Data clean rooms using defined access with homomorphic encryption

What is claimed is: 1. A method performed by executing instructions on at least one hardware processor, the method comprising: installing, in a data-consumer account of a data platform, an application instance of an application, the application instance comprising one or more communication interfaces corresponding to one or more communication interfaces in the application in a data-provider account; sharing homomorphically encrypted consumer data with the application instance in the data-consumer account; invoking one or more of the communication interfaces of the application instance to execute associated underlying code blocks to generate homomorphically encrypted output based on the shared homomorphically encrypted consumer data, the associated underlying code blocks not being visible to the data-consumer account, a source code of the associated underlying code blocks not being visible to the data-consumer account; and saving the homomorphically encrypted output of one or more of the associated underlying code blocks locally within the data-consumer account, the shared homomorphically encrypted consumer data, and the homomorphically encrypted output each being homomorphically encrypted using a public key generated by the data-consumer account. 2. The method of claim 1 , wherein at least one of the one or more communication interfaces comprises an application programming interface (API). 3. The method of claim 1 , further comprising: creating the application in the data-provider account of the data platform, the application comprising one or more APIs corresponding to the one or more underlying code blocks; and sharing homomorphically encrypted provider data with the application in the data-provider account. 4. The method of claim 3 , wherein the shared homomorphically encrypted provider data also being homomorphically encrypted using the public key generated by the data-consumer account. 5. The method of claim 4 , further comprising the data-consumer account sharing the public key with the data-provider account. 6. The method of claim 3 , wherein the one or more executed underlying code blocks operating on the shared homomorphically encrypted provider data and the shared homomorphically encrypted consumer data. 7. The method of claim 1 , wherein the application instance is, by default, not authorized to exfiltrate consumer data from the data-consumer account. 8. The method of claim 1 , wherein the saved homomorphically encrypted output comprises aggregated output data or a relation. 9. The method of claim 8 , wherein the saved homomorphically encrypted output does not include any provider data. 10. The method of claim 8 , wherein the relation includes only a subset of the shared homomorphically encrypted consumer data. 11. The method of claim 1 , further comprising locally decrypting the homomorphically encrypted output for storage in the data-consumer account. 12. A data platform comprising: at least one hardware processor; and one or more non-transitory computer readable storage media containing instructions that, when executed by the at least one hardware processor, cause the data platform to perform operations comprising: installing, in a data-consumer account of a data platform, an application instance of an application, the application instance comprising one or more communication interfaces corresponding to one or more communication interfaces in the application in a data-provider account; sharing homomorphically encrypted consumer data with the application instance in the data-consumer account; invoking one or more of the communication interfaces of the application instance to execute associated underlying code blocks to generate homomorphically encrypted output based on the shared homomorphically encrypted consumer data, the associated underlying code blocks not being visible to the data-consumer account, a source code of the associated underlying code blocks not being visible to the data-consumer account; and saving the homomorphically encrypted output of one or more of the associated underlying code blocks locally within the data-consumer account, the shared homomorphically encrypted consumer data, and the homomorphically encrypted output each being homomorphically encrypted using a public key generated by the data-consumer account. 13. The data platform of claim 12 , wherein at least one of the one or more communication interfaces comprises an application programming interface (API). 14. The data platform of claim 12 , the operations further comprising: creating the application in the data-provider account of the data platform, the application comprising one or more APIs corresponding to the one or more underlying code blocks; and sharing homomorphically encrypted provider data with the application in the data-provider account. 15. The data platform of claim 14 , wherein the shared homomorphically encrypted provider data also being homomorphically encrypted using the public key generated by the data-consumer account. 16. The data platform of claim 15 , the operations further comprising the data-consumer account sharing the public key with the data-provider account. 17. The data platform of claim 14 , wherein the one or more executed underlying code blocks operating on the shared homomorphically encrypted provider data and the shared homomorphically encrypted consumer data. 18. The data platform of claim 12 , wherein the application instance is, by default, not authorized to exfiltrate consumer data from the data-consumer account. 19. The data platform of claim 12 , wherein the saved homomorphically encrypted output comprises aggregated output data or a relation. 20. The data platform of claim 19 , wherein the saved homomorphically encrypted output does not include any provider data. 21. The data platform of claim 19 , wherein the relation includes only a subset of the shared homomorphically encrypted consumer data. 22. The data platform of claim 12 , the operations further comprising locally decrypting the homomorphically encrypted output for storage in the data-consumer account. 23. One or more non-transitory computer readable storage media containing instructions that, when executed by at least one hardware processor of a computer system, cause the computer system to perform operations comprising: installing, in a data-consumer account of a data platform, an application instance of an application, the application instance comprising one or more communication interfaces corresponding to one or more communication interfaces in the application in a data-provider account; sharing homomorphically encrypted consumer data with the application instance in the data-consumer account; invoking one or more of the communication interfaces of the application instance to execute associated underlying code blocks to generate homomorphically encrypted output based on the shared homomorphically encrypted consumer data, the associated underlying code blocks not being visible to the data-consumer account, a source code of the associated underlying code blocks not being visible to the data-consumer account; and saving the homomorphically encrypted output of one or more of the associated underlying code blocks locally within the data-consumer account, the shared homomorphically encrypted consumer data, and the homomorphically encrypted output each being homomorphically encrypted using a public key generated by the data-consumer account.