Customer data privacy is a fundamental need for maintaining human trust and reputation in digital business services, and data encryption is key to preserving this privacy. With traditional encryption methods, data is encrypted while at rest and in-flight, but must be decrypted to be accessed for computing and business-critical operations. During the decryption process, sensitive data becomes vulnerable to internal and external risk of data exfiltration and other cyberthreats. With Fully Homomorphic Encryption (FHE), data remains securely encrypted -- even during computations. With FHE, data is always encrypted and can be shared, even onto untrusted domains in the cloud, while remaining unreadable by those doing the computation.
The journey begins with encrypting your sensitive data (PII, PHI) and algorithms (AI, ML) with IBM Fully Homomorphic Encryption. From there, you can perform secure AI and Machine Learning analytics on the encrypted data with Fully Homomorphic Encryption to preserve privacy.
Try the new IBM HElayers SDK, now available in C++ and Python
The lattice-based cryptography central to Fully Homomorphic Encryption provides long-term protection and privacy by allowing data to remain encrypted for the duration of its lifecycle, even while computations are being performed. Because the party accessing the data can never “see” it, sensitive material and proprietary algorithms are continuously protected against internal and external threats of data exfiltration.
This protection is extended to quantum computing, as homomorphically encrypted data is proven to be quantum-safe. With traditionally encrypted data, cyber attackers can harvest encrypted data and encryption keys for future use, thus breaking the encryption with the power of quantum computing. However, the homomorphic encryption scheme uses a lattice key approach which prevents this vulnerability, even from quantum computing. With these capabilities, FHE makes accessing and computing data fully secure and private.
FHE can be utilized in a number of ways. Click on each use case to find out more.
FHE can assist and enable cloud adoption for those clients that would never migrate their sensitive data to an untrusted environment due to security concerns. This allows organizations to utilize the flexibility, efficiencies, and cost savings of the cloud with the privacy-preserving capabilities of FHE. Securely collaborate with third parties without sacrificing security and collaborate across jurisdictions and borders to gain actionable insights. With FHE, clients can securely process their most sensitive workloads and data in the cloud, on-premises, or anywhere in between.
Another example relevant to financial services and investment banking is protecting the company's Intellectual Property and proprietary AL/ML algorithms that could be trade secrets and provide a competitive advantage. Financial Services companies can now collaborate with external consultants or startups for ML model development and analytics without giving data access. They can provide fully homomorphic encrypted data for training and testing A/ML models for cloud computing. They can also encrypt AI/ML models with FHE to reduce the risk of insider threat and data exfiltration if an employee goes rogue or leave the company with the models.
While FHE-enabled searches protect a user's privacy while performing an inquiry, an added layer of security is possible through encrypted data-matching. On the server side, the database itself is encrypted, therefore allowing the search to be compared against encrypted database contents. This capability protects both the person making the search and the information it is being compared against.
With traditional encryption, analysts have exposure to sensitive data as they perform operations to analyze it. This process creates vulnerabilities that can leave data at risk of internal leakage or exfiltration. However, because homomorphically encrypted data is a cipher text, the analyst is protected from the sensitivity of the data and the risk of exfiltration is removed.
For example, a data controller can process employees' sensitive data fromOnce data has been encrypted using FHE, it is possible to train AI/ML models and run inferencing with sensitive data while preserving privacy.
Banking institutions have demonstrated this capability on real financial data. The team at Banco Bradesco, one of Brazil's largest banks, homomorphically encrypted transaction data and an existing machine learning-based prediction model. They then trained the model using the encrypted data and showed that it was possible to perform encrypted predictions while concealing the data and the insights throughout the processing. You can learn more about Banco Bradesco's pilot program here.
Try this capability yourself on real data by using our Credit Card Fraud example, available for testing in the IBM HElayers SDK.
FHE allows you to authenticate to services by providing only encrypted biometrics and behavioral information. This allows customers to sign into applications without revealing sensitive biometric data or usage patterns.
One application of FHE can be found in threat detection and alerts for identity and access management. Using a homomorphically encrypted behavioral information database and historical datasets, analysts can detect anomalies and intrusion with security intelligence and AI/ML analytics, such as IBM Security QRadar. Sensitive biometric data, user credentials, and AI/ML models are encrypted before sharing with multiple AI/ML engines for threat-hunting scenarios and alerts.
