u/badcryptobitch

It's pretty obvious that privacy is important when building fintech products with the exception of social fintech products (think early Venmo or certain crypto communities). But, to my knowledge, most don't do anything regarding privacy beyond what is legally required due to regulation. The fintech companies that do are the massive ones like Visa or Mastercard. But even those companies struggle with actually implementing proper privacy controls across both their products and their internal processes.

Considering that privacy is kind of a no-brainer for fintech, what is stopping you from applying any sort of privacy tech in your fintech products?

While browsing through this subreddit, I encountered this old discussion post about demand for AI with the rise of privacy regulation. It got me thinking that, 6 years on, the demand for AI hasn't slowed at all, obviously. But with the rise of LLMs and papers showing how to de-anonymize online users, that correspondingly there's been a rise for more privacy. Anecdotally, many of my friends work with trusted execution environments to provide enterprise customers with privacy-preserving versions of popular LLM models.

I'm curious to know how everyone in this subreddit feels about not only the demand for AI but the demand for privacy-preserving solutions to AI.

This is a preview of an in progress article about beaver triples, an efficient technique to enable multiplication of secret shares. If you'd like to be alerted of when it will be published, you can sign up to the Stoffel newsletter.

https://preview.redd.it/8y5g96v9b5zg1.png?width=1254&format=png&auto=webp&s=2c01f0e41b00631782fbcbec9551ac7cacdeb515

You and your friends are planning to go out to dinner. Typically, you are the friend in the friend group that pays for everyone else's meals. But recently, the market isn't doing to well recently. So, everyone needs to start paying up.

However, not all of the homies are ballin' because well, the market isn't doing too well and one of them is still a student. But, just because external forces are kicking everyone's butt doesn't prevent the friend group from hanging out and enjoying a nice meal together. In order to have an enjoyable meal together, a restaurant needs to be decided upon. But, not everyone likes the same cuisine and some restaurants are more expensive than others. Considering that everyone's financial situation and food preferences are different, you attempt to devise a privacy-respecting way to allow the group to come to consensus on which restaurant to go to.

https://preview.redd.it/encramxbb5zg1.jpg?width=500&format=pjpg&auto=webp&s=81cbc9f13025768850a757b5f737de290435c378

As you are a cryptographer, you know that you can leverage secret sharing to solve this problem. You figure out a simple scoring rule to determine which restaurant everyone will go to: For a restaurant j, person i will submit

aᵢⱼ = how much can I afford to eat at this restaurant

fᵢⱼ = how much do I want to eat at this restaurant

each aᵢⱼ and fᵢⱼ are graded on a 0-10 scale. The friend level score will be sᵢⱼ = aᵢⱼ * fᵢⱼ The group level score for a restaurant j will be Sⱼ = Σsᵢⱼ. At the end, at least 2 friends will unveil the scores for the restaurant and then decide which restaurant the dinner will happen at.

We want to keep each person's aᵢⱼ and fᵢⱼ scores private in order to keep the peace among everyone in the group chat.

There are 4 friends in the friend group and you need at least 2 of them together to unveil the group level restaurant scores.

But you realize that there is one issue.

How can you actually compute [aᵢⱼ] [fᵢⱼ] ?

We know that for each restaurant j and friend i, that we get the following shares:

pᵢⱼ(x) = aᵢⱼ + px, qᵢⱼ(x) = fᵢⱼ + qx

where pᵢⱼ(0) = aᵢⱼ and qᵢⱼ(0) = fᵢⱼ.

If we were to directly compute pᵢⱼ(x)qᵢⱼ(x), we get pqx² + (fᵢⱼp + aᵢⱼq)x + aᵢⱼfᵢⱼ where pᵢⱼqᵢⱼ(0) = aᵢⱼfᵢⱼ. So, this would indeed give us the right per restaurant per friend score privately.

The issue is that now, before we required at least 2 friends to unveil the final scores. But now, we require at least 4 friends to unveil the final scores; which is basically everyone in the group chat.

Is there a way to still get a polynomial of degree t where the intercept of this polynomial is still aᵢⱼfᵢⱼ?

In this upcoming article, I'll be going over Beaver Triples, a efficient technique that enables secret shares to be multiplied together and answers our questions.

If you'd like to be alerted of when it will be published, you can sign up to the Stoffel newsletter.

Privacy is an afterthought for most of you.

As you are only building side projects that may not have many users, you don't aim to think about what might happen to their data when they decide to take a chance on your new product. But what happens with their data once you've made the decision to stop working on it?

It may seem like a far fetched issue but with the recent rise in cyber attacks due to AI, you may want to take a second look at thinking about privacy in your side project. Not to mention the rise in regulations around the world for managing user data.

Post your side project and I'll give you feedback on how you can immediately improve the privacy of it for your users without slowing down your shipping velocity.

I've noticed that among all the questions and content posted in this subreddit, no one really talks about user privacy when building out their SaaS. I get why since you already have to manage so many different things while building out a business. But, as privacy gets more important, even SaaS devs need to start thinking about handling user privacy while building out the product instead of as an add-on.

What is holding y'all back from actually thinking about privacy for your SaaS?