Welshare runs on Nillion: A Network for Blind Compute

Welshare's data storage infrastructure is powered by Nillion, a network architecture for secure computation. We can store and process sensitive data while maintaining privacy applying modern cryptographic techniques, eliminating the need to trust any single entity with raw data.

Nillion nodes can be recruited into clusters for specific privacy-enhancing technologies (PETs). Each node operates one or more specialized modules that handle different types of secure computation. When moving forward towards a production ready environment, Welshare plans to become part of a Nillion based cluster that specifically deals with securing health related information.

Nillion's Blind Modules allow for additive secret sharing that splits data into mathematical shares distributed across multiple nodes. Clients with sufficient access permissions can reconcile the shares to decrypt the original information. These operations require a minimum threshold of nodes to collaborate, but even if some node fails to respond the data remains available. Individual nodes cannot reconstruct the original data from their shares on their own.

Nillion supports basic FHE sum operations using the Paillier Cryptosystem to run basic summation aggregations over encrypted data. The network operates Trusted Execution Environments (TEEs) which leverage CPU-level security features for sensitive operations. One application that's particularly relevant for Welshare, is private LLM Inference. This allows the envisioned HPMP to run AI models and patient data based retrieval-augmented generation (RAG) enrichemnt inside the TEEs.

Data Schemas and Collection Ownership

Nillion's private storage / nilDB builds upon a Mongo DB foundation. If you know how to interact with data on Mongo, you know how to query Nillion. To foster decentralization and secrecy aspects, Nillion layers a schema concept on top of raw data which surfaces prominently when you're defining encrypted fields using shared secrets.

There are two conceptual kinds of collections in Nillion's private storage. standard collections allow their owner to write, delete and query / filter arbitrary data - very similar to how a typical database collection would behave. In contrast, owned collections can be directly accessed by accounts the collection owner delegates access tokens to. These delegates use their indivudal delegate tokens to directly to the Nillion network. Records in owned collections carry record level ACL rules that are obeyed by the individual Nillion nodes.

Authentication

All requests issued for Nillion nodes must be authenticated with an access token that identifies the builder or their delegate. At the time of writing builders are accounts that actively subscribe to Nillion's network services. They can delegate access permissions over their owned collections to other accounts. Conceptually each access token requires a subscribed builder to sign it off, see Nillion's docs and the api access docs for reference.

Earned Security Benefits

Welshare is not operating any data storage service that stores user identifiable information. We also don't use a formally trusted and compliant cloud provider right now. We prefer incentivized sovereignty and follow a "prove don't trust" notion over corporate claims and SLA promises. In the mid term we're headed towards a fully end to end encrypted and user owned system.

That being said, during our Alpha rollout phase, as the root builders of the protocol we are technically able to read records by users that wrote data directly into Nillion nodes. This major operator leak will be closed by a solution we're working on with Nillion - or that we need to address by making data collecting applications builders themselves (which is very costly at the moment).