Ant Group Open‑sources the Trusted Privacy Computing Framework “YinYu” and Outlines Its Role in the Emerging Data Confidentiality Era

On July 4, Ant Group announced the global open‑source release of the trusted privacy computing framework “YinYu,” a comprehensive stack integrating mainstream privacy‑preserving technologies, designed for security verification and developer friendliness.

The National Information Center identified five major challenges in data element circulation—ownership, regulation, trust, pricing, and entry—rooted in the ease of copying plaintext data, which can lead to uncontrolled distribution and severe consequences.

Experts predict a transition to a "Data Confidentiality Era" where data flows in encrypted form, separating ownership, usage, and operation rights to support safe, healthy development of the data element industry.

Trusted privacy computing is seen as the most promising supporting technology for this era, and “YinYu” aims to provide a secure, easy‑to‑use, community‑driven infrastructure.

Recent policies treat data as a production factor alongside land, labor, capital, and technology, prompting the need for robust legal frameworks such as the Cybersecurity Law, Personal Information Protection Law, Cryptography Law, Data Security Law, and the Civil Code.

Research highlights the five difficulties of data element development—ownership, regulation, trust, pricing, and entry—exacerbated by the replicability of plaintext data.

Data confidentiality separates ownership, usage, and operation rights, laying a foundation for the industry's healthy growth.

Since 2022, the industry is expected to leave the plaintext era behind and fully embrace data confidentiality.

Privacy computing, defined by academia as protecting privacy throughout the data lifecycle, and by industry as privacy‑preserving computation, together provide essential protection capabilities.

Trusted privacy computing must meet design expectations for security, usability, and privacy protection, encompassing verifiable security, privacy safeguards, controllable processes, high efficiency, stability, and openness.

The most potent supporting technology for the data confidentiality era is trusted privacy computing.

Privacy computing concepts have evolved, with distinctions between academic definitions (Privacy Computing) and industry focus (Privacy‑Preserving Computation), both crucial for future data protection.

Trusted privacy computing is defined as a system that, during operation, fulfills security, usability, and privacy protection expectations for data providers, data consumers, and regulators, featuring verifiable security, privacy safeguards, controllable processes, high efficiency, stability, and openness.

Ant Group’s privacy computing stack includes hardware‑software integration (secure chips, acceleration cards, tamper‑proof enclosures), trusted execution environment foundations (Occlum, HyperEnclave), and the top‑level application layer represented by the open‑source “YinYu” framework.

Security verification for “YinYu” follows three stages: internal security review, public open‑source vulnerability bounty (SRC), and a rigorous third‑stage back‑to‑back professional security assessment, aiming for a fourth‑level deep inspection security requirement.

Compliance challenges vary across countries; the framework must first meet domestic regulations and then flexibly support international requirements.

Scenario‑specific adaptation of privacy computing requires evaluating applicability, security level, performance, cost, and usability to select appropriate technologies.

In conclusion, the data confidentiality era will see data flow securely from creation to destruction, with trusted privacy computing playing a pivotal role in ensuring security, usability, and privacy across all stakeholders.