bioETH-Beacon: A Confidential On-Chain Genomic Beacon with Encrypted Counts, Filters, and Bounded Noise over a Fully Homomorphic EVM
Pith reviewed 2026-06-26 14:51 UTC · model grok-4.3
The pith
bioETH-Beacon runs Beacon variant-count queries over encrypted genomic data on a fully homomorphic EVM without a trusted evaluator.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
bioETH-Beacon provides a research prototype for confidential Beacon-style genomic querying without a trusted compute evaluator by executing aggregate count queries over encrypted data on a fully homomorphic EVM, with results released only to named requesters through an on-chain ACL.
What carries the argument
The fhEVM smart contract that performs encrypted count, filter, and bounded-noise operations on genomic marker entries, structured as a 3x4 tier-by-query-family grid.
If this is right
- Queries remain hidden from hosts because both inputs and the computation occur in encrypted form.
- Bounded on-chain noise can be injected for genotype queries to reduce the effectiveness of repeated rare-variant probes.
- Pre-aggregation lowers gas when the presence of a marker can be treated as public information.
- Different tiers let users choose stronger confidentiality at higher cost or lower cost at reduced confidentiality.
Where Pith is reading between the lines
- If the gas and security assumptions hold, Beacon networks could expand to more institutions without exposing query patterns to any single party.
- The tiered structure implies that real deployments would need usage data to pick the right confidentiality-cost balance for different query families.
- The approach could be extended to other aggregate genomic statistics beyond simple counts if the fhEVM primitives support the required operations.
Load-bearing premise
A fully homomorphic EVM can perform the required encrypted count, filter, and noise operations at practical gas cost while preventing the membership-inference attacks the design targets.
What would settle it
A measurement showing either that membership-inference attacks succeed on the noisy outputs for realistic cohort sizes or that the gas cost of a single query exceeds feasible limits for typical Beacon deployments.
Figures
read the original abstract
The Global Alliance for Genomics and Health (GA4GH) Beacon protocol lets researchers ask whether a genomic variant has been observed in a participating cohort and receive aggregate variant-level counts. As Beacon networks grow, two privacy risks remain: host institutions can see plaintext queries, and repeated rare-variant queries can support membership-inference attacks. We present bioETH-Beacon, a smart-contract prototype that runs the Beacon "aggregate count" query over encrypted data on a fully homomorphic Ethereum Virtual Machine (fhEVM). Hospitals upload encrypted marker-count entries, authorized researchers submit encrypted marker queries, and the contract returns an encrypted answer that is released, via an off-chain key-management service, only to the requester named in the contract's on-chain ACL. The design is organized as a 3x4 tier-by-query-family grid spanning genotype, sex, age, and phenotype queries, with tiers that trade stronger confidentiality for lower query cost. For genotype paths, the prototype can add bounded on-chain noise to mitigate probing attacks. Experiments on synthetic panels derived from a Polygenic Score (PGS) catalog show the expected scaling behavior and demonstrate that pre-aggregation can substantially reduce query gas when public marker presence is an acceptable trade-off. Overall, bioETH-Beacon provides a research prototype for confidential Beacon-style genomic querying without a trusted compute evaluator.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper presents bioETH-Beacon, a smart-contract prototype on a fully homomorphic EVM (fhEVM) that supports confidential GA4GH Beacon-style aggregate count queries over encrypted genomic marker data. Hospitals upload encrypted counts; authorized researchers submit encrypted queries organized in a 3x4 tier-by-query-family grid (genotype/sex/age/phenotype); the contract computes an encrypted result that is released only to the ACL-specified requester via an off-chain key-management service. For genotype paths the design optionally adds bounded on-chain noise; synthetic experiments on PGS-derived panels are used to illustrate scaling behavior and gas savings from pre-aggregation when public marker presence is acceptable. The central contribution is framed as a research prototype that removes the need for a trusted compute evaluator.