Discover more about FHE and how this technology works to keep sensitive data private and secured.
Videos
An Introduction to FHE (22:16)
IBM FHE: From Invention to Adoption Webinar (1:02:01)
IBM Research
Capability & Maturity of FHE Assessed
IBM Security
By never decrypting data, even during computation, businesses can perform operations on sensitive data at scale without the risk of data exfiltration or other cyberthreats. This allows your business to remain compliant with data privacy regulations and maintain trust with your clients while utilizing their data. One way to add an extra layer of protection is by deploying to an IBM Hyper Protect Virtual Server and its trusted execution environment. By combining FHE applications/runtimes on an IBM Hyper Protect Virtual Server (HPVS) instance ensures data and application integrity. Using these tools you can further protect encrypted data from numerous threat vectors.Learn more about the value of FHE and the technology that makes it work by accessing the resources below:
FHE can be utilized in a number of ways. Click on each specific use case to find out more.
Currently, running necessary medical genetic testing on a sequenced genome is a process that is vulnerable to data theft and leaks. Because this data must be decrypted before computations can be run, sensitive medical information is not fully secured. With FHE, this personal medical data is never decrypted, and therefore never vulnerable to internal or external threats.
For example, patient protected health information (PHI) can be fully secured during cancer prognosis and heart disease detection while using genetic testing data and electronic medical records/MRI imagery for analytics. Data collaboration between multiple healthcare providers for analysis on disparate data sets for disease detection and analytics can also be done in a privacy-preserving manner without risk of sensitive data exposure.
Read more about how this process works in Scientific American.
FHE allows you to authenticate to services by providing only encrypted biometrics and behavioral information. This allows customers to sign into applications without revealing sensitive biometric data or usage patterns.
One application of FHE can be found in threat detection and alerts for identity and access management. Using a homomorphically encrypted behavioral information database and historical datasets, analysts can detect anomalies and intrusion with security intelligence and AI/ML analytics, such as IBM Security QRadar. Sensitive biometric data, user credentials, and AI/ML models are encrypted before sharing with multiple AI/ML engines for threat-hunting scenarios and alerts.
Once data has been encrypted using FHE, it is possible to train AI/ML models and run inferencing with sensitive data while preserving privacy.
Banking institutions have demonstrated this capability on real financial data. The team at Banco Bradesco, one of Brazil's largest banks, homomorphically encrypted transaction data and an existing machine learning-based prediction model. They then trained the model using the encrypted data and showed that it was possible to perform encrypted predictions while concealing the data and the insights throughout the processing. You can learn more about Banco Bradesco's pilot program here.
Try this capability yourself on real data by using our Credit Card Fraud example, available for testing in the IBM HElayers SDK.
>While FHE-enabled searches protect a user's privacy while performing an inquiry, an added layer of security is possible through encrypted data-matching. On the server side, the database itself is encrypted, therefore allowing the search to be compared against encrypted database contents. This capability protects both the person making the search and the information it is being compared against.
With traditional encryption, analysts have exposure to sensitive data as they perform operations to analyze it. This process creates vulnerabilities that can leave data at risk of internal leakage or exfiltration. However, because homomorphically encrypted data is a cipher text, the analyst is protected from the sensitivity of the data and the risk of exfiltration is removed.
For example, a data controller can process employees' sensitive data from
Get started with IBM HElayers, a software development kit (SDK) for the practical execution of encrypted workloads using fully homomorphic encrypted data. HElayers enables users to seamlessly apply advanced privacy preserving techniques without requiring specialized skills in cryptography - all while working in an integrated Python or C++ environment.
HElayers ships with tutorials and sample applications, such as credit card fraud detection, encrypted database search, image classification, and others that highlight the uses of FHE technology. It supports a wide array of analytics such as linear regression, logistic regression, and neural networks.
IBM HElayers and secure workloads using FHE
The next step in homomorphic encryption for Linux on IBM Z and LinuxONE
Video: Getting Started with HElayers in Python tutorial
Start here to build your own FHE applications using HElayers:
Your feedback on IBM HElayers is essential to providing the best possible experience. Please let us know your thoughts in this 1-2 minute survey.
