Using MPC for Anonymous and Private DNA Analysis

(vishakh.blog)

37 points by vishakh82212 days ago

5 comments

  • wackget212 days ago
    Wow, Media Player Classic has come a long way. I knew it could play most types of videos but this is next-level compatibility.
    • smilevideo212 days ago
      For those who just read the comments, this is a joke. The MPC in the article refers to "multi-party compute".
      • khqc212 days ago
        I'm pretty sure it's model predictive control
  • krunck212 days ago
    It&#x27;s great to see privacy-focused service using FHE.<p>I&#x27;d love to see the results of an external audit of the systems that touch personal DNA information.
    • Real_S212 days ago
      We did an external audit of these systems and published on it a few years ago:<p><a href="https:&#x2F;&#x2F;www.frontiersin.org&#x2F;journals&#x2F;bioengineering-and-biotechnology&#x2F;articles&#x2F;10.3389&#x2F;fbioe.2020.591980&#x2F;full" rel="nofollow">https:&#x2F;&#x2F;www.frontiersin.org&#x2F;journals&#x2F;bioengineering-and-biot...</a><p>A publication from this year highlights the ongoing challenges:<p><a href="https:&#x2F;&#x2F;ieeexplore.ieee.org&#x2F;abstract&#x2F;document&#x2F;10930454&#x2F;" rel="nofollow">https:&#x2F;&#x2F;ieeexplore.ieee.org&#x2F;abstract&#x2F;document&#x2F;10930454&#x2F;</a>
      • vishakh82212 days ago
        Your links seem to relate to regular plaintext sequencing, storage and analysis.<p>We are building under full encryption.
    • vishakh82212 days ago
      Unfortunately, credible external audits are really expensive.<p>Our project is bootstrapped so we won&#x27;t be able to afford a 100k audit for a while.
  • phoronixrly212 days ago
    So... It&#x27;s just uploading your DNA to S3 but with extra steps this time? Before selling it off with the rest of the company assets later.
    • vishakh82212 days ago
      Not at all. &quot;S3&quot; is only in the loop because that&#x27;s what labs generally use. In production, when we have ongoing scale, we will not use S3 or anything like it to transfer data between labs and our infra, even if it means using sneakernet!<p>The whole point of our project is to keep people&#x27;s data always under encryption so that nobody can sell the data even if they wanted to. Using MPC (and FHE) we ensure that nobody can decrypt your data without your permission.<p>You can also delete your data any time without needing any third party&#x27;s permission using the latest versions of the libraries we use.<p>We are building all this go get away from the closed, exploitative model that 23andMe built. The way we are building our infra, our company could go out of business tomorrow and you&#x27;ll still be able to use the protocol and have access to your data and insights.<p>Also, fun fact, genetic data from newborns is retained by the state in many industrialized countries. We need to get that data away from &quot;trust me, bro&quot; infrastructure to securing it using MPC and FHE.
      • mbeavitt212 days ago
        Ok but the lab has access to the unencrypted data? You haven&#x27;t removed the requirement that the user needs to trust the lab with their raw genome markers. This entire operation hinges on the lab&#x27;s trustworthiness, does it not?
        • Real_S212 days ago
          Excellent point.<p>We are developing a solution that will allow cryptography for DNA molecules, allowing DNA to be secure in any lab. It fits well with Monadic&#x27;s front end.<p><a href="https:&#x2F;&#x2F;www.geneinfosec.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.geneinfosec.com&#x2F;</a>
        • vishakh82212 days ago
          We address this point in the article. On the default path with existing rules and regulations some degree of trust in labs will always be required.<p>At-home sequencing could be a game changer.<p>The other reply also mentions molecular cryptography which could provide really strong anonymity and privacy guarantees. We hope to do a PoC accordingly some time in the neat future.
      • AtariATMHacker212 days ago
        &gt; Also, fun fact, genetic data from newborns is retained by the state in many industrialized countries.<p>Do you have any sources for this?
        • vishakh82211 days ago
          <a href="https:&#x2F;&#x2F;www.cdc.gov&#x2F;newborn-screening&#x2F;about&#x2F;index.html" rel="nofollow">https:&#x2F;&#x2F;www.cdc.gov&#x2F;newborn-screening&#x2F;about&#x2F;index.html</a><p><a href="https:&#x2F;&#x2F;www.genomicsengland.co.uk&#x2F;initiatives&#x2F;newborns" rel="nofollow">https:&#x2F;&#x2F;www.genomicsengland.co.uk&#x2F;initiatives&#x2F;newborns</a>
  • odyssey7212 days ago
    What makes Monadic DNA monadic?
    • vishakh82212 days ago
      Think monad as in philosophy, less monad as in a programming burrito.<p>Our intention is to let each user be a self-contained, enclosed (through encryption) unit where they get insights tailored to their unique genome. At the same time, we want to aggregate data (securely and with consent) from all users to power medical and research findings.<p>It sort of also works in the programming monad sense as the data is always enclosed and encrypted and never &quot;directly&quot; operated on.
  • goopypoop212 days ago
    &quot;Anonymized&quot; ≠ anonymous<p>What is the contract with &quot;some legalese&quot; for?<p>Couldn&#x27;t it be as simple as &quot;pay, spit, receive unique physical token&quot;? A disgusting vending machine, even
    • vishakh82212 days ago
      You&#x27;re right about &quot;anonymized&quot; and &quot;anonymous&quot;. We do point out avenues to reach anonymity.<p>The legalese is for informed consent since biological materials are involved, handling liability and pointing out that the exercise itself was experimental and an early step towards productionzation.<p>The physical token could be a UX nightmare and it could get expensive at scale. Using a more developed app which accept revocable public keys from the user might be more workable.