Significance. If the unverified performance and privacy properties hold, the work would offer a concrete on-chain architecture for privacy-preserving Beacon queries that directly addresses host-visible plaintext queries and membership-inference risks without introducing a trusted evaluator for computation. The tiered design and pre-aggregation trade-off provide a practical starting point for balancing confidentiality and cost in genomic data sharing; the synthetic validation demonstrates feasibility of the scaling claims even if full security analysis is absent.
major comments (2)
- [Abstract] Abstract: the claim that the prototype 'provides a research prototype for confidential Beacon-style genomic querying without a trusted compute evaluator' is load-bearing yet unsupported by any gas-cost measurements, security proofs, or empirical evaluation that the bounded noise raises the bar against membership-inference attacks; the manuscript supplies only architecture description and synthetic scaling results.
- [Abstract] Abstract: the off-chain key-management service that performs ACL-gated decryption and release lies outside the 'no trusted compute evaluator' guarantee; because result release is part of the end-to-end query path, this component must be analyzed for its impact on the overall trust model.
Simulated Author's Rebuttal
Thank you for the constructive feedback on the abstract. We address the two major comments below, agreeing to revisions that better scope the claims and clarify the trust model.
read point-by-point responses
-
Referee: [Abstract] Abstract: the claim that the prototype 'provides a research prototype for confidential Beacon-style genomic querying without a trusted compute evaluator' is load-bearing yet unsupported by any gas-cost measurements, security proofs, or empirical evaluation that the bounded noise raises the bar against membership-inference attacks; the manuscript supplies only architecture description and synthetic scaling results.
Authors: The full manuscript includes synthetic scaling results that encompass gas-cost measurements demonstrating pre-aggregation benefits. We concur that formal security proofs and empirical membership-inference evaluations for the bounded noise are absent, as the work focuses on architectural design and feasibility. We will revise the abstract to precisely state the contributions as a prototype with design, ACL-based release, and synthetic scaling experiments, without overstating security guarantees. revision: yes
-
Referee: [Abstract] Abstract: the off-chain key-management service that performs ACL-gated decryption and release lies outside the 'no trusted compute evaluator' guarantee; because result release is part of the end-to-end query path, this component must be analyzed for its impact on the overall trust model.
Authors: The design intentionally separates on-chain homomorphic computation (no trusted evaluator) from off-chain result release via the key-management service for ACL enforcement. We agree that the end-to-end trust model requires explicit discussion. We will expand the manuscript to analyze the trust assumptions for the key-management service and its role in the query path. revision: yes
Circularity Check
No circularity in system-design prototype
full rationale
The manuscript describes an architectural prototype and experimental scaling results on synthetic panels; it contains no equations, fitted parameters, or derivation chain that could reduce to its own inputs by construction. All load-bearing claims rest on unquantified assumptions about fhEVM performance and noise efficacy rather than on any self-referential definitions or self-citation loops. The contribution is therefore self-contained as a design artifact.
Axiom & Free-Parameter Ledger
Reference graph
Works this paper leans on
-
[1]
Marc Fiume and Miroslav Cupak and Stephen Keenan and Jordi Rambla and Sabela de la Torre and Stephanie O. M. Dyke and Anthony J. Brookes and Knox Carey and David Lloyd and Peter Goodhand and Maximilian Haeussler and Michael Baudis and Heinz Stockinger and Lena Dolman and Ilkka Lappalainen and Juha T. Federated discovery and sharing of genomic data using. ...
2019
-
[2]
Fromont and Arcadi Navarro and Rahel Paloots and Manuel Rueda and Gary Saunders and Babita Singh and J
Jordi Rambla and Michael Baudis and Roberto Ariosa and Tim Beck and Lauren A. Fromont and Arcadi Navarro and Rahel Paloots and Manuel Rueda and Gary Saunders and Babita Singh and J. Dylan Spalding and Juha T. Human Mutation , volume =. 2022 , doi =
2022
-
[3]
2016 , doi =
A Federated Ecosystem for Sharing Genomic, Clinical Data , journal =. 2016 , doi =
2016
-
[4]
Shringarpure and Carlos D
Suyash S. Shringarpure and Carlos D. Bustamante , title =. American Journal of Human Genetics , volume =. 2015 , doi =
2015
-
[5]
Journal of the American Medical Informatics Association , volume =
Jean Louis Raisaro and Florian Tramer and Zhanglong Ji and Diyue Bu and Yongan Zhao and Knox Carey and David Lloyd and Heidi Sofia and Dixie Baker and Paul Flicek and Suyash Shringarpure and Carlos Bustamante and Shuang Wang and Xiaoqian Jiang and Lucila Ohno-Machado and Haixu Tang and XiaoFeng Wang and Jean-Pierre Hubaux , title =. Journal of the America...
