In my last post, I wrote about how encryption is necessary for business, especially in the Healthcare industry. Fully Homomorphic Encryption (FHE) is a newer form of encryption that allows systems to work on encrypted data without the need to access the private key, the cryptographic information used by the encryption algorithm to protect the data. This makes data more secure as a compromise of the private key means that the encryption is basically useless as a bad guy could decrypt any data secured by it. Intel® is doing its part to bring new instruction sets to their Xeon® processors so FHE can be performed within applications, without the need to decrypt the data.
The Importance of Secured Private Data
With existing regulations throughout the world (and more expected) it is imperative that private data remains secure; however, as we become more of a digitized society, it becomes tougher as more data is being used and shared more freely. People have immediate access to information by using the Internet. For instance, people do not need to lug around a binder full of their medical history every time they visit the doctor. Most people have smartphones that can access data over the Internet (and even store data locally) and doctors have their own patient records. This data could be a treasure trove for malicious parties.
Encryption is just one of the security measures that can be used to protect data. Encryption will make the data nearly impossible to read without the proper access, making the unauthorized access or loss of that data less of a concern. With traditional encryption, the data must be decrypted before it can be acted upon, such as transferring between systems. FHE changes this by allowing the data to be acted on without the need to decrypt it first. For instance, data can be shared between approved systems and modified without being decrypted. This increases the security of the data as it remains in an encrypted state within an environment.
How Encryption Supports Data Privacy
Why does this all matter? As stated previously, there is a lot of data out there. Regulations and data privacy are major concerns, so securing this data is extremely important. Encryption is one method of securing data as it obfuscates it so prying eyes cannot read it. The data remains in an unreadable state when in transit or storage and does not need to be decrypted. While traditional encryption keeps data encrypted when it is either at rest, in transit, or both, it does keep data encrypted during computation. When data is decrypted, such as when moving between different applications, the data is changed to a state that it can be read easily. By enabling FHE, systems can compute and move data without decrypting it first, thus leaving it in that encrypted (and more secure) state. If machine learning can act on the data while it is in an encrypted state, applications could work on the data while it remains secure. This increases the security posted so that there is less of a chance for unapproved people to access the data. This means data remains secure and the bad guys will be forced into other methods to try to obtain the data.
Unfortunately, FHE is computationally heavy requiring major processing power to make it work correctly. Working with unencrypted data requires far less processing and thus takes far less time compared to encrypted data, including traditional encryption methods. What could take only a few seconds with unencrypted data could take minutes or even hours (or more) when the data is encrypted. Multiply this by the amount of data companies have stored and one can see why working with encrypted data needs major computational power. Fortunately, Intel is working on speeding up FHE using their processors. Their Xeon processing architecture is being accelerated so that FHE can be done quicker. This is great for many industries as enabling encryption without it being a burden means private data can remain secure.
Intel Homomorphic Encryption
Intel is enabling FHE through its Xeon chipsets and sharing the ability to perform FHE with application vendors. By moving encryption from software to hardware, Intel is accelerating encryption and, thus, increasing the security posture. Fortunately, Intel is sharing the knowledge on how to enable FHE with their chipsets. One of the ways Intel is doing this is through an HE Toolkit, which Intel has already released as an open-source download. This toolkit is a consolidation of Intel’s innovation into an easy-to-use, customer-friendly package. It is designed to enable real-world use cases for FHE so that applications can be made more secure. Intel® Advanced Vector Extensions (AVX-512) enable FHE in the Xeon processor and the toolkit gives the necessary instructions on how to take advantage of those extensions. The toolkit is already available and more information about it (including a link to the toolkit repository on Github) can be found here. You can also learn more with Intel HEXL, the homomorphic encryption acceleration library, which implements the key kernels for homomorphic encryption acceleration using AVX512. (https://github.com/intel/hexl)
In addition to making the HE Toolkit available as an open-source download, Intel is partnering with other companies like Microsoft and the Defense Advanced Research Projects Agency (DARPA) to make FHE available for companies. DARPA has launched a new program to enable better data security through FHE. This program is called Data Protection in Virtual Environments, or DPRIVE. The goal of DPRIVE is to create a hardware accelerator that will reduce the computational runtime overhead so that FHE can be available to applications without the need for major processing power. DARPA estimates that “we are about a million times slower to compute in the FHE world than we are in the plaintext world” and has launched DPRIVE so that FHE can be comparable to plain text data, at least timewise (https://www.darpa.mil/news-events/2021-03-08).
By achieving their goal of hardware-accelerated FHE, applications can work on encrypted data without first decrypting it. For the DPRIVE program, Intel plans to design an application-specific integrated circuit (ASIC) accelerator to help enable DARPA’s goals. Since there are other companies in the DPRIVE program, Intel will be collaborating with them to better enable FHE. More information from Intel can be found here. This is a multi-year program and Intel joined in March 2021, so it will be some time before FHE is available in applications working at companies.
Conclusion
Encryption is a must when working with or storing sensitive data. Traditional encryption may no longer be good enough because the data must be decrypted to be worked on, leaving it in a vulnerable state where it can be read easily. By enabling FHE, data can be made more secure because applications can work on the data while it remains in an encrypted state. It is still a few years away but, fortunately, Intel is working to develop the hardware needed and is partnering with other companies to deliver FHE in a usable state. It may be a little too early to deploy FHE, but application vendors should start thinking about enabling it in future product revisions. Any tools that can help companies secure sensitive data should be implemented so that the data remains as safe as possible. If you want to read more about FHE, Fabian Boemer, a research scientist at Intel that works on FHE, wrote a blog post that gets into the technical aspects. Check it out here.
