IBM Makes Encryption Paradox Practical

“Fully homomorphic” cryptography allows partial access to digital vaults without ever opening their locks

3 min read
Image: iStockphoto

How do you access the contents of a safe without ever opening its lock or otherwise getting inside? This riddle may seem confounding, but its digital equivalent is now so solvable that it’s becoming a business plan. 

IBM is the latest innovator to tackle the well-studied cryptographic technique called fully homomorphic encryption (FHE), which allows for the processing of encrypted files without ever needing to decrypt them first. Earlier this month, in fact, Big Blue introduced an online demo for companies to try out with their own confidential data. IBM’s FHE protocol is inefficient, but it’s workable enough still to give users a chance to take it for a spin. 

Today’s public cloud services, for all their popularity, nevertheless typically present a tacit tradeoff between security and utility. To secure data, it must stay encrypted; to process data, it must first be decrypted. Even something as simple as a search function has required data owners to relinquish security to providers whom they may not trust.

Yet with a workable and reasonably efficient FHE system, even the most heavily encrypted data can still be securely processed. A customer could, for instance, upload their encrypted genetic data to a website, have their genealogy matched and sent back to them—all without the company ever knowing anything about their DNA or family tree. 

At the beginning of 2020, IBM reported the results of a test with a Brazilian bank, which showed that FHE could be used for a task as complex as machine learning. Using transaction data from Banco Bradesco, IBM trained two models—one with FHE and one with unencrypted data—to make predictions such as when customers would need loans.

Even though the data was encrypted, the FHE scheme made predictions with accuracy equal to the unencrypted model. Other companies, such as Microsoft and Google have also invested in the technology and developed open-source toolkits that allow users to try out FHE. These software libraries, however, are difficult to implement for anyone but a cryptographer, a problem IBM hopes to remedy with its new service.           

“This announcement right now is really about making that first level very consumable for the people [who] are maybe not quite as crypto-savvy,” said Michael Osborne, a security researcher at IBM.

One of the problems with bringing FHE to market is that it must be tailor-made for each situation. What works for Banco Bradesco can’t necessarily be transferred seamlessly over to Bank of America, for example.

“It's not a generic service,” said Christiane Peters, a senior cryptographic researcher at IBM “You have to package it up. And that's where we hope from the clients that they guide us a little bit.”

It is not clear whether IBM’s scheme for FHE is any better than that of its competitors. However, by offering a service to clients, the company may have gotten the lead on tackling some of the first practical implementations of the technology, which has been in development for years.

Since the 1970s, cryptographers had considered what it would mean to process encrypted data, but no one was sure whether such an encryption scheme could exist even in theory. In 2009, Craig Gentry, then a Stanford graduate student, proved FHE was possible in his PhD dissertation

Over the past decade, algorithmic improvements have improved the efficiency of FHE by a factor of about a billion. The technique is still anywhere from 100 to a million times slower than traditional data processing—depending on the data and the processing task. But in some cases, Osborne says, FHE could still be attractive. 

One way to understand a key principle behind FHE is to consider ways in which an adversary might break it. Suppose Alice wants to put her grocery list on the cloud, but she’s concerned about her privacy. If Alive encrypts items on her list by shifting one letter forward, she can encode APPLES as BQQMFT. This is easily broken, so Alice adds noise, in the form of a random letter. APPLES instead becomes BQQZMFT. This makes it much, much harder for the attacker to guess the grocery items because they have to account for noise. Alice must strike a balance: too much noise and operations take too much time; too little noise and the list is unsecured. Gentry’s 2009 breakthrough was to introduce a specific, manageable amount of noise. 

While FHE may be of interest to many individual consumers interested in data privacy, its early corporate adopters are mainly limited to the finance and healthcare sectors, according to Peters. 

FHE’s applications may be increasing with time, though. In a data-rich, privacy-poor world, it’s not hard to recognize the appeal of a novel technology that lets people have their secret cake and eat it too.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less