Fully homomorphic encryption (FHE) enables computation on encrypted data. This is essentially the ultimate privacy guarantee - a server that does work for its users (like fetching emails, tweets, or search results), without ever knowing what its users are doing - who they talk to, who they follow, or even what they search for. Servers using FHE give you cryptographic proof that they aren’t spying on you.
Unfortunately, performing general computation using FHE is notoriously slow. We have focused on solving a simple, specific problem: retrieve an item from a key-value store, without revealing to the server which item was retrieved.
By focusing on retrievals, we achieve huge speedups that make Blyss practical for real-world applications: a password scanner like “Have I Been Pwned?” that checks your credentials against breaches, but never learns anything about your password (https://playground.blyss.dev/passwords), domain name servers that don’t get to see what domains you’re fetching (https://sprl.it/), and social apps that let you find out which of your contacts are already on the platform, without letting the service see your contacts (https://stackblitz.com/edit/blyss-private-contact-intersecti...).
Big companies (Apple, Google, Microsoft) are already using private retrieval: Chrome and Edge use this technology today to check URLs against blocklists of known phishing sites, and check user passwords against hacked credential dumps, without seeing any of the underlying URLs or passwords.
Blyss makes it easy for developers to use homomorphic encryption from a familiar, Firebase-like interface. You can create key-value data buckets, fill them with data, and then make cryptographically private retrievals. No entity, not even the Blyss service itself, can learn which items are retrieved from a Blyss bucket. We handle all the server infrastructure, and maintain robust open source JS clients, with the cryptography written in Rust and compiled to WebAssembly. We also have an open source server you can host yourself.
(Side note: a lot of what drew us to this problem is just how paradoxical the private retrieval guarantee sounds—it seems intuitively like it should be impossible to get data from a server without it learning what you retrieve! The basic idea of how this is actually possible is: the client encrypts a one-hot vector (all 0’s except a single 1) using homomorphic encryption, and the server is able to ‘multiply’ these by the database without learning anything about the underlying encrypted values. The dot product of the encrypted query and the database yields an encrypted result. The client decrypts this, and gets the database item it wanted. To the server, all the inputs and outputs stay completely opaque. We have a blog post explaining more, with pictures, that was on HN previously: https://news.ycombinator.com/item?id=32987155.)
Neil and I met eight years ago on the first day of freshman year of college; we’ve been best friends (and roommates!) since. We are privacy nerds—before Blyss, I worked at Yubico, and Neil worked at Apple. I’ve had an academic interest in homomorphic encryption for years, but it became a practical interest when a private Wikipedia demo I posted on HN (https://news.ycombinator.com/item?id=31668814) became popular, and people started asking for a simple way to build products using this technology.
Our client and server are MIT open source (https://github.com/blyssprivacy/sdk), and we plan to make money as a hosted server. Since the server is tricky to operate at scale, and is not part of the trust model, we think this makes sense for both us and our customers. People have used Blyss to build block explorers, DNS resolvers, and malware scanners; you can see some highlights in our playground: https://playground.blyss.dev.
We have a generous free tier, and you get an API key as soon as you log in. For production use, our pricing is usage-based: $1 gets you 10k private reads on a 1 GB database (larger databases scale costs linearly). You can also run the server yourself.
Private retrieval is a totally new building block for privacy - we can’t wait to see what you’ll build with it! Let us know what you think, or if you have any questions about Blyss or homomorphic encryption in general.
by Andrey
Azimov