By keeping sensitive data encrypted at the time of computation, Fully Homomorphic Encryption allows data scientists to bypass the usual legal permissions and security preparations that can delay the data extraction process. This capability also enables data scientists to form inference on sensitive information outside of a client’s on-premises. In removing these barriers, data scientists can now train AI and machine learning models without ever exposing decrypted data to the machine learning environment, from their own workspaces.
To learn more about how FHE works, read the Smart paper or watch the webinar.
FHE can be utilized in a number of ways. Click on each specific use case to find out more.
While FHE-enabled searches protect a user's privacy while performing an inquiry, an added layer of security is possible through encrypted data-matching. On the server side, the database itself is encrypted, therefore allowing the search to be compared against encrypted database contents. This capability protects both the person making the search and the information it is being compared against.
Clients who have data that they want to use for Artificial Intelligence (AI) or analytics, but do not have the necessary high-performance computing resources, may require a cloud provider to create the machine learning models for them. Machine Learning-as-a-Service (MLaaS) allows these clients to upload their data to a cloud provider who will use the data to create Machine Learning (ML) models. These models are then returned to the client who can use them to train AI or implement advanced analytics.
The gap in this service model for startups and enterprises who manage highly sensitive data is that they cannot risk exposing the data to a cloud provider. As a solution, these clients could leverage secure MLaaS with FHE to create ML models with sensitive data while keeping data encrypted throughout the process to preserve privacy.
Once data has been encrypted using FHE, it is possible to train AI/ML models and run inferencing with sensitive data while preserving privacy.
Banking institutions have demonstrated this capability on real financial data. The team at Banco Bradesco, one of Brazil's largest banks, homomorphically encrypted transaction data and an existing machine learning-based prediction model. They then trained the model using the encrypted data and showed that it was possible to perform encrypted predictions while concealing the data and the insights throughout the processing. You can learn more about Banco Bradesco's pilot program here.
Try this capability yourself on real data by using our Credit Card Fraud example, available for testing in the IBM HElayers SDK.
With traditional encryption, data scientists who perform operations on sensitive data have to observe strict security protocols, such as entering a secured perimeter and leaving cellphones behind. However, because homomorphically encrypted data cannot be seen, the data scientist is protected from the sensitivity of the data and can perform summary statistics without disrupting their normal routines. This means that data scientist can perform summary statistics such as mean, median, standard deviation, k-means clustering, and other common analysis methods without any personal inconvenience or risk of accidental data leakage.
For example, in healthcare, researchers and pharmaceutical companies can collaborate with multiple healthcare providers to securely pool and analyze sensitive patient data to dramatically increase the understanding of diseases and treatment, and accelerate the development of new drugs and personalized care.
With traditional encryption, data scientists who perform operations on sensitive data have to observe strict security protocols, such as entering a secured perimeter and leaving cellphones behind. However, because homomorphically encrypted data cannot be seen, the data scientist is protected from the sensitivity of the data and can perform summary statistics without disrupting their normal routines. This means that data scientist can perform summary statistics such as mean, median, standard deviation, k-means clustering, and other common analysis methods without any personal inconvenience or risk of accidental data leakage.
For example, in healthcare, researchers and pharmaceutical companies can collaborate with multiple healthcare providers to securely pool and analyze sensitive patient data to dramatically increase the understanding of diseases and treatment, and accelerate the development of new drugs and personalized care.
Currently, running necessary medical genetic testing on a sequenced genome is a process that is vulnerable to data theft and leaks. Because this data must be decrypted before computations can be run, sensitive medical information is not fully secured. With FHE, this personal medical data is never decrypted, and therefore never vulnerable to internal or external threats.
For example, patient protected health information (PHI) can be fully secured during cancer prognosis and heart disease detection while using genetic testing data and electronic medical records/MRI imagery for analytics. Data collaboration between multiple healthcare providers for analysis on disparate data sets for disease detection and analytics can also be done in a privacy-preserving manner without risk of sensitive data exposure.
Read more about how this process works in Scientific American.
Get started with IBM HElayers, a software development kit (SDK) for the practical execution of encrypted workloads using fully homomorphic encrypted data. HElayers enables users to seamlessly apply advanced privacy preserving techniques without requiring specialized skills in cryptography - all while working in an integrated Python or C++ environment.
