How to make Fully Homomorphic Encryption “practical and usable”

Fully Homomorphic Encryption (FHE) for years has been a promising approach to protecting data while it’s being computed on, but making it fast enough and easy enough to use has been a challenge.

The Intelligence Advanced Research Projects Activity, which has been leading the Department of Defense’s examination of this topic, recently awarded research and development firm Galois a $1M contract to explore ways to bring FHE to programmers. 

The goal, says Galois Principal Investigator Dr. David Archer, is making FHE “practical and usable,” and his outfit is working with researchers at the New Jersey Institute of Technology on this front via the Rapid Machine-learning Processing Applications and Reconfigurable Targeting of Security (RAMPARTS) initiative. 

While it’s up to IARPA as to what becomes of the researchers’ output, Archer says he wouldn’t be surprised if it goes the open source route. 

DEFINING FHE

Just to step back, Archer describes FHE as “a variant of Somewhat [or Semi] Homomorphic Encryption, and allows for computing a function on data that is encrypted so that the data is never in the clear while the computation is going on. It produces an encrypted result that a user with the right key can decrypt.” The first live construction of FHE showed up from IBM in 2009, whereas Somewhat Homomorphic Encryption has been around since the 1970s and ‘80’s.

FHE allows for conducting more complex functions than Somewhat Homomorphic Encryption.

“There’s more and more data available,” Archer says. “And people are recognizing, maybe not for the first time, that it’s important to keep that data private, yet it would be great if we could get utility out of it.”

A researcher studying the opioid crisis, for example, might benefit from running an analysis on private healthcare data, but the owner of that data might not feel comfortable providing access due to privacy concerns. FHE, if trusted by both parties, could allow a way for researchers to make use of data without actually seeing the original information.

Archer even cites an example that could apply to IT networking pros, such as if you wanted to study network data traces from service providers to possibly spot attacks from new adversaries. 

But he acknowledges that even a promising technology like FHE could be a tough sell. 

“There are a couple of problems you need to get people past,” he says. “One is belief that the data is never going to be in the clear, because there’s still a bit of black magic sound to this… Another challenge is you have to think beyond just the thing you want to compute, you also have to think about what does it reveal? Because none of these things can hide the output. So if someone was to be a little malicious and said the analysis I want to run is just show me the data, then that wouldn’t accomplish this privacy preservation that the data owners would want. So there’s also this negotiation challenge between the researcher and data owner.”

Statutory regulation is one more challenge, as there could be statutes that don’t even let you share encrypted data, Archer says.

For now, Galois and New Jersey Institute of Technology are building a prototype that lets an analyst using the Julia language write programs that run functions on FHE data just as they would any other programs, except they’d tag these functions to deal with encrypted data. “Think of it as a transparent homomorphic subsystem that can run in a Julia environment,” Archer says.

The reality is that “your mileage may vary” when using FHE, which is still very limited in production applications and still needs plenty of work on optimization, Archer says. So it might work quite well on certain functions like linear regressions, but be terribly inefficient on other operations, he says. However, Archer says the future for FHE is bright. About 5 years ago, using FHE was 10 to 12 orders of magnitude slower than computing in the clear, whereas a couple of years ago that had been improved by 6 or 7 orders of magnitude, he says. We’re still not near real-time processing, but FHE is definitely getting faster, Archer says.

MORE: Dark thinking on IoT and exploding enterprise networks