How do you access the contents of a safe without ever opening its lock or otherwise getting inside? This riddle may seem confounding, but its digital equivalent is now so solvable that it’s becoming a business plan.
IBM is the latest innovator to tackle the well-studied cryptographic technique called fully homomorphic encryption (FHE), which allows for the processing of encrypted files without ever needing to decrypt them first. Earlier this month, in fact, Big Blue introduced an online demo for companies to try out with their own confidential data. IBM’s FHE protocol is inefficient, but it’s workable enough still to give users a chance to take it for a spin.
Today’s public cloud services, for all their popularity, nevertheless typically present a tacit tradeoff between security and utility. To secure data, it must stay encrypted; to process data, it must first be decrypted. Even something as simple as a search function has required data owners to relinquish security to providers whom they may not trust.
Yet with a workable and reasonably efficient FHE system, even the most heavily encrypted data can still be securely processed. A customer could, for instance, upload their encrypted genetic data to a website, have their genealogy matched and sent back to them—all without the company ever knowing anything about their DNA or family tree.
At the beginning of 2020, IBM reported the results of a test with a Brazilian bank, which showed that FHE could be used for a task as complex as machine learning. Using transaction data from Banco Bradesco, IBM trained two models—one with FHE and one with unencrypted data—to make predictions such as when customers would need loans.
Even though the data was encrypted, the FHE scheme made predictions with accuracy equal to the unencrypted model. Other companies, such as Microsoft and Google have also invested in the technology and developed open-source toolkits that allow users to try out FHE. These software libraries, however, are difficult to implement for anyone but a cryptographer, a problem IBM hopes to remedy with its new service.
“This announcement right now is really about making that first level very consumable for the people [who] are maybe not quite as crypto-savvy,” said Michael Osborne, a security researcher at IBM.
One of the problems with bringing FHE to market is that it must be tailor-made for each situation. What works for Banco Bradesco can’t necessarily be transferred seamlessly over to Bank of America, for example.
“It's not a generic service,” said Christiane Peters, a senior cryptographic researcher at IBM “You have to package it up. And that's where we hope from the clients that they guide us a little bit.”
It is not clear whether IBM’s scheme for FHE is any better than that of its competitors. However, by offering a service to clients, the company may have gotten the lead on tackling some of the first practical implementations of the technology, which has been in development for years.
Since the 1970s, cryptographers had considered what it would mean to process encrypted data, but no one was sure whether such an encryption scheme could exist even in theory. In 2009, Craig Gentry, then a Stanford graduate student, proved FHE was possible in his PhD dissertation.
Over the past decade, algorithmic improvements have improved the efficiency of FHE by a factor of about a billion. The technique is still anywhere from 100 to a million times slower than traditional data processing—depending on the data and the processing task. But in some cases, Osborne says, FHE could still be attractive.
One way to understand a key principle behind FHE is to consider ways in which an adversary might break it. Suppose Alice wants to put her grocery list on the cloud, but she’s concerned about her privacy. If Alive encrypts items on her list by shifting one letter forward, she can encode APPLES as BQQMFT. This is easily broken, so Alice adds noise, in the form of a random letter. APPLES instead becomes BQQZMFT. This makes it much, much harder for the attacker to guess the grocery items because they have to account for noise. Alice must strike a balance: too much noise and operations take too much time; too little noise and the list is unsecured. Gentry’s 2009 breakthrough was to introduce a specific, manageable amount of noise.
While FHE may be of interest to many individual consumers interested in data privacy, its early corporate adopters are mainly limited to the finance and healthcare sectors, according to Peters.
FHE’s applications may be increasing with time, though. In a data-rich, privacy-poor world, it’s not hard to recognize the appeal of a novel technology that lets people have their secret cake and eat it too.