Risk Computed Without Seeing.
Driver encrypts their driving pattern. Insurer calculates a discount. Without anyone knowing where or when the driver drove.
Scenario
A telematics app collects speed, braking, distance, time of day. Today it sends everything in cleartext to the insurer. Invasive UBI.
Problem
UBI adoption is limited by privacy pushback. Those who accept are already the wrong segment for the insurer.
Guarantee
Under FHE: features encrypted in the app. Insurer computes the score under encryption. Returns a discount factor. No persistent profile.
Define the parameters.
Before encrypting the driving pattern, we choose CKKS parameters. CKKS is the natural scheme for actuarial scoring over feature vectors.
Capacity · CKKS
What each term means
CKKS ("approximate" scheme) — FHE family for real numbers. Controlled approximation noise (~10⁻¹⁰). The standard for actuarial scoring and risk models — exactly what UBI needs.
8 192 slots — Each ciphertext is a vector of 8 192 values. The 8 telematics features fill 8 slots; the rest stay zero. A single ciphertext carries the full weekly driving pattern.
Multiplicative depth 3 — How many chained multiplications are supported. Linear scoring (Mul + InnerSum + Add bias) consumes few levels.
~128 bits of security — Industry standard. Breaking the key would require ~2128 operations.
RLWE base — Same mathematical problem behind ML-KEM/ML-DSA standardized by NIST as post-quantum cryptography.
Keys generated on the phone.
The secret key is born inside the telematics app on the driver's phone. It never leaves. The insurer only receives the public key — it can encrypt commands to the driver, but can never decrypt anything from the driver without explicit consent.
Generated keys
Why this matters for UBI
Driver controls the data — The difference vs traditional UBI is fundamental: today, by installing the app, the driver hands over perpetual control of movement data. Under FHE, they keep the key — they can revoke the service at any moment and the insurer literally cannot read anything that was already sent.
Reduces consent fatigue — Because the data is never in cleartext on the insurer's server, the "I accept sharing X, Y, Z" screen can be drastically simplified. The user accepts "compute my discount" without having to enumerate every field used.
Local extraction before encryption.
The 8 features below are the result of a processing pipeline that ran locally on the phone, in cleartext, over raw GPS + accelerometer data for the week.
Weekly aggregated pattern
What sits behind each number
Raw data (stays on the phone) — In a typical week, the app captures ~10-50k GPS points + ~500k accelerometer samples (100 Hz). This raw data is highly identifying (it reveals routes, addresses, exact times) and NEVER leaves the phone.
Local feature extraction — A pipeline runs on the device itself: it computes speed from GPS deltas, detects braking events via accelerometer spikes (< -2 m/s²), classifies time of day, tags urban vs highway context via POI density. All in cleartext, locally.
Only the aggregate is encrypted — The 8 aggregated features are enough for actuarial scoring — it is the pattern Progressive Snapshot and Root Insurance have used for a decade. Raw data stays private by construction.
What the insurer receives.
The insurer receives ~1 MB of pseudo-random bytes. Without the secret key (which stayed on the phone), these bytes are indistinguishable from pure noise. Even under court order, the insurer has nothing to hand over.
Byte sample
74 65 78 74 4d 65 74 61
44 61 74 61 22 3a 7b 22
53 63 61 6c 65 22 3a 7b
...
Why this changes the game
No persistent profile — The insurer today stores months of movement history on its own servers. Under FHE, it stores ciphertext — with no key and no ability to process it outside the authorized query context.
Breach resistant — If the insurer is hacked (and large insurers are constant targets), the attacker walks away with just ciphertext. They cannot infer where any driver has driven.
CLOUD Act compatible — Global insurers can host on US cloud without violating Brazilian LGPD. The data was never in cleartext outside the driver's phone.
Actuarial model under encryption.
The insurer applies its linear actuarial model (public weights for each feature) over the encrypted behavior vector. The result is a risk score — still encrypted.
The algorithm
weights := [+0.4, +1.5, +0.3,
-0.2, +1.2, +0.8,
+0.1, +0.6]
bias := -0.5
// score = bias + Σ(weight·feature)
ctMul := evaluator.Mul(ctF, weights)
evaluator.Rescale(ctMul)
ctScore := evaluator.InnerSum(ctMul)
evaluator.Add(ctScore, bias)
What each weight means
Positive weights (raise risk) — hard braking (+1.5), hard acceleration (+1.2), nighttime driving (+0.8), bad weather (+0.6).
Negative weights (lower risk) — business hours (-0.2). Pattern of a driver who only drives during work hours.
Weights are public — The insurer publishes model weights so drivers can understand and audit how the discount is computed. That matters because the EU AI Act requires explainability in automated decisions affecting consumers.
Encrypted compute — The weights are public, but the feature vector is encrypted. Multiplying plaintext × ciphertext stays ciphertext. Result: encrypted score.
Driver decrypts.
FHE vs plaintext.
Dishonest insurer.
- 1 — Infer individual features from score1 number, 8 unknowns. Under-determined.
- 2 — Repeated queries (weeks)Added DP blocks this. And repeated queries require fresh consent.
- 3 — Recover skRing-LWE at N=16384. Infeasible.
Private UBI.
Flow
- App encrypted driving pattern locally
- Sent ciphertext to the insurer
- Insurer computed score under encryption (26 ms)
- Returned encrypted discount factor
- Driver decrypted: 12.2% discount