HElayers ships with tutorials and sample applications, such as credit card fraud detection, encrypted database search, image classification, and others that highlight the uses of FHE technology. It supports a wide array of analytics such as linear regression, logistic regression, and neural networks.
IBM HElayers and secure workloads using FHE
The next step in homomorphic encryption for Linux on IBM Z and LinuxONE
Video: Getting Started with HElayers in Python tutorial
Start here to build your own FHE applications using HElayers:
Your feedback on IBM HElayers is essential to providing the best possible experience. Please let us know your thoughts in this 1-2 minute survey.
Homomorphic encryption removes the need for human-readable data storage while preserving the ability to perform computations on that sensitive data. This capability provides enterprise developers with the ability to build secure AI-enabled business applications for encrypted ML analytics. Applications developed using FHE can outsource sensitive data, in an encrypted statue, to the cloud, allowing developers to perform operations on user's data without ever seeing their information. With these capabilities, FHE makes accessing and computing data fully secure, private, and compliant with regulations.
For a hands on experience, developers can use the IBM FHE Toolkit to try a demo, or develop their own homomorphically encrypted applications built on IBM’s open-source HELib library.
To learn more about how FHE works, read the Smart paper or watch the webinar.FHE can be utilized in a number of ways. Click on each specific use case to find out more.
FHE makes it possible to securely share access to data that conceals a clients' queries within the database. Privacy preserving search enables you to perform an encrypted query while concealing your search and contents. In doing so, homomorphic encryption solutions provide both the user and the data owner with a fully secure environment. Maintaining private search has implications across many segments of industry, spanning from genomics to finance and beyond.
For an everyday example, consider the current process of searching for directions on your mobile phone application. By conducting this query, you reveal to the application your current location, destination, time of day, and intent to go from point A to point B. This is a lot of private information that you are providing that will be used to form inferences about you. With a homomorphically encrypted search, the same query for directions can be done in a privacy preserving manner that would not reveal any of your details; your data would remain encrypted throughout the entire query process.
Try this capability yourself by utilizing the Privacy Preserving Search example available in the IBM HElayers SDK.
While FHE-enabled searches protect a user's privacy while performing an inquiry, an added layer of security is possible through encrypted data-matching. On the server side, the database itself is encrypted, therefore allowing the search to be compared against encrypted database contents. This capability protects both the person making the search and the information it is being compared against.
FHE allows you to authenticate to services by providing only encrypted biometrics and behavioral information. This allows customers to sign into applications without revealing sensitive biometric data or usage patterns.
One application of FHE can be found in threat detection and alerts for identity and access management. Using a homomorphically encrypted behavioral information database and historical datasets, analysts can detect anomalies and intrusion with security intelligence and AI/ML analytics, such as IBM Security QRadar. Sensitive biometric data, user credentials, and AI/ML models are encrypted before sharing with multiple AI/ML engines for threat-hunting scenarios and alerts.
Once data has been encrypted using FHE, it is possible to train AI/ML models and run inferencing with sensitive data while preserving privacy.
Banking institutions have demonstrated this capability on real financial data. The team at Banco Bradesco, one of Brazil's largest banks, homomorphically encrypted transaction data and an existing machine learning-based prediction model. They then trained the model using the encrypted data and showed that it was possible to perform encrypted predictions while concealing the data and the insights throughout the processing. You can learn more about Banco Bradesco's pilot program here.
Try this capability yourself on real data by using our Credit Card Fraud example, available for testing in the IBM HElayers SDK.
Currently, running necessary medical genetic testing on a sequenced genome is a process that is vulnerable to data theft and leaks. Because this data must be decrypted before computations can be run, sensitive medical information is not fully secured. With FHE, this personal medical data is never decrypted, and therefore never vulnerable to internal or external threats.
For example, patient protected health information (PHI) can be fully secured during cancer prognosis and heart disease detection while using genetic testing data and electronic medical records/MRI imagery for analytics. Data collaboration between multiple healthcare providers for analysis on disparate data sets for disease detection and analytics can also be done in a privacy-preserving manner without risk of sensitive data exposure.
