ONITO implements data privacy with secure multiparty computation, a cryptographic protocol to infer knowledge from data without reading raw data.
STDinfo is ONITO's implementation of secure computation, tested in 2024 to infer transmission risk from 2 sexually transmitted disease (STD) panel reports without sharing reports between both users or with ONITO software. STDinfo converts an STD panel report into a bit string, locally on a user's device. This bit string is private and only visible to the owner of the medical report. Bitwise XOR is performed using secure multiparty computation on 2 strings from 2 users, who may match on a dating app and wish to check if they can engage in safe sex. Using secure multiparty computation using a Python package, MPyC, a function is operated on private data from 2 users without sharing. This allows users to locally compute bitwise XOR on their devices, without unencrypted sharing data with each other, ONITO, or dating apps. A yes is given if both users test negative for all STDs, or test positive on the same STDs, otherwise a no is given. Currently, the STD panel on which STDinfo is built consists of chlamydia, HIV, gonorrhea, syphilis, hepatitis B, and hepatitis C.
Data need to be verified for integrity, since in STDinfo version 1, a user may input incorrect panel reports as bit strings. This is a major flaw which can be overcome with trusted diagnostic labs. STDinfo version 2 must ensure reports are not tampered by users. Encrypted STD panel reports are sent from both a trusted lab where a user got tested, and the user. This encrypted form is a digital signature of the report and it allows ONITO to verify the authenticity of the input report. If both encrypted reports from the lab and the user match, it is verified that the report is not tampered and can be used in STDinfo. Encryption ensures no medical data is read by ONITO and both reports (lab and user) are the same. This is a planned update based on simple public key cryptography and digital signatures.
No unencrypted patient data with ONITO. Only on patient devices. Doctors allowed access by patients through ONITO (web, app, mobile, desktop). ONITO transfers encrypted data from patients to doctors. Doctors and patients share a code that ONITO doesn't know using Diffie-Hellman key exchange to encrypt communication between the patient and the doctor. Once the doctor has been issued a key by the patient, the doctor receives encrypted medical data from the patient transferred through the ONITO application on patient and doctor devices. These data are decrypted using the shared key, which ONITO doesn't know.