Frequently Asked Questions (FAQs)
Answers to questions covering the purpose, methods, and organization behind the SecureDNA system
Why screen DNA synthesis?
DNA synthesis is essential to biotechnology, which promises a healthier and more sustainable future. But in the wrong hands, it could do great harm. While the vast majority of DNA sequences are harmless and should be available to all researchers, only authorized researchers using appropriate facilities should be able to obtain DNA permitting them to assemble deadly agents like the virus responsible for the 1918 influenza pandemic – let alone new pandemic-capable agents that will be identified in the future.
Synthesis screening is key to preventing dangerous pathogens from being synthesized - with all of the consequences that could follow:
Public health: An engineered pandemic could have health outcomes orders of magnitude worse than COVID-19. Screening helps you protect against this risk.
Regulation: We expect new U.S. federal regulation to require DNA synthesis screening, alongside potential regulation in other jurisdictions.
Potential liability: Synthesis companies might be held liable (e.g. under negligence) for failing to implement safeguards if they inadvertently synthesized hazardous pathogens. This is likely to become increasingly difficult to defend against.
What is SecureDNA?
SecureDNA is a free, non-profit screening platform designed to safeguard DNA synthesis everywhere.
Built to keep customer data secure, it uses a privacy-preserving cryptographic algorithm that checks very short DNA subsequences from orders to see if they match known hazards or functional variants of hazards without ever learning the identity of the order.
SecureDNA allows synthesis companies to verifiably screen all DNA synthesis and makes it virtually impossible for hazardous DNA to be obtained without authorization - even if an adversary were specifically trying to evade the screening. The software will soon be available to synthesis companies worldwide at no cost.
More specifically, the SecureDNA system uses a novel exact-match search algorithm that finds matches to hazards and functional variants. It does this by generating the set of all hazard subsequences of a predefined length, choosing important subsequences to defend in a prediction-proof way, then using algorithms to generate millions of functionally equivalent subsequences of each selected subsequence. These are subjected to reverse screening by comparing them to existing sequence databases in order to remove any that match known non-hazardous entries, virtually eliminating false alarms.
Why use SecureDNA? What makes SecureDNA special?
SecureDNA is universal, comprehensive, and trustworthy:
Universal: SecureDNA is free to use, fast (thousands of base pairs / sec), and available to providers worldwide with free integration support, to safeguard DNA synthesis around the world
Sensitive: SecureDNA screens against all known hazardous sequences, with minimal false negatives.
The inclusion of prediction-proof functional variants prevents adversaries from redesigning or mutating the hazard to evade screening. SecureDNA can be aggressive in predicting large numbers of functional variants because it focuses on the specific regions of a sequence most vulnerable to attack, i.e. those that are dangerous and could be modified without loss of function.
Searching for 30-base-pair subsequences – in addition to 20 amino acid peptides – makes it difficult to assemble hazards from oligonucleotides that are too small to be screened using other methods.
Specific: SecureDNA has a negligible false alarm rate due our patented reverse screening system, which removes known non-hazards from the database. This saves you time and avoids human error in interpreting long lists of matches. It also enables integration into synthesizers and assemblers without a human in the loop.
Up-to-date: Unlike some alternatives, all SecureDNA screening includes recently discovered hazards, because we use a centralized database that is updated swiftly by our biosecurity team as soon as a new threat is identified. There is no reliance on any synthesis company to update a local installation. Since many scientists are actively attempting to identify and list potential pandemic pathogens, keeping the database up-to-date is an essential part of protecting synthesis providers and the world.
Trustworthy: Customer data is protected by multiple layers of distributed cryptography. This means we never see your customers' sequences, only opaque representations that we cannot decode. All code is open source, so that anyone can inspect it, except the database and the process for generating the database (for security reasons). And SecureDNA is politically neutral, as our screening is run by an independent Swiss nonprofit foundation and without involvement by any government.
To our knowledge, no alternative screening solution outperforms SecureDNA on any of: sensitivity, false positive rate, minimum sequence length, or strength of cryptographic sequence protection. SecureDNA combines these strengths with a rapid screening speed, hardware integration capabilities, and a $0 price.
What kinds of pathogens does SecureDNA screen for?
SecureDNA screens against the following, as well as predicted functional variants.
- Everything on the Australia Group List (EU export controlled)
- Everything export controlled by the US or by China
- All known endemic human viruses with human-to-human transmission
- All viruses with arthropod-to-human transmission
- Animal viruses deemed potential pandemic pathogens (PPPs)
- Newly discovered, potentially hazardous sequences (which can be added without degrading performance)
What output does the SecureDNA system produce?
SecureDNA outputs highly accurate and rapid advice on whether a sequence is safe to synthesize or should require further authorization. If a sequence is not safe to synthesize, SecureDNA outputs the hazards detected and, based on this, the type of authorization necessary. The system distinguishes between “standard” (innocuous) genes from regulated organisms and sequences that can turn an otherwise harmless organism into a lethal pathogen.
This output is provided in machine-readable form (JSON), alongside optional visualizations for easy human interpretation.
I synthesize DNA for my customers. How can I integrate SecureDNA with my workflow?
The SecureDNA system is designed for integration with other software. It has a simple API designed to allow complete automation of synthesis screening: You hand it a FASTA file, and you get back a JSON description of which hazards were found, exactly where they were in your input, and an unambiguous flag indicating whether any sequences of concern were detected. If you pass along a customer-provided exemption list certificate, the results take that into account automatically. Our software will be available as source code, precompiled binaries, and container images.
