Privacy-preserving data verification

What is claimed is: 1. A node for anonymizing network data for analysis by another node, the node comprising: processing circuitry configured to: encrypt first network data including a first tenant identifier using a first cryptographic key to generate first encrypted data; anonymize the first encrypted data to generate anonymized data, the anonymizing of the first encrypted data including segmenting the first encrypted data based at least in part on the encrypted first tenant identifier, the anonymizing of the first encrypted data preserving relationships among the first network data associated with the first tenant identifier; encrypt the anonymized data using a second cryptographic key to generate encrypted anonymized data; transmit the encrypted anonymized data, at least one analysis parameter, at least one security policy and instructions to analyze the encrypted anonymized data using the at least one analysis parameter, the at least one security policy and the second cryptographic key; receive analysis data resulting from the analysis of the encrypted anonymized data; and determine verification results from the received analysis data. 2. The node of claim 1 , wherein the at least one analysis parameter is a two dimensional matrix where values of the two dimensional matrix indicate a quantity of times to apply a cryptographically based function to a segment of the encrypted anonymized data using the second cryptographic key. 3. The node of claim 2 , wherein a quantity of columns in the two dimensional matrix indicates a quantity of copies of the encrypted anonymized data to generate; and the instructions to analyze the encrypted anonymized data includes instructions to generate a plurality of data views, each data view corresponding to an application of a respective column of the two dimensional matrix to a respective copy of the encrypted anonymized data. 4. The node of claim 3 , wherein each data view includes: a portion that preserves relationships among the first network data associated with a first tenant identifier; and a portion that fails to preserve relationships among the first network data associated with a first tenant identifier. 5. The node of claim 2 , wherein a quantity of rows in the two dimensional matrix correspond to a quantity of segments in the encrypted anonymized data. 6. The node of claim 2 , wherein the anonymizing of the first encrypted data includes: pairing each row of the two dimensional matrix with a respective segment of the first encrypted data; and modifying an ordering of rows of the two dimensional matrix and corresponding segments of the first encrypted data. 7. The node of claim 1 , wherein the processing circuitry is further configured to: encrypt second data including a second tenant identifier using the second cryptographic key to generate second encrypted data; and anonymize the second encrypted data to generate a portion of the anonymized data, the anonymizing of the second encrypted data including segmenting the second encrypted data based at least in part on the encrypted second tenant identifier, the anonymizing of the second encrypted data preserving relationships among the second data associated with a second tenant identifier. 8. The node of claim 7 , wherein at least one segment of encrypted anonymized data includes first encrypted data and second encrypted data. 9. The node of claim 1 , wherein the determining of verification results from the received analysis data includes determining a quantity of times at least one segment of the verification results that correspond to the network data was encrypted. 10. The node of claim 1 , wherein the processing circuitry is further configured to transmits the second cryptographic key. 11. A method for anonymizing network data for analysis by another node, the method comprising: encrypting first network data including a first tenant identifier using a first cryptographic key to generate first encrypted data; anonymizing the first encrypted data to generate anonymized data, the anonymizing of the first encrypted data including segmenting the first encrypted data based at least in part on the encrypted first tenant identifier, the anonymizing of the first encrypted data preserving relationships among the first network data associated with the first tenant identifier; encrypting the anonymized data using a second cryptographic key to generate encrypted anonymized data; transmitting the encrypted anonymized data, at least one analysis parameter, at least one security policy and instructions to analyze the encrypted anonymized data using the at least one analysis parameter, the at least one security policy and the second cryptographic key; receiving analysis data resulting from the analysis of the encrypted anonymized data; and determining verification results from the received analysis data. 12. The method of claim 11 , wherein the at least one analysis parameter is a two dimensional matrix where values of the two dimensional matrix indicate a quantity of times to apply a cryptographically based function to a segment of the encrypted anonymized data using the second cryptographic key. 13. The method of claim 12 , wherein a quantity of columns in the two dimensional matrix indicate a quantity of copies of the encrypted anonymized data to generate; and the instructions to analyze the encrypted anonymized data includes instructions to generate a plurality of data views, each data view corresponding to an application of a respective column of the two dimensional matrix to a respective copy of the encrypted anonymized data. 14. The method of claim 13 , wherein each data view includes: a portion that preserves relationships among the first network data associated with a first tenant identifier; and a portion that fails to preserve relationships among the first network data associated with a first tenant identifier. 15. The method of claim 12 , wherein a quantity of rows in the matrix correspond to a quantity of segments in the encrypted anonymized data. 16. The method of claim 12 , wherein the anonymizing of the first encrypted data includes: pairing each row of the matrix with a respective segment of the first encrypted data; and modifying an ordering of rows of the matrix and corresponding segments of the first encrypted data. 17. The method of claim 11 , further comprising: encrypting second data including a second tenant identifier using the second cryptographic key to generate second encrypted data; and anonymizing the second encrypted data to generate a portion of the anonymized data, the anonymizing of the second encrypted data including segmenting the second encrypted data based at least in part on the encrypted second tenant identifier, the anonymizing of the second encrypted data preserving relationships among the second data associated with a second tenant identifier. 18. The method of claim 17 , wherein at least one segment of encrypted anonymized data includes first encrypted data and second encrypted data. 19. The method of claim 11 , wherein the determining of verification results from the received analysis data includes determining a quantity of times at least one segment of the verification results that correspond to the network data was encrypted. 20. The method of claim 11 , further comprising transmitting the second cryptographic key. 21. A node for anonymizing network data for analysis by another node, the node comprising: an encryption module configured