Home > Cybersecurity > Major players invest in homomorphic encryption initiatives
Do you believe that data is fully protected because it is encrypted? Much to the dismay of many, this is not the case. Encryption has been a key protection tool for data in transit or stored. However, data need to be decrypted to be processed and, at that time, maybe exposed to risks and vulnerabilities.
Now, what has been just a mathematical concept is becoming a reality to allow data to be processed without decryption and thus keep it safe. This is the power of Fully Homomorphic Encryption (FHE). And major players have invested in homomorphic encryption initiatives.
For example, IBM took another step towards democratizing this technology at the end of 2020 by launching an IBM Security Homomorphic Encryption Services package, with a prototyping environment, specialized support, and guidance, so that interested parties can begin to experience FHE. The company had previously released FHE toolkits for MacOS, iOS, Linux, and Android based on its HELib encryption library.
In addition, IBM has worked with a select group of customers, including Bradesco, one of the largest Brazilian financial institutions, using real data. The researchers considered transactional data and a machine learning-based prediction model to perform two experiments – with and without homomorphic encryption. They demonstrated that it was possible, in this case, to make predictions with the same precision in both cases. In short, this means that banks can outsource forecasting tasks to external providers without jeopardizing customer data privacy and, more importantly, reducing the damage caused by any data leaks.
Homomorphic Encryption started to be studied in the 1970s. However, the crucial moment came in 2009, when Craig Gentry, at the time, working at IBM and now an Algorand Foundation researcher, published his work that ended up giving rise to the idea of applying FHE for data protection.
Until recently, FHE algorithms had been very slow to apply to organizations’ day-to-day routines – days or weeks to process what usually would take seconds without encryption, according to IBM. However, as computational power grows and FHE algorithms advances, certain procedures can reach speeds at the rate of seconds per bit, making the technology viable for many initial tests and real-world use cases. Gartner estimates that at least 20% of companies will have a budget for homomorphic encryption projects by 2025, compared to the current share of less than 1%.
Intel is also supporting homomorphic encryption by promoting initiatives to make the technology more accessible. One of them is aimed at developers and based on the HE-Transformer for nGraph. This development environment allows developers to create deep learning solutions for processing encrypted data.
Since homomorphic encryption requires substantial computing power, Intel can also leverage its processor expertise to make it more efficient. In addition, according to the company, it is important for the technology industry as a whole to be able to continue to exploit the full power of Artificial Intelligence while protecting data privacy.
One more action by Intel has to do with the definitions of FHE standards. Together with other companies interested in this field, including Microsoft, IBM, and Google, Intel hosted a meeting in August 2019 to identify points of agreement and propose them to standardization bodies. An open consortium including private initiatives, government, and academia has already been created to establish consensus around homomorphic encryption standards.
Another front line comes from Facebook, New York University, and Stanford University. The group proposed the creation of Porcupine, a “synthesizer compiler” for homomorphic encryption. Researchers say that many advances have made it possible to deal with FHE processing overheads, but automatic compiler processes to produce efficient kernels in order to work with FHE technology have remained relatively untapped. With the proposed compiler, the idea is to ensure up to 51% performance gains compared to codes optimized in a non-automated way.
In February 2021, initiatives around homomorphic encryption intensified with an announcement including Intel, Microsoft, and the United States Defense Advanced Research Projects Agency (DARPA). The objective of the multi-year DPRIVE (Data Protection in Virtual Environments) program is to develop a hardware accelerator for FHE – relying on Intel’s know-how – to reduce the processing overhead associated with this type of encryption. On the other hand, Microsoft has the mission of accelerating the adoption of this technology when it is ready so that data sharing will be accompanied by a guarantee of privacy throughout its whole life cycle.
In April 2021, Nasdaq, which serves capital markets and other industries, announced that it is exploring new extensions of the 3rd generation Intel Xeon Scalable processor’s instruction architecture to significantly accelerate the homomorphic encryption applications. Nasdaq’s expectation is to achieve 100x performance gains in 2021 based on a joint research and innovation initiative with Intel. The proofs of concept carried out by Nasdaq are testing the FHE in the fight against financial crimes – particularly money laundering and fraud detection – using proprietary data while complying with privacy laws. Nasdaq and Intel are working together to assess how FHE can fit into the electronic stock exchange’s transaction data flow. For now, FHE technology is not being used in any Nasdaq business environment.
In practice, what could FHE be useful for? For example, healthcare institutions can share patient data with researchers to help train Artificial Intelligence and machine learning models in order to identify disease markers. With FHE, they will be able to do this without violating privacy rules. Financial services companies can use bank account and customer behavior data to develop better algorithms for detecting frauds. They will also be able to do this using FHE to ensure confidentiality. Users will also be able to sign in applications using encrypted biometric data.
The FHE encryption procedure takes place, in general, at points where confidential data is captured, for example, cameras or databases. The processing of encrypted data will always take place in Artificial Intelligence systems or equivalent that need to operate on confidential data. And, finally, decryption will only take place at the point where the results of the data processing need to be revealed to a third party.
What is missing for FHE to be widely used by organizations? In a nutshell, FHE is still an incipient technology, leaving research laboratories to reach the streets, with a considerable degree of complexity. Due to these facts, developers without specific experience in cryptography may face difficulties understanding the FHW concepts and put them into practice in the day-to-day coding work.
Another important limitation is computational power. Although these scenarios have evolved a lot over the years due to the processor capacity, certain transactions may require much more resources compared to traditional operations which do not use encrypted data.
Considering these and other obstacles, the latest Market Research Future report predicts that the global homomorphic encryption market is expected to reach US$ 268.92 million with an 8.58% compound annual growth rate in 2019-2027.