Trusted Privacy Computing Research Report (2022): Definition, Core Elements, and Industry Outlook

On July 28, the industry’s first "Trusted Privacy Computing Research Report (2022)" was officially published by the Privacy Computing Alliance together with China Academy of Information and Communications Technology and other members, summarizing the development background, framework, core elements, practice paths, and future outlook of trusted privacy computing.

Data has become a strategic national resource; recent policies such as the 2020 State Council opinion and the 2022 Central Reform Committee meeting emphasize data as a production factor and call for the establishment of data ownership, processing, and product rights mechanisms, laying the legal foundation for a data‑in‑cipher era.

The report defines trusted privacy computing as a paradigm where security, usability, and privacy protection meet the design expectations of data providers, data demanders, and regulators throughout the entire lifecycle of data processing.

Five core elements are identified: security certifiability, privacy protection, process controllability, high efficiency and stability, and open universality. Security certifiability is highlighted as the primary element.

Security verification is performed through third‑party audits, authorized‑user checks, and fully open (open‑source) validation; Ant Group’s open‑source framework “YinYu” follows a three‑stage verification process before its official release.

The report also proposes a generic five‑level security grading for privacy‑computing products, reflecting the trade‑off between security, performance, and cost for different application scenarios.

Ant Group introduces Trusted Encrypted Computing (TECC), a novel privacy‑computing technique that combines trusted computing (TPM/TEE) with cryptography to achieve full‑stack encrypted computation, offering resistance to supply‑chain, side‑channel, and collusion attacks while delivering high performance (e.g., modeling billions of samples within an hour) and reliability (99.99%‑99.999% infrastructure‑level).

Privacy protection follows two core technical requirements: “dedicated‑use only” and “computable but not identifiable,” ensuring that data usage is authorized, auditable, and that personal identities cannot be derived from computation results.

In conclusion, trusted privacy computing, supported by robust security, efficiency, and openness, is positioned as the foundational technology for the emerging data‑in‑cipher era, and Ant Group commits to further innovation and ecosystem building.