Skip to content
zkDB
Capability

Cloud Infrastructure

Verifiable outsourced computation across Snowflake, BigQuery, Databricks, and bespoke clouds — proof that policy was enforced, not just claimed.

Cloud Infrastructure — zero-knowledge database (zkDB) for verifiable, privacy-preserving data

The thesis

Every cloud relationship is built on a layer of unverifiable claims: "we encrypt at rest," "we honor your deletion request," "we never use your data for training," "your data does not leave the EU." Customers have no way to check. Cloud providers have no way to prove. The result is an annual SOC 2 audit, a paper trail nobody reads, and a steady drumbeat of regulatory enforcement actions.

zkDB shifts this from "trust the vendor's word" to "verify the vendor's proof."

Where we engage

Verifiable outsourced analytics

Your data warehouse (Snowflake, BigQuery, Databricks, Redshift) runs queries on behalf of your business units. With zkDB instrumentation, every query result ships with a proof that the result was correctly computed on the committed customer dataset — under the customer's row-level security policy, masking rules, and access controls. Internal audit verifies; the data team produces no extra evidence.

Proof-of-deletion

When a customer invokes a right-to-be-forgotten request (GDPR Art. 17, CCPA), the vendor produces a proof that the affected records are not present in the current committed dataset. Today this is a manual SQL-and-screenshot exercise. With zkDB, it is a 50-millisecond cryptographic check that the customer can run themselves.

Proof-of-non-use for AI training

Foundation-model vendors commit to their training corpus. When an enterprise customer asks "are my API queries in your training set?", the vendor produces a proof of non-membership. Today there is no honest answer. With zkDB, the contractual clause becomes mathematically enforceable.

Closely related: verifiable RAG — retrieval-augmented-generation answers cite sources provably drawn from a committed corpus, not hallucinated.

Schrems II and sovereign-cloud architectures

EU customer data stays in the EU. The proof of correctness travels. A non-EU verifier — head office in NY, supplier in Singapore — checks the proof without ever seeing rows. The Transfer Impact Assessment becomes a paragraph instead of a binder.

Relevant frameworks: GDPR · Schrems II · EU Data Act · EU AI Act · UK Data Protection Act · California CPRA.

Multi-tenant policy enforcement proofs

A SaaS vendor proves that no analyst query ever returned data identifying an individual below the k-anonymity threshold, on the customer's committed dataset. The customer's DPO accepts the proof, not the access log.

Verifiable cloud-to-cloud data movement

Cross-cloud pipelines (Snowflake ↔ Databricks ↔ S3 ↔ on-prem) emit proofs at each hop that the data leaving stage N is the deterministic transform of the data entering stage N. Provenance becomes mathematical, not metadata.

How an engagement is shaped

Cloud-infrastructure engagements typically involve three parties: the cloud customer (the enterprise asking for verifiability), the cloud vendor (the entity producing the proof), and our firm (the architect bridging them). We work in two modes:

  • Customer-led engagement — the customer engages us to specify the verifiability requirement and negotiate it into the vendor relationship. The proof flow then becomes a contractual deliverable.
  • Vendor-led engagement — the cloud vendor engages us to ship a verifiable-mode capability across its multi-tenant fleet. The reference architecture becomes a product capability the vendor markets to its enterprise tier.

Both modes are common. The customer-led path is faster to first proof; the vendor-led path scales to ten- and hundred-customer rollouts.

What we typically deliver

  • Verifiability requirements document (translated into a vendor RFP-ready clause)
  • Reference architecture for the chosen warehouse / lakehouse
  • Circuit specifications for the customer's policy-enforcement function (row-level security, masking, masking-with-tokenization, k-anonymity)
  • Prover and verifier libraries
  • Key-custody design and rotation playbook
  • Compliance evidence package keyed to SOC 2 CC, ISO 27001 controls, GDPR Art. 28, the EU AI Act's high-risk-system requirements

Request a briefing

Reserved for principals at cloud-customer enterprises (CTO, CISO, Head of Data Platform, DPO) and at cloud / SaaS vendors (Head of Trust, Head of Engineering, Head of Compliance Engineering). Request a briefing →

Engagement

Bring us your hardest data trust problem.

Briefings are confidential, deeply technical conversations with our principals. We work with regulated enterprises, central institutions, and serious research programs.

Request a Briefing
Confidential by defaultResponse in 3 business days