Multiple data sources encrypt data using encryption key data received from a first system; a second system does not have access to the encryption key data. The second system receives the encrypted data from the multiple data sources. Because the encryption is additively homomorphic, the second system may create encrypted summation data using the encrypted data. The second system may send the encrypted summation data to the first system, which may then decrypt the encrypted summation data to create unencrypted summation data.