[dumbfounder]

Client side is the first answer, but is there a second? Is there a way to peer review a piece of code that can run in a 3rd party container (peer review and cryptographically signed), such that the actual container running the code is encrypted itself and can run anywhere?

I am imagining you download the "container", put the data in, encrypt the container with the data inside, and have that run anywhere.

But I have no idea if that is possible.

[michealr]

I wonder myself the same thing.

Thinking through issues, the external script could still repeatable run on the hidden data, slowly building an idea of the information. There are techniques like homomorphic encryption that go in the direction of allowing analysis on encrypted data.

Musing on possible other solutions, I wonder if simply ratching up the cost and repeated access and limiting data output would discourage this profile building.

Another possibility is it possible to concieve of the service, that takes in a script, runs it, and then tests the returned data for the level of information entropy. Blocking anything above a certain threshold. FYI not sure if that is complete nonsense, but conceptually, with much hand waving, maybe it works.

Going local though does help too

[noisenotsignal]

It's not really "run anywhere", but you can write apps for a trusted execution environment like Intel SGX enclaves; not even the OS can look at what's running. Enclave code is cryptographically signed so that you can both validate the identity of the signer as well as the code contents. In the latter, you'd have to compare the MRENCLAVE value to a published value, which you could reproduce by building from source if it's open.

Microsoft calls this "confidential computing" and has some related Azure products, including providing VMs standalone and in Kubernetes.

[franky47]

That would be feasible with homomorphic encryption, however current implementations are very far from practical applications (extreme resource consumption, terrible performance).

[dumbfounder]

I am not talking about just encrypting the data and performing computation on the encrypted data, but encrypting the entire container with data inside and running that to produce a result with no way to view what’s going on inside. You can get around the limitations with how to run an algorithm on encrypted data because the data is not encrypted with respect to the program itself.

Theoretically it would work like this: you download a docker image, you load your data into it, you encrypt the entire image with data inside, you send that whole package to the cloud where it is run and it produces an output.

[franky47]

Yes I thought of that for my analytics SaaS (to calculate weekly reports), the issue is that the image has to be decrypted on the Docker host before execution, which requires it having access to the key somehow, breaking the end-to-end encryption promise (ie: "we have no way to access your data").

This could be mitigated by having that worker host self-hosted by your clients, it depends how practical that might be.