Privacy-preserving Credit Scoring via Functional Encryption

TL;DR

This paper explores using Functional Encryption for privacy-preserving credit scoring, aiming to improve security without relying on trusted hardware like Intel SGX, and evaluates its performance implications.

Contribution

It introduces a novel application of Functional Encryption in credit scoring and assesses its performance benefits over existing hardware-based solutions.

Findings

Functional Encryption enables data privacy in credit scoring.

FE-based approach reduces reliance on trusted hardware like SGX.

Performance evaluation shows feasibility for financial applications.

Abstract

The majority of financial organizations managing confidential data are aware of security threats and leverage widely accepted solutions (e.g., storage encryption, transport-level encryption, intrusion detection systems) to prevent or detect attacks. Yet these hardening measures do little to face even worse threats posed on data-in-use. Solutions such as Homomorphic Encryption (HE) and hardware-assisted Trusted Execution Environment (TEE) are nowadays among the preferred approaches for mitigating this type of threat. However, given the high-performance overhead of HE, financial institutions -- whose processing rate requirements are stringent -- are more oriented towards TEE-based solutions. The X-Margin Inc. company, for example, offers secure financial computations by combining the Intel SGX TEE technology and HE-based Zero-Knowledge Proofs, which shield customers' data-in-use even against malicious insiders, i.e., users having privileged access to the system. Despite such a solution offers strong security guarantees, it is constrained by having to trust Intel and by the SGX hardware extension availability. In this paper, we evaluate a new frontier for X-Margin, i.e., performing privacy-preserving credit risk scoring via an emerging cryptographic scheme: Functional Encryption (FE), which allows a user to only learn a function of the encrypted data. We describe how the X-Margin application can benefit from this innovative approach and -- most importantly -- evaluate its performance impact.