Read more about how this process works in Scientific American.
Get started with IBM HElayers, a software development kit (SDK) for the practical execution of encrypted workloads using fully homomorphic encrypted data. HElayers enables users to seamlessly apply advanced privacy preserving techniques without requiring specialized skills in cryptography - all while working in an integrated Python or C++ environment.
HElayers ships with tutorials and sample applications, such as credit card fraud detection, encrypted database search, image classification, and others that highlight the uses of FHE technology. It supports a wide array of analytics such as linear regression, logistic regression, and neural networks.
IBM HElayers and secure workloads using FHE
The next step in homomorphic encryption for Linux on IBM Z and LinuxONE
Video: Getting Started with HElayers in Python tutorial
Start here to build your own FHE applications using HElayers:
Your feedback on IBM HElayers is essential to providing the best possible experience. Please let us know your thoughts in this 1-2 minute survey.
Q: What is FHE technology and how does it work?
A: FHE technology enables you to perform computations on encrypted data. With FHE, you can encrypt numbers and perform operations like multiplication, addition or rotation within an encrypted vector. When the data owner decrypts the result, it should be the same as if it were done unencrypted (rounded within a certain error tolerance). Only the data owner (the person who encrypted the data) has the private key and can decrypt and observe the result.
Q: Does FHE encrypt data in use? Why should we protect data in use?
A: Yes, FHE encrypts data in use and helps to ensure confidentiality even if encrypted data is leaked or exfiltrated. Protect data in use to help eliminate the window of vulnerability that is inherent to current approaches in protecting data. Current security architectures for protecting data address data in rest and data in transit - few secure data in use.
Data in use is particularly vulnerable because it has to be decrypted to be processed. Anytime you have decrypted data out in the open, it creates a window of vulnerability that malicious entities can exploit to access sensitive workloads.
Q: What does a scheme mean in FHE?
A: A scheme is a specific algorithmic method or approach to the underlying mathematics being used to perform the homomorphic calculations.
Q: Is FHE quantum resistant and what does quantum resistant mean?
A: Yes, FHE is considered to be quantum resistant. Quantum resistant technologies enable organizations to protect their data against quantum computers; there is no advantage in using a quantum processor to break the encryption algorithm. Cryptography is generally built on assumptions about the computational difficulty (or complexity) of solving certain mathematical problems. FHE relies on a different class of difficult problems like Learning with Errors, a well known lattice-based problem widely used in quantum resistant cryptography.
Q: How is FHE different from a Trusted Execution Environment?
A: With a Trusted Execution Environment (TEE), one can run computations on unencrypted data with a hardware enforced root of trust. A TEE is intended to be secure by design, however if an application running within it had a security issue (insecure code, application code deployed with malicious malware, zero day exploit, etc), your data may be exposed and an attacker might be able to exfiltrate or manipulate your data.
But with FHE, data remains encrypted at all times even during data leakage or exfiltration. FHE (which guarantees data confidentiality at all times) and a TEE (which provides data integrity) can be combined to secure your 'crown jewel' sensitive data.
Q: What are low level primitives?
A: Low level primitives are the base operations that can be performed directly on ciphertext and include multiplication, addition, and rotation. All higher level functions are implemented in terms of low level primitives, which make them homomorphic as well. More complex operations like operations on matrices or arrays are built upon the foundational primitives.
Q: Would you use FHE in place of data masking and data obfuscation?
A: You should use FHE if data masking or data obfuscation interfere with the analytics you want to perform. If this is not the case, then data masking is the better option because it would be faster to perform computations on data that is not encrypted.
Q: What is the FHE sponsor user program and how do I sign up?
A: Sponsor users interact directly with designers and developers to improve the FHE user experience and help shape the future of FHE at IBM. IBM is currently accepting sponsor users at no cost to engage with application developers, data scientists, applied AI teams, crypto leads, and executives from enterprises around the world to refine the FHE user experience.
Please reach out to fhestart@us.ibm.com for next steps.
Q: What is lattice cryptography and how does it relate to FHE?
A: Lattice cryptography is a generic term for constructions of cryptographic primitives that involve lattices. They are generally hard to solve (and thus secure) and it is assumed that they are quantum resistant; even quantum computers find them hard to solve. FHE schemes are based on lattice cryptography and are considered to be quantum resistant.
