01healthcare · live
Cardio-renal cohort
4 hospitals · EU + US + CH
“Multi-jurisdiction cohort study with on-chain co-approval. The aggregate is signed; the rows are not.”
1.6M records
zero rows leave silos · DP-aggregate out
Private AI-Daten · Compute-to-Data
Compute reist. Daten bleiben.
Am Ursprung versiegelt. On-chain per Multi-Sig. Nur das vereinbarte Aggregat verlässt die CVM, signiert.
Daten-Topologie · 5 versiegelte Quellen
Daten haben Gravitation · Compute reist
EU-West · sealed
Hospital A
820k EHR
EU-North · sealed
Hospital B
410k imaging
US-East · sealed
Bank C
12M tx
APAC · sealed
Research D
56k samples
CH · sealed
Lab E
230k assays
analysis CVM
TDX + H100
cohort risk model
cpu
gpu
mem
multi-sig owner · 5 / 5
DstackApp.sol · 0x73c2…be09
signed output
dp-aggregate
ε = 1.5 · ✓ verified
receipt
sig chains TDX root + on-chain DstackApp
an der Quelle versiegelt
attestierte Berechnung
signiertes Aggregat aus
multi-party studies on dstack
Cross-silo cohorts running today.
Each consortium pins a single compose-hash; KMS only releases per- dataset keys when every owner has signed off through the multi-sig DstackApp owner.
show cohorts withcriteria 1≥ 3 ownersandcriteria 2multi-jurisdictionandcriteria 3HIPAA / GDPR-grade
name
owners
records
criteria 1
criteria 2
criteria 3
status
Cardio-renal cohort study
healthcare research
4
1.6M
match
match
match
live
Cross-bank fraud signals
financial · AML
6
78M
match
match
partial
live
Rare-disease genomics
genomics · research
3
54k
match
match
match
live
Supply-chain risk benchmark
B2B intelligence
8
12M
match
match
miss
forming
ICU readmission cohort
clinical operations
5
320k
match
match
match
forming
Insurance claim adjudication
insurance · ops
2
4M
miss
miss
partial
forming
Match / partial / miss reflect on-chain state of each consortium's DstackApp multi-sig vs the criteria.
So funktioniert es
Führen Sie einen Compute-to-Data-Run end-to-end durch.
Schalten Sie dstack aus, um zu sehen, wie die zentrale Pipeline wieder Zeilenzugriff erhält.
Compute-to-Data auf dstack
Versiegelte Daten bleiben am Ursprung · das Modell reist · Freigaben durch mehrere Eigentümer für jeden Schlüssel-Release
aktiver Edgeinaktivneu in Schritt
Schritt 1 of 5 · scroll-aware1
Schritt 1 / 5Versiegelung an der Quelle
Jeder Eigentümer führt ein lokales Sealing-CLI aus: HKDF(kms_root_pubkey, analysis_app_id, analysis_compose_hash, owner_id). Verschlüsselt den Datensatz und veröffentlicht Ciphertext. Eigentümer senden niemals Klartext oder Schlüssel. Rezept ändern → Schlüssel passt nicht mehr.
With dstack: Gestohlener Ciphertext ist nutzlos. Der Wrap-Key wird nur innerhalb einer attestierten CVM neu abgeleitet, deren Compose-Hash übereinstimmt.
Führen Sie Multi-Party-Studien dort aus, wo Ihre Daten liegen.
CLI · Versiegelung
Each owner runs the local sealing script (HKDF-derived wrap-key bound to the analysis compose-hash). Plaintext never leaves the silo; only ciphertext + a recipe-bound envelope is published.
CLI
$ python seal-dataset.py \--owner hospital-A \--in cohort-A.parquet→ HKDF wrap-key derived→ ./sealed/cohort-A.tar5.8M rows · 1.2 GB
OWNER UI
compose-hash0xa42…d1f
Hospital A0x91d…0c4
Hospital B0x4ef…7a2
Hospital Cawaiting
2 / 4 quorumawaiting
Freigabekonsole
Owners review the public compose-hash, then sign the multi-sig that owns DstackApp. Threshold-of-N before any key is released.
REST + Sign-RPC
Submit the analysis compose, fetch the signed aggregate. Every response carries a Sign-RPC envelope chained to TDX root + on-chain DstackApp.
