In a secure analytics platform, data sources consent to the exclusive use oftheir data for a pre-defined set of analytics queries performed by a specificgroup of analysts, and for a limited period. If the platform is secure under asufficiently strong threat model, it can provide the missing link to enablingpowerful analytics of sensitive personal data, by alleviating data subjects'concerns about leakage and misuse of data. For instance, many types of powerfulanalytics that benefit public health, mobility, infrastructure, finance, orsustainable energy can be made differentially private, thus alleviatingconcerns about privacy. However, no platform currently exists that issufficiently secure to alleviate concerns about data leakage and misuse; as aresult, many types of analytics that would be in the interest of data subjectsand the public are not done. CoVault uses a new multi-party implementation offunctional encryption (FE) for secure analytics, which relies on a uniquecombination of secret sharing, multi-party secure computation (MPC), anddifferent trusted execution environments (TEEs). CoVault is secure under a verystrong threat model that tolerates compromise and side-channel attacks on anyone of a small set of parties and their TEEs. Despite the cost of MPC, we showthat CoVault scales to very large data sizes using map-reduce based queryparallelization. For example, we show that CoVault can perform queries relevantto epidemic analytics at scale.<br