Q: What cryptography schemes does FHE use and why would I use one over the other?
A: There are many different cryptography schemes that FHE uses. The leading FHE schemes are BGV, BFV, TFHE and CKKS. They differ by the type of numbers that they are able to operate on.
For example, BGV, BFV and TFHE operate on integers (e.g. doing a database lookup and checking to see if two numbers are the same) while CKKS is best used with real or complex numbers (e.g. AI/ML applications like neural networks).
Q: Why does FHE introduce error and wont it ruin my computational results? What is bootstrapping and how does it relate to error?
A: All FHE schemes rely on a technique called Learning with Errors (LWE). LWE introduces error to the ciphertext to provide security. This error keeps growing as you continue to perform operations on the encrypted data until at some point you can't continue. In order to continue and preserve the computational results, bootstrapping is required.
Bootstrapping reduces the error in the ciphertext that is intentionally added to keep the scheme protected. This allows you, in principle, to continue to do as many computations as you want. However, this operation is very costly to perform and significantly degrades performance.
In the BGV scheme, the error in the ciphertext is actually hidden from the user. When the user decrypts, they don't see the error at all.
In the CKKS scheme, the error is actually encrypted into the data itself. When the user decrypts, they don't receive the exact value, they receive the value plus some error.
Q: What is circuit depth and why is it relevant to FHE?
A: Circuit depth is the number of operations that you perform in a sequence. It relates to FHE because for schemes that don't support bootstrapping, you have a hard limit on the depth of computations you can perform. For schemes that support bootstrapping, you can implement the operation but it will be costly and it may not be efficient if the circuit depth is too large. In this case, you will have to bootstrap more than once which may cause the computation to be impractical. It's usually much more practical to have a low depth circuit for FHE operations.
Q: Does circuit depth relate to memory consumption?
A: Yes, circuit depth is directly related to memory consumption. Large circuit depths result in an increase in memory consumption.
Q: Does circuit depth relate to compute time?
A: Yes, circuit depth is directly related to compute time. The deeper the circuit, the more gates will be present and the more time it will take to perform the computation.
Q: What is the IBM HElayers?
A: HElayers is a Software Development Kit (SDK) that enables the practical and efficient execution of secure AI workloads using an emerging cryptographic technique called Fully Homomorphic Encryption (FHE). Targeted for use by data scientists and application developers, HElayers enables seamless use of advanced privacy preserving techniques without requiring users to understand the cryptographic underpinnings required to efficiently run FHE workloads.
HElayers is written in C++ and includes a Python API that enables application developers and data scientists to use the power of FHE by supporting a variety of analytics such as Linear Regression, Logistic Regression, and Neural Networks. It has been designed with a layered set of capabilities and coupled with appropriate APIs so users can fully utilize the services provided by the SDK. HElayers is delivered as an open platform capable of using the latest FHE implementations for a given use case. It is enabled with patented optimization and performance boosting innovation for computation, AI innovation and use case requirements that facilitate the practical use of a wide variety of AI workloads over FHE data.
Q: What are the different layers in HElayers?
A: HElayers has four layers. The first layer is the abstraction layer that can wrap an underlying HE library, providing a uniform API to access different libraries, thus allowing to write library-agnostic and scheme-agnostic code (as much as possible). The second layer underneath is the packing algorithms and math layer. This layer contains tools for doing high-level operations such as matrix multiplication and polynomial evaluation. The third layer contains the AI and query tools which enable inference over multiple types of models, neural networks, decision trees, logistic regression, linear regression, and k-means. The fourth and last layer is the use cases layer. This layer contains complete solutions for several applications. Each solution is in a form of a demo providing end-to-end usage implementation on some test data.
Q: What is HElib? What is NTL? How are they related?
A: HElib is an open source FHE library. It is a core library and API that implements IBM's reference implementation of FHE schemes. HElib implements two schemes: BGV and CKKS. To perform some of the number theory calculations to do FHE, we depend on another open source C++ library called NTL (Number Theory Library). NTL computes with modular arithmetic and deals with large numbers.
Q: What programming languages does IBM support for FHE?
A: Python and C++ API support is available for HElayers.
