IBM bets homomorphic encryption is ready to deliver stronger data security for early adopters

The topics of security and data have become almost inseparable as enterprises move more workloads to the cloud. But unlocking new uses for that data, particularly driving richer AI and machine learning, will require next-generation security.

To that end, companies have been developing confidential computing to allow data to remain encrypted while it is being processed. But as a complement to that, a security process known as fully homomorphic encryption is now on the verge of making its way out of the labs and into the hands of early adopters after a long gestation period.

Researchers like homomorphic encryption because it provides a certain type of security that can follow the data throughout its journey across systems. In contrast, confidential computing tends to be more reliant upon special hardware that can be powerful but is also limiting in some respects.

Companies such as Microsoft and Intel have been big proponents of homomorphic encryption. Last December, IBM made a splash when it released its first homomorphic encryption services. That package included educational material, support, and prototyping environments for companies that want to experiment.

In a recent media presentation on the future of cryptography, IBM director of strategy and emerging technology Eric Maass explained why the company is so bullish on “fully homomorphic encryption” (FHE).

“FHE is a unique form of encryption, and it’s going to allow us to compute upon data that’s still in an encrypted state,” Maass said.

Evolving encryption

First, some context. There are three general categories of encryption. The two classic ones are encryption for when data is at rest or stored and then “data in transit” that protects the confidentiality of data as it’s being transmitted over a network.

The third one is the piece that has been missing: the ability to compute on that data while it’s still encrypted.

That last one is key to unlocking all sorts of new use cases. That’s because until now, for someone to process that data, it would have to be unencrypted, which creates a window of vulnerability. That makes companies reluctant to share highly sensitive data involving finance or health.

“With FHE, the ability to actually keep the data encrypted and never exposing it during the computation process, this has been somewhat akin to a missing leg in a three-legged crypto stool,” Maass said. “We’ve had the ability to encrypt the data at rest and in transit, but we have not historically had the ability to keep the data encrypted while it’s being utilized.”

With FHE, the data can remain encrypted while being used by an application. Imagine, for instance, a navigation app on a phone that can give directions without actually being able to see any personal information or location.

Companies are potentially interested in FHE because it would allow them to apply AI to data, such as from finance and health, while being able to promise users that the company has no way to actually view or access the underlying data.

While the concept of homomorphic encryption has been of interest for decades, the problem is that FHE has taken a huge amount of compute power, so much so that it has been too expensive to be practicable.

But researchers have made big advances in recent years.

For instance, Maass noted that in 2011, it took 30 minutes to process a single bit using FHE. By 2015, researchers could compare two entire human genomes using FHE in less than an hour.

“IBM has been working on FHE for more than a decade, and we’re finally reaching an apex where we believe this is ready for clients to begin adopting in a more widespread manner,” Maass said. “And that becomes the next challenge: widespread adoption. There are currently very few organizations here that have the skills and expertise to use FHE.”

FHE is ready for its close-up

During the presentation, AI security group manager Omri Soceanu ran an FHE simulation involving health data being transferred to a hospital. In this scenario, an AI algorithm was used to analyze DNA for genetic issues that may reveal risks for prior medical conditions.

That patient data would typically have to be decrypted first, which could raise both regulatory and privacy issues. But with FHE, it remains encrypted, thus avoiding those issues. In this case, the data is sent encrypted and remains so while being analyzed, and the results are also returned in an encrypted state.

It’s important to note that this system was put in place using just a dozen lines of code, a big reduction from the hundreds of lines of code that have been required until recently. By reducing that complexity, IBM wants to make FHE more accessible to teams that don’t necessarily have cryptography expertise.

Finally, Soceanu explained that the simulation was completed in .069 seconds. Just five years ago, the same simulation took a few hours, he said.

“Working on FHE, we wanted to allow our customers to take advantage of all the benefits of working in the cloud while adhering to different privacy regulations and concerns,” he said. “What only a few years ago was only theoretically possible is becoming a reality. Our goal is to make this transition as seamless as possible, improving performance and allowing data scientists and developers, without any crypto skills, a frictionless move to analytics over encrypted data.”

Next steps

To accelerate that development, IBM Research has released open source toolkits, while IBM Security launched its first commercial FHE service in December.

“This is aimed at helping our clients start to begin to prototype and experiment with fully homomorphic encryption with two primary goals,” Maass said. “First, getting our clients educated on how to build FHE-enabled applications and then giving them the tools and hosting environments in order to run those types of applications.”

Maass said in the near term, IBM envisions FHE being attractive to highly regulated industries, such as financial services and health care.

“They have both the need to unlock the value of that data, but also face extreme pressures to secure and preserve the privacy of the data that they’re computing upon,” he said.

But he expects that over time a wider range of businesses will benefit from FHE. Many sectors want to improve their use of data, which is becoming a competitive differentiator. That includes using FHE to help drive new forms of collaboration and monetization. As this happens, IBM hopes these new security models will drive wider enterprise adoption of hybrid cloud platforms.

The company sees a day, for instance, when due diligence for mergers and acquisitions is done online without violating the privacy of shareholders and when airlines, hotels, and restaurants use FHE to offer packages and promotions without giving their partners access to details of closely held customer datasets.

“FHE will allow us to secure that type of collaboration, extracting the value of the data while still preserving the privacy of it,” Maass concluded.