Fully Homomorphic Encryption on IBM Cloud Hyper Protect Virtual Servers

5 min read

Businesses looking to digitally transform, adapt and keep pace with competitors can no longer afford to run on a homogenous environment.

Instead, those who are prepared to thrive within the context of current demands and constraints must rely on diverse platforms and technologies. Integration across — and interconnection of — these platforms and technologies through a seamless and interoperative hybrid cloud model has been found to be most impactful on business value.

For those planning to integrate their compute environments with a hybrid cloud model, security must be a foundational element of their decisional frameworks. Fully Homomorphic Encryption (FHE) is a new technology that allows businesses to stay protected from rampant cybersecurity threats while exploiting the business value of hybrid cloud.

What is Fully Homomorphic Encryption (FHE)?  

With FHE, businesses can analyze and process sensitive data while maintaining privacy and compliance controls. With this technology, internal or external parties can conduct data analysis and processing without requiring data to be exposed (decrypted). Consequently, this method can help mitigate the barriers to hybrid cloud adoption for businesses in regulated industries.   

As a result of reducing barriers to hybrid cloud adoption, FHE promotes greater collaboration and innovation across lines of business and even external organizations. To help with quickly spinning up new applications using FHE, IBM offers a security homomorphic encryption services package that provides education, expert support and a testing environment for clients. IBM’s investment in 11 years of research have also produced improvements in computing power technology, which is necessary to execute FHE without an impact to performance. Now is the time to invest in this new and upcoming technology, and IBM is the provider to trust.

How FHE protects financial workloads 

At present, many financial institutions are restricted from sharing sensitive data due to external legislation and regulations and internal policies. Despite these restrictions, institutions could gain value and generate insights that drive their businesses forward by outsourcing data. The following are some examples:

  • Client behavioral data to create fraud detection algorithms 
  • User preferences to build ideal applications and user experiences 
  • Business operation data to better automate processes with the help of consultants  
  • Customer data to promote targeted marketing campaigns

To counter risks associated with outsourcing data, financial institutions must consider security measures that protect their business IP and sensitive workloads from inside and outside threats. Gartner predicts that by 2025, 50% of large organizations will default to privacy-enhancing computation for processing data in untrusted environments and multiparty analytics use cases, and FHE is a strong method to support this strategy.

Not only is there growth in the market for FHE, but this technology also will be suitable for the future direction of computing technologies. Specifically, FHE runs on lattice cryptography, which is considered “quantum safe,” meaning it is resistant to breakage by future quantum-computing capabilities (Medium - Inside IBM Research).  

Despite the benefits that FHE provides, challenges remain. Since FHE is a complex technology that requires a shift in the coding paradigm, edification for developers is necessary for FHE to be appropriately understood and implemented. Data preparation and planning is also a challenge; these plans differ from previous frameworks and will require new ways of working and collaborating. Finally, computing power is a limiting factor when it comes to FHE, as this technology requires high levels of power to avoid performance impacts.  

The benefits of IBM Cloud Hyper Protect Virtual Servers 

FHE’s existing challenges are where IBM Cloud Hyper Protect Virtual Servers provide business value for organizations looking to securely collaborate across compute environments. IBM Cloud Hyper Protect Virtual Servers provide a confidential computing environment that supports the challenges mentioned above in addition to FHE’s feature of being cryptographically “malleable.” Malleability, in this context, refers to the ability to transform a ciphertext into another ciphertext that decrypts to a related plaintext. While malleability provides many benefits, it does provide a potential opportunity for outside threats to take advantage of certain portions of homomorphic encryption. One proactive method to protect this feature is to integrate homomorphic encryption applications with the hardened environment and runtime of IBM Cloud Hyper Protect Virtual Servers. 

Hyper Protect Virtual Servers also provide technical assurance, which creates a secure enclave for sensitive data and workloads. This type of assurance grants access only to authorized administrators, thereby eliminating the risks of internal and external threats. The confidential computing capabilities of IBM Cloud Hyper Protect Virtual Servers are unique in the market and no other provider can offer this level of data protection.  

IBM Cloud Hyper Protect Virtual Servers run on IBM Z and LinuxONE platforms, both of which are known for their resiliency, pervasive encryption, scalability and performance. This means that developers running FHE on IBM Cloud Hyper Protect Virtual Servers will be able to capitalize on each of these functionalities, without needing to worry about performance impacts.  

Use case: Intelligent fraud protection  

Context: As customer expectations for their financial services have shifted, the capacity for customers to bank, spend and save across a variety of platforms has increased.  

Problem: This new capability opens up more avenues for malicious actors to take advantage of banking customers and negligent actors to expose sensitive data.  

Solution: Financial institutions need ways to reduce duplicate invoices, fraudulent spending and rouge account activity while providing customers with open and seamless user experiences across many devices. For these reasons, financial institutions want to safely implement machine learning and artificial intelligence (AI) capabilities into their current workflows. These capabilities can monitor bank accounts, financial transactions and accounting invoice/purchase orders in order to analyze the data and identify any potential fraudulent activity. 

Solution with IBM FHE and IBM Cloud Hyper Protect Virtual Servers: IBM FHE and IBM Cloud Hyper Protect Virtual Servers work together to create an armor around data. The FHE Toolkit runs on the Bring Your Own Image (BYOI) function of Hyper Protect Virtual Servers. Developers can run and store their critical workloads on these virtual servers while making computational or modular changes to their applications through the FHE Toolkit. This advantages financial institutions by allowing for the rapid spin-up of applications based on real-time machine learning and AI insights, all while working in a secure enclave that protects against internal risks and external attacks. 

Summary 

IBM FHE and IBM Cloud Hyper Protect Virtual Servers are excellent technologies for financial institutions and other organizations in regulated industries looking to digitally transform and modernize their businesses with a hybrid cloud strategy. Together, they provide end-to-end security of data analytics in use and by external parties, enabling institutions to act on collaborative and innovative opportunities that are necessary steps to take to compete in the current market. 

Learn more

Sources  

IBM (2020). “IBM Security Homomorphic Encryption Services.”  

IBM (2020). “The future of crypto: IBM makes a new leap with Fully Homomorphic Encryption.”

IBM (2020). “IBM Helps Prepare Clients for Next Generation Encryption Technology.”

Medium - Inside IBM Research (2020). “Top Brazilian Bank Pilots Privacy Encryption Quantum Computers Can’t Break.”

IBM Research (2020). “Towards a Homomorphic Machine Learning Big Data Pipeline for the Financial Services Sector.”  

Gartner (2020). “Predicts 2021: Balance Privacy Opportunity and Risk.”

Be the first to hear about news, product updates, and innovation from IBM Cloud