Q: What are the hardware and software requirements?
A:
FHE can be implemented entirely in software; there is no hardware dependency. The only software that is required is
In most use cases, for the client side, almost any modern PC, laptop or mobile device has sufficient resources to perform FHE tasks. As for the server side, where the intense encrypted computation happens, it depends on the use case. For serious development and prototyping, we recommend at least 32 GB of RAM, and more than 4 CPU cores to host a development experience suitable for modern developer test and iteration cycles. Performance of our FHE implementations scales well, meaning that more cores and more RAM lead to better the performance.
Q: Is there a trusted hardware requirement for FHE?
A: No, trusted hardware is not strictly required. However, pairing FHE with a secure runtime could provide data integrity assurances. Because of the malleability property of FHE, anyone with access to the public key could manipulate the encrypted data. Thus, data may be subject to tampering in a completely untrusted environment in some circumstances and under some threat models.
Q: Which Linux distributions are supported today?
A: Today, we support Ubuntu 20.04.
Q: Is there any special background I should have to be a successful FHE programmer right now?
A: Today, you may need some additional background in computer science or a related subject to be an effective FHE programmer depending on your use case. If you are a programmer that would like to develop FHE schemes, then you need to be a cryptographer. If you want to be a programmer that works directly with the lower level APIs provided by HElib for free, you need to be familiar with FHE schemes, the special considerations in using them, and the domain that you're working with (e.g. neural networks).
HElayers offers high-level APIs that allow you to solve AI and other problems without requiring background knowledge of FHE. For example, if you're used to working with neural networks in a standard library like Keras, HElayers can provide you with the tools necessary to import and convert your work to homomorphic encryption.
Q: Does FHE require any code or application changes?
A: Generally, yes FHE requires code changes. Some things that are easy to do with plaintext, or unencrypted data, are difficult to do with homomorphic encryption schemes. For example, a common function like MAX (taking the maximum of two numbers) is easy to compute using plaintext, but very difficult to compute using encrypted data.
Algorithms need to be changed to make them 'HE friendly' so that they are able to be decomposed into three foundational FHE primitives of multiplication, addition and rotation.
For complex operations, if there is no direct implementation feasible due to performance requirements, one must substitute the desired function by polynomial approximation. Over time, the API (Application Programming Interface) library will provide more functions that have been implemented using the three FHE primitives. Our goal is to make the developer experience as comfortable and familiar as possible, while minimizing the number of changes that is needed to implement FHE.
Q: Do you need to approximate computations with polynomials to make it compatible with FHE?
A: Yes. Most FHE schemes only provide two basic operators: addition and multiplication. This means that everything you compute will have to be a polynomial or approximated using polynomials. The larger the polynomial, the better the approximation. However, having larger polynomials means it will be more difficult to compute. For example, if you have a function involving a square root, division, and MAX operators, it may be very easy to do using plaintext. But for FHE, it will result in a complicated polynomial and will be much slower to compute. This again touches why in principle everything is possible to compute under homomorphic encryption, but in practice, it's not always practical.
Q: How do I ensure that sensitive data is encrypted correctly and that the access to this sensitive data is without any security threat?
A: In cryptography (specifically quantum safe and public key cryptography), algorithms are based on the computational complexity or 'hardness' of certain problems to solve by classical or quantum computers. 'Hardness' refers to the ability of an algorithm to solve a problem efficiently. FHE is based on a mathematical problem called Learning with Errors that both classical and quantum computers fail at solving efficiently. Like with all public private key cryptography systems, it is important to keep the secret key protected. Interactions with your secret key should only be done from a trusted environment and should not be revealed to anyone except the data owner.
Q: Any special challenges with testing and debugging FHE programs?
A: There are three main challenges with testing and debugging FHE programs. The first is that because encrypted computations require more resources than unencrypted computations, computations are slower. The second is the additional layer of complexity that is created due to the constraints of working with ciphertext of a fixed size. The last challenge is the error (noise) that needs to be managed that is inherent to FHE operations.
In HElayers, we provide tools to help address these challenges. For example, we offer APIs to measure noise and compare the computation in plaintext with a computation done under encryption. This allows you to track how the noise grows and manage the noise.
