DataZen

DataZen is an advanced distributed computation system designed to enable secure, privacy-preserving data analysis and collaboration. At its core, DataZen leverages Fully Homomorphic Encryption (FHE) and other cryptographic techniques to allow computations on encrypted data without ever decrypting it. This approach solves a fundamental problem in data science and analytics: how to derive insights from sensitive data across multiple parties without compromising individual privacy or revealing raw information. Key Components of DataZen:

Data Providers: These are entities (individuals, companies, institutions) that own sensitive data they want to contribute for analysis without exposing the raw information. Using DataZen's tools, they encrypt their data using FHE or a dual encryption scheme (AES + RSA). Zen Nodes: These are secure compute providers that store encrypted data and perform computations on it. Zen Nodes never have access to decryption keys, ensuring they cannot view the raw data they process. Compute Clients: These are parties interested in analyzing the collective data. They submit computation requests to Zen Nodes and receive encrypted results along with zero-knowledge proofs of computation integrity.

Detailed Functionality:

Data Preparation:

For FHE: Data is encrypted using the TFHE library, which allows for complex mathematical operations on encrypted integers. For dual encryption: Data is encrypted with AES, and the AES key is then encrypted with RSA public keys from both the client and Zen Node.

Secure Storage:

Encrypted data is stored on Zen Nodes in a structured format, along with metadata. The system uses base64 encoding for efficient storage and transmission of encrypted data.

Computation:

Zen Nodes can perform various operations on FHE-encrypted data, including:

Calculating averages and totals Performing comparisons (greater than, less than, etc.)

All computations occur in the protected environment of the Zen Node.

Zero-Knowledge Proofs:

For each computation, a zero-knowledge proof is generated. This proof allows verification of the computation's correctness without revealing any information about the input data or intermediate steps.

Result Delivery:

Computed results remain encrypted and are sent back to the compute client along with the zero-knowledge proof. Only the authorized compute client can decrypt the final result using their private key.

Security Measures:

End-to-end encryption ensures data remains protected at rest and in transit. Key isolation prevents Zen Nodes from accessing raw data. The use of FHE allows for computations on encrypted data, eliminating the need for decryption during processing.

Technical Implementation:

The system is primarily implemented in Rust, leveraging its strong type system and memory safety features. It uses the Rocket web framework for handling HTTP requests and managing the Zen Node server. The TFHE library is used for FHE operations, allowing for complex computations on encrypted integers. For non-FHE data, the system uses AES-256-CBC for symmetric encryption and RSA for asymmetric encryption. The project includes modules for key generation, data processing, Zen Node operations, and zero-knowledge proof generation.

Use Cases: DataZen has wide-ranging applications across various industries where data sensitivity is paramount:

Finance: Credit scoring, fraud detection, and risk assessment across multiple institutions without sharing raw financial data. Healthcare: Collaborative medical research, drug discovery, and epidemiological studies while maintaining patient privacy. Smart Cities: Urban planning and resource optimization using encrypted data from multiple city services. Education: Cross-institutional analysis of student performance and standardized testing. Supply Chain: Multi-party inventory optimization and demand forecasting without revealing proprietary information.

In essence, DataZen creates a secure environment for data collaboration, enabling organizations to break down data silos and leverage collective intelligence without compromising on data privacy or security. It represents a significant advancement in privacy-preserving computation, opening up new possibilities for data-driven decision-making in sensitive domains.

Frontend (Next.js):

Provides a user-friendly interface for data providers and compute clients. Implements secure key management on the client side. Handles encryption of data before sending to Zen Nodes. Manages user authentication and authorization.

Backend (Rust + Rocket):

Remains as previously described, handling core functionalities.

ZK Proof Generation (Circom):

After computations are performed on encrypted data, Circom circuits generate zero-knowledge proofs. These proofs verify the correctness of computations without revealing data.

Blockchain Integration:

Smart contracts on Polygon zkEVM and Arbitrum now also handle verification of ZK proofs. ZK proofs are submitted alongside computation results for on-chain verification.

Full Stack Integration:

The Next.js frontend communicates with the Rust backend via RESTful APIs. It also interacts directly with blockchain networks for submitting transactions and verifying proofs.

Notable Implementation Details:

TypeScript in Frontend:

Utilizes TypeScript in the Next.js frontend for enhanced type safety and developer experience.

API Routes in Next.js:

Leverages Next.js API routes to create a seamless bridge between the frontend and the Rust backend.

Circuit Design in Circom:

Custom Circom circuits are designed for each type of computation (average, total, comparisons, etc.). These circuits are compiled to generate proving and verification keys.

ZK Proof Integration:

The Rust backend generates witnesses for Circom circuits based on computation results. ZK proofs are generated using these witnesses and the proving key. Proofs are then sent to the frontend and can be verified on-chain.

React Hooks for Blockchain Interaction:

Custom React hooks are implemented to interact with smart contracts on Polygon zkEVM and Arbitrum.

Hackish/Notable Techniques:

Frontend-Backend Type Sharing:

Implements a system to share type definitions between the TypeScript frontend and Rust backend, ensuring consistency in data structures.

Dynamic Circuit Loading:

The system dynamically loads appropriate Circom circuits based on the type of computation being performed, allowing for flexibility and efficiency.

Hybrid Encryption in Frontend:

Implements a hybrid encryption scheme in the browser using Web Crypto API for symmetric encryption and imported TFHE.rs functionality for homomorphic encryption.

ZK Proof Batching:

Develops a batching system for ZK proofs to optimize gas costs when submitting multiple proofs to the blockchain.

In-Memory Decryption Server:

To securely handle FHE computations, the system spins up a temporary in-memory decryption server for the compute client. This server only exists for the duration of the computation, minimizing the attack surface.

Dynamic Payload Parsing:

Implements a custom dynamic payload parsing system to handle various data formats and computation types, making the system highly adaptable to different use cases.

Blockchain-Backed Audit Trail:

Leverages the immutability of blockchain to create a tamper-proof audit trail of all computation requests and results, enhancing transparency and accountability.

Filecoin Integration Hack:

Developed a custom wrapper around Filecoin's API to seamlessly integrate decentralized storage into the data flow, treating Filecoin storage as if it were local to the Zen Node.

This full-stack approach, combining a Next.js frontend, Rust backend, TFHE.rs for homomorphic encryption, Circom for ZK proofs, and blockchain integration, creates a comprehensive, secure, and user-friendly system for privacy-preserving distributed computation. The use of cutting-edge technologies across the stack ensures DataZen is at the forefront of secure, decentralized data collaboration.