying key generation to share a master secret key among collaborating sites. Each site gets a share of the master key, which is never stored on the KeyMaker. Conceptually any RLWE-based code can make use of KeyMaker generated keys. However, the current implementation only stores the keys that are compatible with SEAL's version 4.0 C++ library. We also provide executables that can utilize these keys to process matrix-formatted datasets. Users can use the keys in their own code as well. Note that the usage of keys does not require any specific functions in addition to existing RLWE-based codebases such as SEAL or TenSEAL. The specific components related to key shares (collective decryption, ciphertext refreshing) are implemented in the codebase and executables that can be readily used by collaborating sites. We also provide examples of how these can be used. As KeyMaker does not take part in computations, the sites must establish a shared space (on the cloud or a shared scp server) to store and share encrypted intermediate datasets.

What are the advantages of KeyMaker? KeyMaker's framework is based on sharing same public key for encryption among sites. After the keys are generated, the programming interface is exactly same as performing single key calculations. KeyMaker also provides numerous functions for processing data, including encryption and processing of data matrices, collaborative decryption among sites, refreshing of ciphertexts. Unlike other interfaces, these are implemented into binaries that can be simply called from the command line. This is advantageous because pipelines can utilize these functions in their code by doing system calls or by calling the executables in bash scripts without any programming.

What is the security model of KeyMaker? KeyMaker assumes an honest-but-curious adversary model. All sites must trust the keys generated by KeyMaker. KeyMaker is currently maintained by an open source implementation and is maintained and operated by non-profit team of biomedical privacy researchers who represent a non-colludable entity. KeyMaker service aims to guarantee the security of the key generation process, and the accuracy of the accompanying codebase. KeyMaker service is not used in any of the data analysis steps and does not have access to the keys after they are generated. After keys are generated, the sites execute their computation protocol. This operation is not secure against malicious parties, i.e., any deviation from the protocol may result in undefined or garbled data. However, the security of sensitive data should not be at risk in these deviations if the protocols are designed appropriately. It should be noted that KeyMaker does not constrain protocols. The sites must ensure that collectively decryption is done appropriately so that only final results are correctly revealed to all entities.

What are the future improvements for KeyMaker? We are improving the key generation process so that KeyMaker's collusion is provably not existent. We are also constantly expanding the codebase that can be utilized for federated and collaborative biomedical data processing.

KeyMaker's main role is generation and securely sharing of the distributed secret keys (DSK), and other key among sites. This web interface allows one site to initiate the key generation process that will be used to generate the keys that will be used by the collaborating sites. Note that any site can initiate the key generation process because the generated keys are encrypted by KeyMaker and can only be decrypted by the respective site.

When you are ready with setting up the session or recalling a previous folder, you can generate DSKs by completing each of the steps below: