Factual Demonstration

Sovereignty You Can Compute.

Brazil's Federal Revenue Service and Social Security cross-reference their bases to detect fraud — without any server ever seeing individual data, and with 4 authorities mandatorily authorizing decryption.

The Scenario

Federal Revenue Service and INSS suspect social security fraud. They want to cross-reference their databases to find shared taxpayer IDs. Today this requires complex inter-agency agreements.

The Mechanism

Each agency encrypts. A neutral server computes the intersection under encryption. Decryption requires a 4-of-4 quorum (Revenue + INSS + AGU + ANPD).

The Guarantee

Triple: technical (ciphertext), legal (quorum), political (public audit). A foreign cloud can host it — it cannot see anything even under the CLOUD Act.

Step 01 · Setup

Define the parameters.

Before any encryption, we choose the FHE scheme parameters. Each parameter is a trade-off between security, speed and computational capacity.

BGV parameters for this case

8 192Slots/ciphertext

2Mult. depth

EXACTScheme type

~128 bitSecurity

What each term means

BGV ("exact" scheme) — Homomorphic encryption family that operates over integers. It has no approximation noise. The result is always bit-identical to the plaintext computation. Ideal for counts, SQL queries and boolean logic.

8 192 slots — An FHE ciphertext is not a single value: it is a vector of 8 192 packed values. You operate on all 8 192 at once with a single operation. This native "batching" is what makes FHE viable at scale.

Multiplicative depth 2 — How many chained multiplications a ciphertext supports before becoming unstable. Each multiplication consumes 1 level. More depth = more computation possible, but also slower and more expensive.

~128 bits of security — Industry standard. It means brute-forcing the key would require ~2¹²⁸ operations — an astronomical number, infeasible even for foreseeable quantum hardware.

RLWE base — Ring Learning With Errors. The mathematical problem underpinning all security. It is the same problem over which NIST standardized the next generation of post-quantum cryptography (ML-KEM, ML-DSA).

Step 02 · Threshold

Four parties.

The decryption key is split among 4 entities. Each one represents a distinct control vector.

⚿
Federal Revenue Service
Fiscal data source
Share 1/4
⚿
INSS
Social security data source
Share 2/4
⚿
AGU
Legal custodian
Share 3/4
⚿
ANPD
Privacy custodian
Share 4/4

Step 03 · Encryption

Each agency encrypts locally.

Each agency prepares its list of flagged taxpayer IDs as a binary vector and encrypts it with the consortium public key (generated via threshold in step 2). Only the ciphertext leaves the agency's data center.

Example · what Revenue prepares

// Revenue's internal list
flagged_ids := [
  "123.456.789-00",
  "987.654.321-11",
  // ... ~100 IDs
]

// Binary vector (1 = flagged)
vec := listToVector(flagged_ids)
pt := encoder.Encode(vec)
ct := encryptor.Encrypt(pt)

// Only ct is shared
send(ct)  // 384 KB

3 msEncryption per agency

384 KBCiphertext

Why this format

Binary characteristic vector — Instead of encrypting the list of IDs as strings, we convert it into a binary vector where each position represents an ID in the universe. 1 = in the list, 0 = not. This format lets the intersection (step 4) become simply an element-wise multiplication.

Encryption before sharing — The difference vs traditional linkage: the vector is encrypted inside the agency's data center. At no point does a cleartext copy exist outside.

3 ms per agency — Real measured time. Negligible compared to the time of any traditional inter-agency agreement (months for approval).

INSS does the same — In parallel, INSS prepares its own list, encrypts with the same consortium public key, and sends it. The two ciphertexts travel to the neutral server independently.

Step 04 · Server

Neutral server computes intersection.

The neutral server receives both ciphertexts and runs an element-wise multiplication followed by InnerSum. All encrypted, from start to finish. The server can even be on a foreign cloud — it has no key to decrypt.

The algorithm · pseudo-code

// 1. element-wise multiply
ctIntersec := evaluator.Mul(
  ctRevenue, ctINSS
)
evaluator.Relinearize(ctIntersec)

// 2. sum all slots
ctCount := evaluator.InnerSum(
  ctIntersec, 1, slots,
)

// → ctCount holds the count
// server cannot see it

44 msTotal time

0Bytes decrypted

What is happening

Encrypted multiplication (logical AND) — The key FHE property is that multiplying two ciphertexts decrypts to the product of the plaintexts. Since our vectors are binary (0 or 1), the slot-wise product is exactly AND: it equals 1 only when BOTH are 1 — that is, only for IDs that appear in both lists.

InnerSum (counting) — Sums every slot of the encrypted vector to obtain the total count of IDs in the intersection. Internally it uses Galois rotations.

Foreign cloud can host it — The server may physically sit in the US, Europe, anywhere. Without the key (distributed among the 4 Brazilian parties), it only sees pseudo-random bytes. Even under the US CLOUD Act, it has nothing to hand over.

44 ms for 100 IDs — In real production with millions of IDs per agency, the same pattern scales via slot batching — each ciphertext supports 8 192 IDs in parallel.

Step 05 · No quorum

Attempt blocked.

What happens if only Revenue and INSS try to decrypt without AGU and ANPD?

✓
Federal Revenue Service
Authorized
✓
INSS
Authorized
✗
AGU
Absent
✗
ANPD
Absent

Decryption rejectedQuorum 2/4 — below the minimum. The result stays mathematically inaccessible. Neither the server nor individual agencies can see anything.

Step 06 · With quorum

Four authorize.

Now the 4 parties cooperate. Each contributes its share. The result is decrypted and revealed.

✓
Federal Revenue Service
Share OK
✓
INSS
Share OK
✓
AGU
Share OK
✓
ANPD
Share OK

Revealed result

Shared IDs

Step 07 · Validation

Mathematical comparison.

To prove that the encrypted computation produced the same result as a traditional plaintext linkage, we compare them side by side.

FHE vs Plaintext

30Expected (plaintext)

30Found (FHE)

0False positives

0False negatives

Exact matchBGV is an exact scheme. The result is bit-identical to the plaintext computation.

Why this precision matters

Fiscal linkage demands exactness — Unlike risk scoring or recommendation (where CKKS approximation is acceptable), a fiscal/social security operation cannot have error. A single wrong ID can become an administrative case. BGV guarantees zero error.

Public audit — Because the result is mathematically verifiable (BGV is deterministic on the final result), any auditor can rerun the same operation on the same ciphertexts and get exactly the same count. Reproducibility is part of the legal guarantee.

Defense against contestation — If a flagged ID challenges the linkage in court, the court can audit the entire process (without seeing the other agencies' data) and mathematically confirm the linkage was performed correctly.

Step 08 · Adversarial

The scenarios.

Malicious party

One of the 4 turns malicious? It cannot decrypt alone. It needs to convince 3 others. Every decryption writes an auditable log.

Foreign cloud

CLOUD Act orders data delivery? The cloud only stores ciphertext. It has no key. It has nothing readable to hand over.

Key leak

One of the 4 keys leaks? The system is not compromised. 3 others are still needed. In a 4-of-7 production setup, losing up to 3 keys does not compromise it.

Recover sk from pk

Solving Ring-LWE at N=8192 → ~2¹²⁸ operations. Infeasible.

Step 09 · Summary

Triple institutional guarantee.

Technical + legal + political guarantee in a single architecture. The model does not rely on "trusting the operator" — it works even if the operator is malicious.

The complete flow

Defined BGV parameters (exact scheme)
Key split into 4 shares: Revenue + INSS + AGU + ANPD
Each agency locally encrypted its list
Neutral server computed the intersection under encryption (44 ms)
Attempt without quorum was mathematically blocked
Decryption with 4 authorizations revealed 30 shared IDs
Validation confirmed an exact match with plaintext

Real numbers

3 msEncryption per agency

44 msServer

384 KBPer ciphertext

EXACTPrecision

3 eBooks use this primitiveGovernment (inter-agency linkage) · Hospitals (international tumor board) · Pharma (DSMB authorizing interim analysis in a clinical trial).

The core thesisToday inter-agency linkage relies on "good-faith agreements" and takes months to approve. Under FHE + threshold, collaboration becomes verifiable mathematics: fast, auditable and impossible to subvert by any individual actor. It is the only architecture defensible in the long run for state operations over citizen data.