In a recent Advisor, I discussed an innovative data protection technology called fully homomorphic encryption (FHE). Recapping, FHE is a relatively new form of encryption that allows computation to be directly applied to encrypted data, without requiring decryption during the process. Upon completion of processing, the results are returned directly in encrypted format, ensuring that only the owner of the data can see the processed results.
FHE will eventually provide organizations with a way to protect sensitive data in various application scenarios, including in cloud platforms (in general). FHE also looks promising for allowing multiple organizations to participate in the collaborative development of data intensive applications — including building machine learning (ML) and other analytical models — while ensuring that personally identifiable information, intellectual property (IP), analytical findings, proprietary secrets (e.g., artificial intelligence [AI] algorithms), processes, and other sensitive information remain protected. (Check out this video for a quick overview of the importance of FHE.)
Although still in development, products and services utilizing FHE are available. Organizations should consider investigating the technology now in order to prepare for when it starts to enter the mainstream. This Advisor examines some companies, products, and services utilizing FHE that can help you in your investigation.
IBM has gone all out on FHE, offering several products and services supporting the technology, including toolkits and cloud-based services intended to help organizations start experimenting with FHE.
IBM has open source FHE toolkits available for iOS, macOS, and Linux that are designed for cryptographers and developers. Each toolkit includes sample programs and integrated development environment (IDE) integration, intended to make it easier to start writing FHE-based code. An Android version is expected soon.
IBM Security Homomorphic Encryption Services
This comprehensive offering provides a scalable hosting environment on IBM Cloud, along with encryption tools, consulting, and managed services to help organizations experiment with FHE and start designing prototype solutions that take advantage of the technology.
IBM Security Homomorphic Encryption Services are intended to help educate and prepare organizations to build and deploy FHE-enabled applications as the technology reaches maturity in the near future. The service includes access to tools and the expertise needed to get started with FHE, including:
Templates for common FHE use cases, such as encrypted search, AI, and ML
Guidance, consulting, and education from cryptography experts to help organizations acquire the skills necessary for designing and working with FHE-enabled applications
Scalable cloud platform (IBM Cloud) for developers to design and build prototypes of their own FHE-enabled applications
The service can also offer assistance to organizations with developing new prototype applications and use cases utilizing FHE. Initial offerings focus on developers and crypto engineers. Initial use cases include performing analytics on encrypted data, conducting encrypted searches while concealing search query and content, and training ML models while maintaining existing privacy and confidentiality controls.
IBM Industry Applications
IBM researchers have applied FHE in several industry proof-of-concept projects. One interesting effort involved a collaboration between IBM Research and Brazil’s Banco Bradesco S.A. that investigated approaches to apply FHE to secure a typical ML pipeline commonly employed in the financial services sector. For such financial ML applications, privacy and confidentiality regulations require that most of the data be kept in a secure environment, typically in-house, and not outsourced to cloud or multi-tenant shared environments.
Researchers deconstructed a typical ML pipeline used by Banco Bradesco and applied homomorphic encryption to two important ML tasks: the variable selection phase of the model-generation task and the prediction task. The project demonstrated that a homomorphic encryption-based ML pipeline can yield results comparable to state-of-the-art variable selection techniques, and the performance results indicated that the technology has reached the inflection point where it can be useful in batch processing in a financial business setting.
Microsoft offers the Simple Encrypted Arithmetic Library (SEAL) as part of its efforts to support FHE. SEAL is a set of open source homomorphic encryption libraries (for performing computations directly on encrypted data). It is designed for software engineers to build end-to-end encrypted data storage and computation services where the customer never needs to share their key with the service. SEAL is available on GitHub.
With SEAL, Microsoft aims to make homomorphic encryption available to general programmers and developers instead of just cryptographers and other encryption experts. SEAL provides a simple API and comes with several detailed and thoroughly commented examples, demonstrating how developers can use the library correctly and securely, along with explanatory background material.
Microsoft Edge Password Monitor
Microsoft used SEAL to implement the Password Monitor functionality in the latest versions of the Microsoft Edge browser. This feature notifies users if any of their saved passwords have been found in a third-party breach. SEAL and other Microsoft FHE technology ensure privacy and security of the user’s passwords, meaning that neither Microsoft nor any other party can learn the user’s passwords while they are being monitored. Password Monitor is the result of a collaboration between Microsoft's former research incubation group, the Cryptography and Privacy Research Group, and the Edge product team.
