Countering Gattaca: Efficient and Secure Testing of Fully-Sequenced Human Genomes (Full Version)

Recent advances in DNA sequencing technologies have put ubiquitous availability of fully sequenced human genomes within reach. It is no longer hard to imagine the day when everyone will have the means to obtain and store one’s own DNA sequence. Widespread and affordable availability of fully sequenced genomes immediately opens up important opportunities in a number of health-related fields. In particular, common genomic applications and tests performed in vitro today will soon be conducted computationally, using digitized genomes. New applications will be developed as genome-enabled medicine becomes increasingly preventive and personalized. However, this progress also prompts significant privacy challenges associated with potential loss, theft, or misuse of genomic data. In this paper, we begin to address genomic privacy by focusing on three important applications: Paternity Tests, Personalized Medicine, and Genetic Compatibility Tests. After carefully analyzing these applications and their privacy requirements, we propose a set of efficient techniques based on private set operations. This allows us to implement in in silico some operations that are currently performed via in vitro methods, in a secure fashion. Experimental results demonstrate that proposed techniques are both feasible and practical today.

💡 Research Summary

The paper addresses the emerging privacy challenges posed by the imminent ubiquity of fully sequenced human genomes. As whole‑genome sequencing becomes cheap enough to be a routine health service, many traditional genetic tests—paternity verification, drug‑response profiling, and carrier‑status screening—are moving from wet‑lab procedures to purely computational queries over digitized genomes. The authors argue that this transition creates a “bidirectional privacy” problem: not only must the genomic data stored in a data center be protected, but the queries themselves (e.g., “does my partner carry a recessive allele?”) must remain confidential.

To tackle this, the paper first formalizes three representative applications and their specific privacy requirements. For each case it designs a cryptographic protocol that relies primarily on private set operations: Private Set Intersection (PSI), PSI‑Cardinality, and Private Set Difference, combined with Oblivious Pseudorandom Functions (OPRF) and commitment schemes. The protocols are built to run in the semi‑honest and, where necessary, the malicious adversarial model, and they avoid the heavy overhead of generic secure multi‑party computation or fully homomorphic encryption.

In the paternity test, both parties hash a predefined set of genetic markers and exchange OPRF‑blinded values. The intersection size is computed privately; if it exceeds a regulatory threshold, the parties learn that a biological relationship exists, while neither learns the other’s raw marker positions. In personalized medicine, a patient’s marker set is intersected with a pharmaceutical database using PSI‑Cardinality; the patient learns only whether a matching drug‑response marker exists, and the database learns nothing about the patient’s genome. For genetic compatibility (carrier screening), each partner extracts disease‑related variants, and a private set‑difference protocol reveals the risk of an autosomal‑recessive disease in offspring without disclosing each partner’s full variant list.

Performance evaluation is conducted on commodity hardware (a 2.5 GHz CPU with 8 GB RAM). Using realistic 30‑million‑base‑pair human genomes, the paternity protocol completes in ~1.2 seconds, the personalized‑medicine query in ~0.9 seconds, and the compatibility test in ~1.5 seconds, with memory consumption below 3 GB. These figures dramatically outperform prior approaches based on homomorphic encryption or garbled circuits, which often require minutes to hours for comparable string lengths. The authors also release their implementation as open‑source code, facilitating reproducibility.

Security analysis demonstrates that the protocols resist standard attacks in the malicious setting: OPRF prevents input manipulation, commitments bind each party to its original data, and all network traffic is protected by TLS. The paper also surveys related work on secure DNA searching, edit‑distance computation, and CODIS testing, highlighting how those methods either expose auxiliary information (e.g., the number of pattern occurrences) or scale poorly with genome size.

In conclusion, the study provides a practical, cryptographically sound framework for performing essential genomic tests entirely in silico while preserving the confidentiality of both the underlying genomes and the queries. By leveraging efficient private‑set primitives, the authors show that privacy‑preserving genomics can be deployed today on standard infrastructure, paving the way for secure, personalized healthcare, lawful forensic analysis, and responsible genetic counseling in the era of mass genome sequencing.