Homomorphic Encryption (HE) is based on lattice cryptography, which encodes data using complex mathematical computations that can't be solved by current decryption techniques. HE lets you take encrypted data, transfer it to where it needs to go, perform calculations on it, and get results—without ever knowing the exact underlying data.
To put it in plain English, if you have two encrypted numbers, a and b, with Homomorphic Encryption, you can do operations on them like a + b = c. You still don't know what a, b or c is, but you can pass c back to the person who has the encryption key, and they can read it.
However, there is a drawback with HE. It is so computationally intense that the concept is almost useless in practice. Well, at least until now, because there are many new developments in the HE field that are promising. Intel and Microsoft have invested a great amount of research in standardizing the use of HE and improving the performance of this privacy-preserving technology to be used in many use cases. This includes healthcare, finance, banking or government -- allowing them to easily share sensitive data with partners and third-party services in public clouds without the risk of exposing it.
To have a better understanding of the developments in HE, I sat down with Flavio Bergamaschi and Fabian Boemer from Intel. My friend Zoe Rose, Regional and Supplier Information Security Lead at CANON EMEA, was kind enough to introduce me to these two scientists, and I cannot thank her enough.
Homomorphic encryption at inflection point
Bergamaschi and Boemer highlighted that no one has found a killer app just yet. Because of the prevailing perception that HE is too slow and costly, many people are postponing HE projects. Therefore, many benefits have not been realized yet. The biggest being the protection HE offers against chosen plaintext attacks (CPA), even with caveats. On the other hand, organizations need to realize that HE does not protect against chosen cyphertext attacks (CCA).
Intel believes that HE is at an inflection point, where it has now become adequate for many scenarios involving data sharing and outsourcing computation that wouldn’t be feasible before. The real question is using HE in a given context. If you need the output in 24 hours, then HE is ideal. On the other hand, if you require near real time computations, then multithreading can be used.
Therefore, applicability is a key concern for many use cases. Is the response time adequate for the business case under examination? For some situations, even if the response time is 1000x slower, the benefits still outweigh the slow performance.
Improve HE performance
Intel has partnered with Microsoft as part of a US Defense Advanced Research Projects Agency (DARPA) program that aims to develop hardware and software to drastically improve the performance of fully homomorphic encryption (FHE) computation. As part of the program, Intel will develop a hardware accelerator that could make machine learning practical with always-encrypted and privacy-preserving data.
Under the DARPA DPRIVE (Data Protection in Virtual Environments) program, Intel plans to design an application-specific integrated circuit (ASIC) accelerator to reduce the performance overhead currently associated with fully homomorphic encryption. When fully realized, the accelerator could deliver a massive improvement in executing FHE workloads over existing CPU-driven systems, potentially reducing cryptograms’ processing time by five orders of magnitude.
At the same time, Nasdaq, the global technology company serving the capital markets and other industries, is leveraging the crypto acceleration in Intel’s 3rd Generation Intel Xeon Scalable platform to significantly speed up computation for its high performance advanced homomorphic encryption (HE) applications. To further accelerate HE applications, Intel and Nasdaq are co-engineering HE calculations utilizing the new Advanced Vector Extensions (AVX) 512 Integer Fused Multiply Add Instructions (AVX512_IFMA) available in the latest 3rd Gen Intel Xeon Scalable processor.
Homomorphic Encryption standardization is under way
Boemer said that an ISO standard is under way, written by Rosario Cammarota (Intel) and Kim Laine (Microsoft). As the standard is developed, alignment with solutions is a must. This ensures that organizations implementing HE can know what to expect, how to use it, and when to use it. This also allows organizations to develop their own use cases while security is maintained.
Bergamaschi believes that it is important to communicate that the HE standard is coming and that HE adoption will pick up once the standard is approved.
The usability of HE is the trick for wider adoption. All the libraries (schemes) available today are open source—anyone can take that, said Bergamaschi. However, you will need a really good C++ developer and cryptographer. What we need is toolkits to make this easier. Only the large companies can afford to have the teams and research to consume this technology as it is today. Intel has been working on usability and they have a toolkit to have one-button installation.
The other aspect is the workflow. Having HE without knowing the use case will lead to usage in a non-secure way. Essentially, people that don’t understand how it works, might think it’s secure, but it’s not.
There is work to be done to make Homomorphic Encryption more widely adopted in order to enhance data privacy. However, the good news is that companies like Intel, Microsoft, Nasdaq, and DARPA are part of an ecosystem trying to make HE usability better.
I would like to thank Zoe Rose, for providing me with the opportunity to have an insightful discussion with Flavio Bergamaschi and Fabian Boemer.
If you wish to learn more on what Homomorphic Encryption is and how it can be used, you can read this blog.