Founded in 2022, Silence Laboratories is a cybersecurity startup enabling adoption of privacy preserving threshold signatures and secure computations through its developer-focused cryptographic stack. The company also organizes Decompute, a conference focused on decentralized security with multiparty computation.
We spoke to CEO and co-founder Jay Prakash.
Please introduce yourself, and explain how you developed the idea for Silence Labs
I did my PhD in Usable Security, that is security an average user is able to handle, hiding all the math and complexity. My PhD Supervisor and I found multiple vulnerabilities in existing Two-Factor Authentication (2FA) solutions, which we published and described at various conferences. We thought, “Why not build a company to do this better?”
During this period I spent time in both Singapore and the US. In the process of talking to prospective customers, we realized there was a bit of a mismatch between our original idea and the market need. However, we saw clear demand for decentralized authentication.
We began meeting with crypto wallet providers. Many were talking about exposure of private keys, which is a common problem. That’s how we landed on Multiparty Computation (MPC) as an area with a lot of commercial potential.
What are you building?
We have developed an interactive protocol which allows a group of parties to do mathematical calculations on private data.
For example, the data could be keyshares by isolated computing nodes trying to calculate the signature for a transaction. The requirement is to produce a valid signature from a predetermined proportion of the nodes in the network, known as t out of n secret sharing.
It’s a hot problem that we latched onto and started to develop around.
We expose the protocol in our SDKs and libraries, which customers can use to distribute the signing process and overcome the problem of key exposure.
How is your solution being used today?
Our solution provides a good amount of freedom regarding what policies are set and how keyshares take place. We provide the tool, but don't dictate how it should be used.
There are a couple of ways our partners are using it.
One is browser plugin wallets that split the private key between the user’s browser and their phone.
Another design is to create a network which manages the keys on your behalf. You provide your ID, then the network runs a protocol (such as 5 out of 10 nodes) to get a valid signature.
A third design is to do one keyshare from the phone and one from the wallet provider. If our customer is a custodian holding a large volume of assets, they can also split their key between multiple directors and/or employees.
Are you targeting other market segments, in addition to crypto wallets?
MPC is a powerful tool that can be used for many purposes. We’ve been doing a lot of research and development around using it for privacy guarantees. For example, a number of financial institutions hold your financial data. If you now want to take out a loan, the lender needs access to your credit score. Traditionally, credit agencies scrape your data without you knowing and return a score. Your data passes through lots of hands, you have no control over what’s happening to it, it’s aggregated and vulnerable to attack. MPC can radically improve how this is done.
Another use case is Reg Tech (regulatory technology) including Anti Money Laundering (AML) compliance. To uncover money laundering, you need to collaborate with lots of partners. For example, if I’m a telco and you’re a bank, we can both reduce our risk by computing on the customers’ combined telco and banking history. Reg Tech providers currently can’t share private data with each other, but with privacy guarantees, these protocols can comply fully with GDPR and other applicable regulations.
We want to position this like Two-Factor Authentication, which is already well understood by consumers. The intention is that the user experience will be exactly the same. To deliver that, it has to work fast. Right now we have the fastest multiparty signing library in production, around 5 to 10x faster than other solutions.
Can you unpack the concept of Privacy Guarantees a bit please?
There’s a big misunderstanding around consent. Typically a service provider creates a super-long consent form and you tick to say you agree. What we are trying to champion is: One, the user interface should be clearer and Two, consent should not be one-time or one-directional. If I want to pull a piece of private data I previously provided, it should be removed from the entire ecosystem.
To make consent programmable, you need something like Multiparty Computation. MPC allows you to build more powerful and user-centric applications by guaranteeing decentralization of the computation.
In short, wherever multiple institutions have your data and want to collaborate without exposing your data to each other, that’s where our solution can help.
What do you see as the value of participating in DIF?
I heard about the hackathon through someone at DIF. I’ve been quite active on DIF’s Slack channel and hope to engage more formally soon.
I see two opportunities for Silence Labs. One is collaboration with others focused on similar topics, for example through a DIF working group. The other is about driving awareness. There’s little inherent ‘pull’ for privacy from companies, as they believe it’s just about compliance. But multiple surveys show there are business benefits too. For example, one survey showed that banks offering privacy guarantees can provide twenty percent more loans with less overall risk.
Last year we organized a conference, Decompute, where DIF was one of the partners. The event is happening again this year (in Singapore on 17 September) and we’re also interested in running an event in London. We see this as an opportunity to drive much more engagement from the decentralized identity community, as well as wider awareness beyond it.