DNA synthesis orders are automatically broken into fragments and directly compared to a database of pieces chosen at random from critical regions of bioweapons. Any ‘adversaries’ attempting to evade screening cannot know which fragments are protected, forcing them to include mutations across the entire sequence of the bioweapon.

Even mutated fragments can be reliably detected by using the best available computational tools to generate a ranked-order list of all variations predicted to remain functional. A random number of these predicted fragments are included in the database, but only after removing any that match legitimate sequences in the GenBank repository, thereby avoiding false alarms. Including variants at random ensures that adversaries cannot know how many mutations are needed to evade detection, forcing them to guess high.

This "Random Adversarial Threshold" search makes synthesizing protected bioweapons fiendishly difficult. To have even a chance of obtaining all of the necessary DNA fragments, adversaries are forced to include many mutations that are likely to inactivate their desired bioweapon throughout its entire genome, making it effectively impossible to assemble a functional version of a protected bioweapon from screened DNA.

Since the database does not contain matches to unrelated sequences in GenBank that would create false alarms, screening is accurate enough to be fully automated, greatly reducing costs.

Finally, the system can be securely implemented by a distributed network of servers to protect the privacy of both the orders and the database contents. Even hacking multiple servers would uncover nothing. The fully secure version, which is vital to protect against future bioweapons, could be implemented directly or in a stepwise manner depending on the needs of stakeholders.

Unobstructed Research

Securing DNA synthesis should not impede legitimate scientific or commercial research. Because no fragments in the database will match any harmless sequences in the GenBank repository, only random chance could cause an innocent order to be incorrectly identified as hazardous and blocked. We can calculate this probability using the anticipated database size and amount of DNA likely to be synthesized in a given year. Based on projections, we expect to see approximately one such false alarm in the year 2030.

Companies or laboratories authorized to work with a blocked agent or sequence can be issued certificates by institutions or governments, which would be sent with orders to major DNA synthesis providers possessing secured machines. Any order fragments that match those listed on the certificate would be automatically approved, enabling legitimate researchers to receive shipments without delay. The whitelist mechanism would also prevent abuse of the screening system for individual or commercial gain.

Information Security

Screening should never disclose the identities of DNA synthesis orders or potential bioweapons. Current screening practices cannot accomplish either: even if an order is securely transmitted to the synthesis provider, it must be accessible to human experts if flagged as a threat.

Cooperative networks of servers can perform distributed computations without any single machine having access to the relevant data. A secure distributed one-way transformation can render fragments from orders and bioweapons uninterpretable, yet still allow them to be compared to determine whether the originals were identical. The database could be made resistant to future quantum computer attacks by arranging for each server to apply an additional quantum-resistant transformation with a unique key and then combining the results.

Our team strongly recommends open-sourcing the code and offering numerous prizes for identified exploits before entrusting the system with sensitive data.

Guarding Against Future Advances

Should a minimum number of authorized experts concur on the existence of a novel threat, they can add fragments to the database by encoding the update on paper for secure physical transport to each server network. As the history of espionage suggests that as few individuals as possible should be aware of novel weapons, the system could in principle be implemented to permit updates by a handful of concurring authorized experts or even a single expert who need not tell anyone else of the specific threat. This method could guard against future bioweapons that could not be contained once unleashed.

Crucially, the existence of a well-known screening network will provide a way for well-meaning researchers who identify a potential new bioweapon to protect the world without disclosure, avoiding the risk of making the weapon credible and incentivizing well-resourced rogue actors to build the agent in order to threaten the international community.

Paths to Secure Screening

From a security perspective, it would be best if the comprehensive system outlined in this document were adopted in its entirety. Given the potential for current and future advances to weaponize agents currently deemed innocuous, the need for secure screening is dire. However, there may not be an immediate path towards a completely secure implementation.

The Secure DNA team hopes to work closely with current stakeholders to find a viable path towards complete adoption. For example, a stepwise approach might first involve current DNA providers adopting Random Adversarial Threshold search to screen against already-known bioweapons, without the additional cryptographic protection against industrial espionage conferred by the secure version. This would provide time to develop and test a secure implementation, which could then be implemented to improve privacy and security.

Policy Considerations

Given the tensions between our respective nations, the Secure DNA Project has carefully avoided involving any government employees or relying on government funding, although we have kept many relevant agencies and synthesis firms apprised of our effort. While hailing from regions strong in biotechnology and cryptography, we recognize that implementation will require multilateral engagement and contributions from individuals throughout the world.

A Working Group convened by the World Economic Forum and Nuclear Threat Initiative has independently studied the problem and published a report calling for a novel DNA synthesis screening system to be developed by a global, multistakeholder Technical Consortium.

The Secure DNA Project appears to meet or exceed the technical goals identified by the WEF/NTI Working Group, including criteria designated as future challenges. Our design:

• Permits fully automated screening, requiring no human experts to examine matches
• Provides maximal security against information hazards and industrial espionage
• Can guard both large DNA synthesis providers and benchtop machines
• Enables legitimate research to proceed unobstructed without any unlocked synthesizers
• Can screen DNA fragments of 42+ base pairs; which is too small to easily assemble
• Can screen design software and DNA sequencing results without information hazards

At this time, we intend to continue to develop the Secure DNA Project independently of the Technical Consortium, but are open to working together in future.

As a team, we are committed to guarding the world against autonomous bioweapons. Even if future advances render our current approach obsolete, we will work with any and all relevant multilateral groups and individuals to achieve our goal of secure and universal DNA synthesis, be it through a gradual stepwise process or direct implementation. None of us has any preexisting interest in the industry, but the stakes demand nothing less.

When just a handful of individuals representing nation-states were capable of unleashing mass death, our civilization only narrowly avoided global tragedy. Preventing many thousands of individuals from gaining the knowledge and components required to build autonomous bioweapons is one of the more critical challenges of our time. We pledge to meet it together.

Current Team

Dean Andrew Yao, Tsinghua                          Prof. Kevin Esvelt, MIT                      Prof. Ivan Damgård, Aarhus    Dean Lan Xue, Tsinghua                                    Prof. Ron Rivest, MIT                          Prof. Adi Shamir, Weizmann                 Prof. Yu Yu, Shanghai Jiao Tong                 Prof. Vinod Vaikunathan, MIT      Dr. Carsten Baum, Aarhus       Prof. Mingyu Gao, Tsinghua                           Prof. Daniel Wichs, Northeastern                                                                 Hongrui Cui, Shanghai Jiao Tong             Dr. Lenny Foner, MIT                                                                                                                                                                                                                     Dr. Omer Paneth, MIT                                                                                                                                                                                                                 Dana Gretton, MIT                                                                                                                                                                                                                         Meicen Sun, MIT

For more information and our academic manuscripts, see the Secure DNA project page.