Q: What types of AI/ML models do we support today?
A: We currently support decision trees, logistic regression, linear regression, neural networks (fully connected and convolutional layers), Support Vector Machine (SVM), nearest neighbor, and basic statistics like mean.
Q: What types of activation layers do we support today?
A: For activation layers, we support polynomial functions. This is something that is not commonly used outside of FHE, but it's something that usually needs to change when trying to make a neural network 'HE friendly.'
Q: What types of SQL commands do we support today?
A:
There are some
Q: What can I program with FHE? What can’t I program with FHE?
A: In principle, the 'Fully' in Fully Homomorphic Encryption means that you can compute on any function that you want. However, in practice, some computations are very difficult to the point of being impractical.
FHE computation is most similar to a hardware circuit; we get the data, we run it through a sequence of gates and each gate performs an operation. Because the data remains encrypted and we are not able to see it in the clear, it is difficult to perform branching with FHE (e.g. if the data meets a certain condition, do X, else do Y). As a result, the data must run through all of the gates.
Q: What programming constructs are not available on FHE in terms of control flow?
A: There is no control flow for FHE - the input arrives and it runs through a circuit involving gates. You can't branch at all no ifs, no loops. It's like one big circuit.
Q: What is the performance and speed of FHE now?
A: Performance is dependent on the use case and the corresponding implementation. Transactional workloads are generally higher in latency than batch workloads. For many applications, FHE is fast enough now to be used. This is especially the case when FHE enables workloads that could not have been computed in an automated fashion before (due to privacy or data sharing concerns)
The time scales and requirements for things like online transaction fraud detection and medical image analysis are quite different. In the former, we would demand performance of hundreds or thousands of transactions per second, while in the latter a response in a few minutes or hours might be acceptable.
Today, FHE can perform tasks like logistic regression and neural networks with three or four layers in less than a second. When these neural networks become more complicated and have more layers, it will be in the order of minutes. For example, we are able to support a neural network called AlexNet with a latency in the order of minutes while our competitors take about a day and a half.
Q: Are there any special CPUs that are needed?
A: There are no special CPUs or hardware that is strictly needed to perform FHE operations. However, FHE is computationally intensive and utilizing faster processors with larger cache sizes and memory capacity will result in better performance.
Q: What is the slowdown in terms of CPU I should expect for FHE vs non FHE operations?
A: It depends on the use case. Generally, encrypted computations require more resources than unencrypted computations. Overhead can be as low as a factor of two, or as high as a factor of 10 (or even larger without careful optimization). If you are processing in batches, you'll get much better performance because the operations are SIMD (Single Instruction, Multiple Data). Note that when you are able to work with batches, you are not just looking at latency, but rather on the amortized times and throughput of an overall system design which can lead to better performance.
Q: Is FHE Turing complete?
A: FHE is Turing complete because, in theory, it can perform any function that is computable.
The IBM HElayers Software Development Kit (SDK) is designed to enable application developers and data scientists to seamlessly apply advanced privacy-preserving techniques without requiring specialized skills in cryptography.
Learn more about IBM HElayers and how to secure AI workloads using fully homomorphic encrypted data.
''Homomorphically Securing AI at the Edge''
''Towards a Homomorphic Machine Learning Big Data Pipeline for the Financial Services Sector''
Learn more about the recent FHE pilot program at Banco Bradesco.
Explore different topics within FHE.
Learn about the value and practical application of FHE.
When used together, Hyper Protect Virtual Servers and FHE can offer an unrivaled security experience.
Learn more about the technology that makes FHE work.
Read the announcement on what you can do with FHE on Linux.
Learn more about what IBM's leap with FHE means for the future.
Read the article in SecurityIntelligence.
A graphic representation of how FHE works compared to conventional encryption.
This video covers the basics of FHE and its many use cases.
FHE: From Invention to Adoption highlights the history, technology, use cases that make FHE valuable.
Learn about how FHE can add value, both from a personal and business perspective.
Learn why keeping data fully encrypted, even while its being processed, will matter to your business.
Learn how FHE can mitigate the risks inherent to data stored across hybrid multicloud environments.
Page updated to include the new IBM HElayers SDK.
Transcript added for Fully Homomorphic Encryption overview video.