Microsoft CryptoNets: Deep Learning on Homomorphically Encrypted Data
In another effort, Microsoft demonstrated that it is feasible to perform deep learning on homomorphically encrypted data.
In the paper “CryptoNets: Applying Neural Networks to Encrypted Data with High Throughput and Accuracy,” it presents a method to convert trained neural nets to “CryptoNets” — neural nets that can be applied to encrypted data. This allows a data owner to send their data in an encrypted form to a cloud service that hosts the network. FHE ensures that the data remains confidential since the cloud does not have access to the keys needed to decrypt it. Nevertheless, the cloud service is able to apply the neural nets to the encrypted data to make encrypted predictions and also return them in encrypted form. These encrypted predictions can be sent back to the owner of the secret key who can decrypt them. Consequently, the cloud service does not gain any information about the raw data nor about the prediction it made.
Google has developed and open sourced its Private Join and Compute, a secure, multiparty computation tool designed to let organizations work together with confidential data while protecting data privacy.
Private Join and Compute actually combines two cryptographic techniques to protect data, including:
Private set intersection — allows two parties to privately join their data sets and discover the identifiers they have in common.
Homomorphic encryption — allows certain types of computation to be performed directly on encrypted data without having to decrypt it first. Throughout the process, individual identifiers and values remain concealed.
This combined cryptographic technique allows two parties to encrypt their identifiers and associated data and then join them. They can then perform certain types of calculations on the overlapping set of data to draw useful information from both data sets in aggregate. All inputs (identifiers and their associated data) stay fully encrypted and unreadable throughout the process. Moreover, neither party ever reveals their raw data, but they can still answer the questions at hand using the output of the computation. This end result is the only thing that is decrypted and shared in the form of aggregated statistics. For example, this could be a count, sum, or average of the data in both sets.
Duality offers the Duality SecurePlus Product Suite, a big data/privacy protection platform that combines data science and advanced encryption technologies to enable organizations to deploy ML and other analytics while preserving privacy, IP, and trust.
The Duality platform lets multiple teams securely collaborate on sensitive data and deploy advanced analytics, including AI and ML inference models, SQL-like queries, descriptive statistics, and domain-specific computations. FHE serves to protect data and models at all times, while ensuring that they can still be used for computation.
The platform supports various applications scenarios, including:
Secure data analysis — encrypt data and run analytics on it
Secure model deployment — encrypt models and deploy them on third-party data
Secure data linkage — encrypt one or more data sets, link them, and analyze them in aggregate
Secure querying — encrypt SQL-like queries and run them on third-party databases
Duality provides organizations with control and manageability for collaborative projects at scale. This includes the configuration of privacy-enhanced workflows, audit and access controls, user management, data transport, and key management in a manner compliant with data protection regulations, including the California Consumer Privacy Act and General Data Protection Regulation.
Duality is targeting its platform at financial services, including for enabling banks and other institutions to securely share information for open banking, customer on-boarding and compliance regulations (i.e., Know Your Customer), and collaborative anti-financial crime efforts involving multiple institutions and cross-border investigations.
In February, Duality won a US $14 million contract for the US Defense Advanced Research Project Agency's effort to develop hardware-accelerated homomorphic encryption technologies. For more on this initiative, see my previous Advisor.
Organizations are taking greater interest in FHE because it is expected to play an important role in protecting data and privacy in cloud platforms and collaborative development projects. Initial target industries include the cloud computing industry, financial services, genomics, pharmaceutical, healthcare and medicine, telecom, and government.
We recommend that organizations start investigating FHE now, as the technology appears to be evolving fairly quickly. Drivers include the development of new encryption algorithms, the availability of affordable high-performance computing, and a real need by organizations to respond to the ever-growing threats to their sensitive data.
This Advisor covered some of the companies, products, and services that support FHE. In future Advisors, we will provide updates on new offerings and other important developments with the technology. Meanwhile, I'd like to get your opinion on fully homomorphic encryption, including issues with the technology and products you find interesting. As always, your comments will be held in strict confidence. Please e-mail me at email@example.com or call +1 510 356-7299 with your comments.