While encryption is not a cure-all to address every security challenge, done right, it is an essential component for securing systems, data, and communications. However, doing encryption right is not easy and requires paying careful attention to how it is implemented.
While there are several well-established methods for encrypting data in storage (at rest) and keeping the data encrypted while moving across the network from one system to another (in transit), that isn’t the case for keeping the data encrypted while being processed by applications (in use). Fully homomorphic encryption (FHE) is one way to work with data stored in the cloud or third-party environments while keeping it encrypted.
Several companies have been experimenting with FHE recently. After completing FHE field trials, IBM has begun offering FHE service on IBM Cloud. IBM offers a FHE toolkit for MacOS, iOS, Linux, and Android. Microsoft’s Simple Encrypted Arithmetic Library (SEAL) is a free and open source cross-platform homomorphic encryption library organizations can use to run computations on encrypted data.
FHE currently is slow and has high overhead. Toward that end, Intel is working with Microsoft and DARPA (Defense Advanced Research Projects) to create an ASIC (a specialized microchip customized for a specific purpose) for FHE to help reduce computational overhead and drive down processing time.
And just last week, Duality Technologies released OpenFHE, an open source fully homomorphic encryption library.
"There are several FHE libraries out there, but they suffer from a usability dilemma," said Vinod Vaikuntanathan, co-founder and chief cryptographer at Duality Technologies, in a release. "FHE open source libraries all work on different platforms, implement different features, and have different APIs."
OpenFHE supports advanced FHE features such as bootstrapping, scheme switching, and multiple hardware acceleration backends using the standard Hardware Abstraction Layer (HAL). The associated compilers and other developer tools help developers integrate the library’s encrypted computing capabilities to create their own FHE-enabled applications.
FHE is considered to be the easiest among privacy technology, and OpenFHE is intended to be a “foundational building block” for conducting computations on encrypted data, says Kurt Rohloff, CTO and co-founder of Duality. An example use case allows data providers to encrypt their data locally, aggregate their encrypted data at a central data hub such as a cloud provider, and then run analyses on the data at the hub. All this is possible by using potentially sensitive or private data that doesn’t need to be decrypted.
OpenFHE is the “culmination of years of work” from multiple teams (PALISADE, HElib, and HEAAN) that have “decided to join forces to build the best library possible,” says Rohloff. PALISADE provides a general architecture for an extensible framework that supports multiple post-quantum FHE schemes in a single library, with the ability to integrate general hardware acceleration technologies, he says. HElib provides advanced capabilities for the BGV protocol, allowing for some of the most advanced designs for the most complicated FHE schemes. And finally, HEAAN provides extensive support for CKKS, the protocol most effective for machine learning (ML) applications run on encrypted data.