Often, when I begin explaining fully homomorphic encryption (FHE) to someone for the first time I start by saying that I’ve been working in the field for nearly a decade and yet, I still have to pause to spell it right. So, let’s call it FHE.
Half-kidding aside, FHE really sounds like magic when you hear about it for the first time, but it’s actually based on very sound mathematics. The main difference is that FHE requires a shift in the programming paradigm that we are used to, which makes it a little more difficult to integrate into applications. That was until today thanks to a new toolkit we are making available for MacOS, iOS and soon for Linux and Android. In fact, developers with basic platform tool familiarity can get up and running by following a few simple instructions rather quickly (see video below). It was no small feat to synthesize 11 years of top-notch cryptography research into a streamlined developer experience that is accessible and freely available to anyone in the time most people would spend to brew a pot of coffee or de-clutter a desk.
What is FHE?
The common methods of storing and sharing sensitive data with colleagues and partners have weak links. Today, files are often encrypted in transit and at rest, but decrypted while in use. This provides hackers and insiders with repeated opportunities to exfiltrate unencrypted data. FHE plugs these holes. It allows the manipulation of data by permissioned parties while it remains encrypted, minimizing the time it exists in its most vulnerable state.
In conjunction with other techniques, FHE also makes it possible to selectively restrict decryption capabilities, so people can see only the portions of a file that they are entitled to, and are necessary for them to do their work.
While the paper was exciting news, many in the industry felt that FHE would remain on the cryptographic shelf because it was too slow for everyday usage due to the complexity of the computation and the enormous computing power it required. Thankfully, a small team at IBM Research took that on as a challenge and a decade later FHE performance has improved to a level that is adequate for certain applications, which will only improve with algorithmic advancements and future hardware accelerators.
FHE holds significant promise for a number of use cases such as extracting value from private data; data set intersection ; genomics analytics; oblivious queries (i.e. querying without revealing intent) and secure outsourcing.
FHE is particularly suited to industries which are regulated and make use of private, confidential and “crown jewel” data, such as finance and healthcare, since the technology can make it possible to share financial information or patient health records broadly while restricting access to all but the necessary data.
For example, we recently published a paper with Brazil’s Banco Bradesco SA, where we homomorphically encrypted the data and the model, and showed that it was possible to run predictions with the same accuracy as without encryption and with adequate performance. The result, banks can safely outsource the task of running predictions to an untrusted environment.
Show me the Tool Kits
The new FHE toolkits for MacOS, iOS are now available in GitHub with Linux and Android expected in a few weeks. Each toolkit is based on HELib, the world’s most mature and versatile encryption library, includes sample programs making it easier to write FHE based code.
The iOS toolkit includes an easy to follow and simple demonstration of a privacy preserving search against an encrypted database. The database is a key value store prepopulated with the English names of countries and their capital cities across Europe. Selecting the country will perform a search of the matching capital.
I should point out that these are not perfect or final. We wanted to quickly put them out to get the technology into the hands of early adopters who want to make these concepts less abstract and more concrete as we look to build up a community of users and use cases.
A team formed by IBM Research scientist Dr. Leo Gross, University Regensburg professor Dr. Jascha Repp, and University Santiago de Compostela assistant professor Dr. Diego Peña Gil has received a European Research Center (ERC) Synergy Grant for their project “Single Molecular Devices by Atom Manipulation” (MolDAM).
IBM Research and its university partners including: UC Santa Cruz; Cornell University and Cornell Tech; University of Illinois at Urbana Champagne; Oregon State University are collaborating on new programming systems and languages to build secure cryptographic applications.
Both financial crime and disparities in who can access financial services are growing. To help solve this, IBM Research is building new AI and data encryption tools to help keep data safe, cybercrime at bay, and make financial services more accessible.