You are here

Code breaking machine

What DARPA's no-decryption tech means for mobile, cloud

John P. Mello Jr., Freelance writer

For years, cryptographers have been able to encrypt data at rest and in transit. What's eluded them, however, is the ability to protect encrypted data while it's being processed. Typically, encrypted data needs to be decrypted before operations can be performed on it. Once decrypted, it becomes an attractive target for any intruders on a network.

Protecting data while working with it became a kind of Holy Grail for cryptographers. They knew it could be done—theoretically. Three cryptographers, Ron Rivest, Leonard Adleman, and Michael Dertouzos, proposed what's called full-homomorphic encryption 30 years ago.

Phil Zimmermann, author of the popular encryption program Pretty Good Privacy, who now teaches cryptology at Delft University of Technology in the Netherlands, explained that up until recently the technology was best appreciated in academic journals as a theoretical capability. "It wasn't thought to be practical to implement in the real world," he said.

One of the problems: The staggering amount of computing power needed to deploy it. Zimmermann said that homomorphic encryption is a compute-intensive operation, much more so than other cryptography. "If you use cryptography for storage or communication, it involves a public key operation at the beginning, which takes a little bit of time, but then you use a block cipher for the rest of it," he noted. "That goes at lightning speed."

Zimmermann continued: "When you do homomorphic encryption, you have to do a lot of public key operations, which means you use a lot of compute time."

That was then; this is now. Here's how DARPA's encryption breakthrough came to be and what it means to the future of mobile, cloud, and beyond.

Multicloud Monitoring: How to Ensure Success the First Time

Enter some elegant math

The crypto community's views on homomorphic encryption, though, began to change in 2009. That's when an IBM researcher, Craig Gentry, figured out a way to take the technology out of the theoretical world.

However, Gentry's method couldn't surmount the processing power problem. A simple Google search could take a trillion times longer to perform using homomorphic encryption than unencrypted search, said Luther Martin, a distinguished technologist at Hewlett Packard Enterprise.

"It was slow, but it was elegant math."
—Luther Martin, HPE

Soon after Gentry's breakthrough, the military and intelligence establishments became interested in homomorphic encryption. In 2011, the Defense Advanced Research Projects Agency (DARPA), through its PROCEED program, and the Intelligence Advanced Research Projects Agency (IARPA), through its SPAR program, invested $20 million in a five-year initiative to make homomorphic encryption more practical. Among the programs' goals was reducing processing times by a factor of 10 million, which would reduce it to 100,000 times the computation needed for unencrypted computing.

While those compute times sound daunting at first blush, there may be contexts where they're acceptable. If an operation takes a tenth of a millisecond, for instance, then waiting for 10 seconds for a result that preserves privacy and security may be worth the wait, said Jonathan Katz, director of the Cybersecurity Center at the University of Maryland.

"There are also applications where you can afford to wait for the answer. There are things where you can afford to wait overnight for an answer."
—Jonathan Katz, University of Maryland

Where homomorphic encryption matters

There are applications in both the public and private sectors for homomorphic encryption. The military and intelligence agencies are notoriously miserly when it comes to sharing information. With homomorphic encryption, an agency could perform an encrypted search on another agency's encrypted data without revealing the subject of the search. Meanwhile, the agency with the data doesn't have to decrypt it and expose it to the agency performing the search.

Mobile applications can also benefit from homomorphic encryption. Instead of an application bringing encrypted data into a phone, decrypting it and performing tasks with it, operations could be performed on the encrypted data in the cloud. Not only would that be more secure, but it would also help improve the performance of a device's resources by transferring compute tasks to the cloud.

The same is true for encrypted data in the phone. It would not have to be decrypted—and risk compromise—before it could be used by an application.

"You never know what people are going to think of once they have a tool in their toolbox," said Ellison Anne Williams, a former DARPA hand and CEO and founder of Enveil, which offers a homomorphic crypto solution for protecting data interactions, including search and analytics.

"They'll think of clever ways to use this technology that we haven't thought of yet."
—Ellison Anne Williams, Envail

One of those clever ways is getting ready to be deployed in Travis County, Texas. It's called STAR-Vote. STAR stands for "secure, transparent, auditable, and reliable." Homomorphic encryption makes the system all those things.

The nuts and bolts of STAR-Vote are complicated, but essentially the system uses homomorphic encryption to add up encrypted votes without exposing who cast them. What's more, voters can verify their individual vote online without the risk of them or anyone else seeing how they voted. And election officials can feel comfortable about exposing that data to the Internet, because it's protected by encryption. Travis County is already making plans to use the scheme before the 2020 presidential election.

[ Webinar: Stop Random Acts of Cloud (and Overspending) At Your Organization ]

No decryption needed: A cloud computing boon

Homomorphic encryption could be huge for cloud computing, experts note.

"People want to get their data off their premises, because it's expensive to store and maintain it there, and they want to get it out in the cloud," explained Williams. The problem with encrypting data in the cloud, though, is that it makes the cloud a vault rather than a reservoir. "Once it's encrypted, I can't do anything with it without decrypting is first," Williams said.

To perform operations on data that has been encrypted and stored in the cloud,  organizations today return it to their premises, decrypt it, and perform operations on it. Then they encrypt it again and return it to the cloud. "That's an extremely inefficient process, so they just don't do it," Williams observed.

It's also dangerous. "When you decrypt your data, it's exposed," explained HPE's Martin. "With homomorphic encryption, you can do things you want to do and never have to decrypt your data and expose it. That's huge."

"People worry about the cloud because when you put things in the cloud, you lose control of it. If you put data in the cloud because you're betting a hacker can't get to it, it might not be a good bet."
—Luther Martin, HPE 

With homomorphic encryption, you can leverage the full processing power of the cloud, Martin noted. "It allows you to perform meaningful searches and analytics on encrypted data in the cloud without decrypting anything."

That allows the encryption to protect the data's owner in two ways.

"It keeps it private not only from the cloud service provider but even if the cloud service provider gets attacked, your data is protected."
—Jonathan Katz, University of Maryland

While homomorphic encryption still faces many challenges, developers have already begun to find ways to use it in real-world applications. Whether it becomes a mainstream technology or not, it will be in the tool mix of system designers looking for ways to harden data security in an increasingly hostile threat landscape, experts noted. 

Image credit: Flickr