2017
-
[6]
Journal of Cryptology , volume =
Ilaria Chillotti and Nicolas Gama and Mariya Georgieva and Malika Izabach. Journal of Cryptology , volume =. 2020 , doi =
2020
-
[7]
2024 , howpublished =
2024
-
[8]
Wu and Bonnie Berger , title =
Hyunghoon Cho and David J. Wu and Bonnie Berger , title =. Nature Biotechnology , volume =. 2018 , doi =
2018
-
[9]
BMC Medical Informatics and Decision Making , volume =
Miran Kim and Kristin Lauter , title =. BMC Medical Informatics and Decision Making , volume =. 2015 , doi =
2015
-
[10]
Proceedings of the National Academy of Sciences , volume =
Marcelo Blatt and Alexander Gusev and Yuriy Polyakov and Shafi Goldwasser , title =. Proceedings of the National Academy of Sciences , volume =. 2020 , doi =
2020
-
[11]
McLaren and Jean Louis Raisaro and Manel Aouri and Margalida Rotger and Erman Ayday and Istv
Paul J. McLaren and Jean Louis Raisaro and Manel Aouri and Margalida Rotger and Erman Ayday and Istv. Privacy-preserving genomic testing in the clinic:. Genetics in Medicine , volume =. 2016 , doi =
2016
-
[12]
IEEE/ACM Transactions on Computational Biology and Bioinformatics , volume =
Jean Louis Raisaro and Juan Ram. IEEE/ACM Transactions on Computational Biology and Bioinformatics , volume =. 2019 , doi =
2019
-
[13]
Shuang Wang and Xiaoqian Jiang and Haixu Tang and Xiaofeng Wang and Diyue Bu and Knox Carey and Stephanie O. M. Dyke and Dov Fox and Chao Jiang and Kristin Lauter and Bradley Malin and Heidi Sofia and Amalio Telenti and Lei Wang and Wenhao Wang and Lucila Ohno-Machado , title =. npj Genomic Medicine , volume =. 2017 , doi =
2017
-
[14]
Lambert and Laurent Gil and Simon Jupp and Scott C
Samuel A. Lambert and Laurent Gil and Simon Jupp and Scott C. Ritchie and Yu Xu and Annalisa Buniello and Aoife McMahon and Gad Abraham and Michael Chapman and Helen Parkinson and John Danesh and Jacqueline A. C. MacArthur and Michael Inouye , title =. Nature Genetics , volume =. 2021 , doi =
2021
-
[15]
2014 IEEE Symposium on Security and Privacy , pages =
Eli Ben-Sasson and Alessandro Chiesa and Christina Garman and Matthew Green and Ian Miers and Eran Tromer and Madars Virza , title =. 2014 IEEE Symposium on Security and Privacy , pages =. 2014 , doi =
2014
-
[16]
2020 IEEE Symposium on Security and Privacy , pages =
Sean Bowe and Alessandro Chiesa and Matthew Green and Ian Miers and Pratyush Mishra and Howard Wu , title =. 2020 IEEE Symposium on Security and Privacy , pages =. 2020 , doi =
2020
-
[17]
2018 , howpublished =
Eli Ben-Sasson and Iddo Bentov and Yinon Horesh and Michael Riabzev , title =. 2018 , howpublished =
2018
-
[18]
Malin , title =
Aref Asvadishirehjini and Murat Kantarcioglu and Bradley A. Malin , title =. 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA) , pages =. 2020 , publisher =
2020
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.