API
POST/v1/runs
{ compose, owners }GET/v1/runs/{id}
200 · sig + payloadverifies on-chainSDK
from phala.dstack
a = unwrap("A/cohort.tar")b = unwrap("B/cohort.tar")m = train(pd.concat([a, b]))phala.emit_signed(m.summary())# DP · ε = 1.5Python in der CVM
Inside the analysis CVM, unwrap_dataset() asks dstack-guest-agent for per-owner keys. Joins, embeddings, and model passes — all in TDX-encrypted memory.
sealed dataset · cohort-A.tar
1.6M rows
ownerhospital-Aanalysis-app-id0x4f6a…91c0analysis-compose-hash0xa42b…d1f3wrap-keyHKDF(kms, app, compose, owner)algoAES-256-GCM
SealedHIPAAGDPRnever-exits-silorecipe-bound
Am Ursprung versiegelt, Schlüssel nur bei Quotenabgleich abgeleitet
Each owner's wrap key is HKDF(kms_root, app_id, compose_hash, owner_id). Change the recipe and the key changes — old ciphertext is permanently locked out. The wrap key itself only re-derives inside an attested CVM whose compose-hash matches.
DstackApp.sol · 0x73c2…be09
multi-sigHospital Asigned0x91d…0c4
Hospital Bsigned0x4ef…7a2
Hospital Csigned0xab1…d56
Hospital Dpending—
3 / 4 quorumkey release · waiting
Quorum-gesichertes Entsiegeln, on-chain
DstackApp.sol holds the compose-hash. KMS only releases per-owner keys when every required owner has signed off through the multi-sig. Any single owner can revoke globally with one on-chain transaction — no coordination needed.
in production today · 3 live consortia
Compute-to-data, in production.
Cohorts where one breach used to mean everyone’s breach. Now: sealed at source, approved on-chain, signed aggregate out.
02financial · live
Cross-bank fraud signals
6 banks · US + UK + SG + DE
“Joint AML model trained without any bank seeing another bank’s ledger. The model file IS the receipt.”
78M transactions
k-of-n quorum · Sign-RPC envelope
03B2B · forming
Supply-chain risk benchmark
8 vendors · US + EU + APAC
“Federated benchmark whose output type is locked to the registered compose. No back-channel exfiltration.”
12M records
output type bound to compose-hash
HIPAA-grade
sealed clinical cohorts
GDPR / UK GDPR
data residency preserved
PCI / FFIEC
cross-bank joins on-chain gated
SOC 2 Type II
attested run history
KI-Lösungswege
Verwenden Sie private Modelle, wenn KI mit Geheimnissen interagiert.
Der private Modell-Endpunkt ist der erste Einstiegspunkt. Dieselbe Datenschutz-Primitive lässt sich auf Agents, Daten-Workflows und Training ausweiten.
LLM API
Private AI-Inferenz
OpenAI-kompatible Modellaufrufe bereitstellen, bei denen Prompts, Outputs und Kundenkontext Schutz durch Verschlüsselung während der Nutzung benötigen.
DeepSeek V3.1
128K
$0.27/M input
Qwen3 Coder
256K
$0.40/M input
Llama 3.3 70B
128K
$0.15/M input
GPT OSS 120B
128K
$0.10/M input
Claude Sonnet 4.5
200K
$3.00/M input
Gemini 2.5 Pro
1M
$1.25/M input
Agents
Private KI-Agenten
Agenten mit Schlüsseln, Tools, Speicher und Aktionen in einer verifizierten Laufzeit ausführen statt in einer sichtbaren Automatisierungs-Cloud.
Training
Private Modelltrainings
Passe Modelle an proprietäre Daten an, während Datensätze, Gradients, Checkpoints und Evaluations-Traces innerhalb der Grenze bleiben.
private training run
Observe without exposing weights.
01
dataset
sealed
02
fine-tune
running
03
eval
private
04
checkpoint
verified
loss curve
proof attached
attestation.json
Run compute-to-data
Compute reist. Daten bleiben.
Datensätze an der Quelle versiegelt. Multi-Sig-Freigabe on-chain. Nur die vereinbarte Aggregation verlässt die CVM, signiert.
- 01Owner-side sealing CLI
- 02Multi-sig DstackApp gate
- 03Combined CPU + GPU TEE
- 04Sign-RPC aggregate output
- 05Any owner revokes globally
Private Ausführung. Verifizierbare Ergebnisse.
Newsletter
© 2026 Hashforest Technology. Alle Rechte vorbehalten. Datenschutz • Nutzungsbedingungen