I make benchtop DNA synthesizers. Can I embed SecureDNA in my firmware?
Absolutely. The system has been designed from the start to be small, fast, and embeddable. We will work with you on which strategy is best for your particular setup.
How can SecureDNA be made available for free?
To safeguard DNA synthesis worldwide, SecureDNA is a nonprofit service that is free for all providers to use at no cost. This has been made possible by the combination of a computationally efficient algorithm and several generous donations from philanthropists in the United States, Europe, China, and elsewhere.
When can I use SecureDNA? What is the current stage of development?
We have a working alpha release, which is now being tested by select industry partners. All core features are completed and the system already has the capacity to screen all gene synthesis orders in the world. Please contact us if you would be interested in testing or evaluating our alpha release.
We are now working on a production-ready beta for release in the fall of 2023.
What threat models does SecureDNA defend against?
SecureDNA defends against several threat models. For example:
SecureDNA enables companies to screen freely and effectively, preventing anyone from exploiting synthesis companies that have legacy or non-existent screening
SecureDNA is hardware-integrable, preventing anyone from using benchtop devices or similar to evade screening
SecureDNA can screen down to 30-base-pair subsequences, in addition to 20 amino acid peptides, making it very difficult to assemble hazards from oligonucleotides that are too small to be screened using other methods
SecureDNA includes prediction-proof functional variants, preventing anyone from redesigning or mutating the hazard to evade screening
SecureDNA uses a centralized database, preventing anyone from exploiting compromised or out of date screening software, while safeguarding customers’ data through multiple layers of cryptography.
What about exemptions for legitimate research using dangerous pathogens?
For our beta version, we are developing a certificate system that allows Institutional Biosafety Committees and Biosafety Officers, who already evaluate most customers’ research plans, to give them automatic access to approved dangerous pathogens for legitimate research purposes.
Each approved research registration will be converted into an exemption list certificate. Current lab members with hardware keys will be able to use the certificate to order any approved hazard with zero delays. Each certificate is only usable for a specified shipping address, and we are exploring additional layers of security. Authorized orders of Select Agents or equivalent hazards will still be logged and auto-notify the laboratory Principal Investigator, institutional Biological Safety Officer, and institutional legal department.
To ease adoption, SecureDNA software can generate exemption lists from existing spreadsheet formats used for biological research registrations. Researchers can also specify their sequences and organisms of interest in a user interface, creating an “exemption request” file that biosafety authorities can then examine, verify, and approve in a digital and cryptographically secure manner.
Are our customers’ sequences secure?
Yes, your customers’ sequences are secure. We see only opaque representations that we cannot decode.
Because SecureDNA uses an exact match algorithm, subsequences are one-way-encrypted before being compared to our database. This is done using a Distributed Oblivious Hash Algorithm, which can be summarized as follows:
Before they reach us, subsequences are hashed (a one-way cryptographic operation that is effectively impossible to reverse), then blinded by being raised to an arbitrary secret power for further security.
Next, a distributed network of private keyservers encrypts the hashed and blinded subsequence, one layer of encryption at a time.
The encrypted subsequence is returned for unblinding (via the secret value) on-premise. The result can then be compared against our encrypted database of hazards to determine whether there is a match.
As a result, we never see plaintext (sub)sequences, so confidentiality is maintained.
We built our cryptographic algorithm with support from advisors, including:
Professor Ron Rivest, MIT (co-inventor of RSA encryption)
Professor Mingyu Gao, Tsinghua
Professor Yu Yu, Shanghai Jiao Tong
Professor Adi Shamir, Weizmann (co-inventor of RSA encryption)
Professor Ivan Damgard, Aarhus
Professor Carsten Baum, Aarhus
Can I see the SecureDNA code?
All code for system operation will soon be made open-source (under a dual MIT/Apache license) and available for inspection. For security reasons, the database and the process for generating the database are not open source.
Does SecureDNA use a centralized database? Where is it located, geographically?
Yes. The database is currently hosted in the USA. When in production, the database will also be hosted in China, Europe, and other locations around the world for redundancy. The keyservers used for the cryptographic steps will also be located in many different nations for security reasons.
Again, our cryptographic security prevents even SecureDNA staff from accessing plaintext customer sequences. We only see opaque representations that cannot be decoded, which ensures. This means that customer sequences are secure.
Team & support
Who is working on SecureDNA?
The SecureDNA team is composed of academic life scientists and cryptographers, policy analysts, information security specialists, and software engineers from many nations and institutions. They came together in 2019 to build a system capable of secure and universal DNA synthesis screening that would be suitable for stepwise or complete implementation by industry stakeholders.
The Foundation’s board is jointly chaired by Dean Andrew Yao of Tsinghua University, who is a Turing laureate in pseudorandom number generation and cryptography, and Professor Kevin Esvelt of MIT, a leading expert in biosecurity and the inventor of CRISPR-based gene drive.
What is the SecureDNA Foundation?
The SecureDNA Foundation exists to provide screening for hazardous DNA sequences as a free service. Specifically, the purpose of the Foundation is to develop, maintain, administrate, distribute, and encourage the universal adoption of software for screening nucleic acid sequences. It is an independent nonprofit foundation in the sense of Article 80 et seqq. Swiss Civil Code.
As a Swiss non-profit, we are subject to strict regulations and oversight, which helps to ensure that we are transparent, accountable, and effective in our work. Switzerland's political independence and economic stability provides us with additional security.
Where is SecureDNA based?
The SecureDNA Foundation is based in Zug, Switzerland.