Micro Focus is now part of OpenText. Learn more >

You are here

You are here

Intel’s fully homomorphic encryption chip: Big science—bigger wait

Richi Jennings Your humble blogwatcher, dba RJA
Intel chips from a gentler age

What if a public cloud could process encrypted data without knowing the encryption key? That’s the “data-in-use encryption” problem. And it’s a hard one.

One approach is FHE—which stands for “fully homomorphic encryption.” But it’s incredibly, amazingly, unbelievably slow.

What if you could make it 10,000 times faster? Intel thinks it can, by implementing it in dedicated hardware. In this week’s Security Blogwatch, we fry the fish to complement the chips.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: counting.


This sounds complicated. Chris Williams boils it down—Microsoft and Intel team up:

Intel has pledged to design a chip that accelerates homomorphic encryption in collaboration with Microsoft and … DARPA.

This development will be part of DARPA's unfortunately named DPRIVE project … (Data Protection in Virtual Environments). Homomorphic encryption allows you to perform operations on encrypted data without having to decrypt it into plain text, work with it, and then encrypt the output. Microsoft is a fan of the technology.

Okay, that might be a little too simplified. Lucian Constantin reports in longer form—Intel, Microsoft join DARPA effort to accelerate fully homomorphic encryption:

[It] aims to develop hardware and software to drastically improve the performance of fully homomorphic encryption (FHE) computation. As part of the program, Intel will develop a hardware accelerator that could make machine learning practical with always-encrypted and privacy-preserving data.

If successful, the multi-year effort could allow organizations from industries with strict data confidentiality requirements, such as healthcare … to easily share sensitive data with partners and third-party services in public clouds without the risk of exposing it.

The most appealing property of FHE is that you can send encrypted data to a third-party service to be processed without providing them with the encryption key, so you're essentially getting the result of those computations without having to trust the service provider with … your data. Take, for example, the case of a cloud-based medical predictive analytics service that uses machine learning: FHE could … help doctors deliver better diagnoses without having to expose protected patient data.

How does it work? Ian Cutress explains—This is Important:

When considering data privacy and protections, there is no data more important than personal data. [But FHE] is so computationally intense that the concept is almost useless in practice. This program between the three companies is a driver to provide IP and silicon to accelerate the compute.

Data protection … makes any processing of personal, private, and confidential data difficult, often resulting in dedicated data silos, because any processing requires data transfer coupled with encryption/decryption, involving trust that isn’t always possible. … FHE [lets you] take encrypted data, transfer it to where it needs to go, perform calculations on it, and get results without ever knowing the exact underlying data.

Why this matters: … The best insights from data come from the largest datasets. This includes being able to train a neural network. [But] FHE at that scale is no longer a viable solution: … FHE can increase the size of the data by 100–1,000x, and then compute on that data is 10,000x to a million times slower than conventional compute.

Riiiight, but how does it work? Life gives us Robert Lemos: [You’re fired—Ed.]

FHE uses a specialized type of encryption, known as lattice cryptography, that encodes data using complex mathematical computations that are not able to be solved by current decryption techniques. However, the latest FHE algorithms use a data representation known as Large Arithmetic Word Size (LAWS), which uses data widths of thousands of bits to help mitigate some of the challenges of the algorithms.

Because the word size is much longer than the 64-bit data pipelines in current processors, the standard computing system is not suited. … For such a feat, Intel will create an application-specific integrated circuit (ASIC) accelerator chip to speed up computations on encrypted data … by a factor of roughly 100,000. [It] will be optimized for the calculations in much the same way that floating-point units (FPUs) extended the capabilities of … computers in the 1980s.

The Intel-Microsoft team is not the only one rushing to produce a hardware accelerator for privacy-preserving encryption. Newark, NJ-based Duality Technologies announced in February that it would lead a team to develop its own FHE accelerator, known as Trebuchet. Team members include the University of Southern California Information Sciences Institute, New York University, Carnegie Mellon University, SpiralGen, Drexel University, and TwoSix Labs.

Interesting, but still clear as mud. Timoteous has a go:

If you have two encrypted numbers, a and b, with homomorphic encryption, you can do operations on them like a + b = c. You still don't know what a, b or c is but you can pass c back to the person who has the encryption key and they can read it.

Why Intel and Microsoft? Danny McClanahan—@hipsterelectron—imagines the DARPA discussion:

Okay folks, we want to develop an accelerator chip for homomorphic encryption. Who are the two corporations most well known for such incredible security flaws they created an entire industry and have directly led to US government data being stolen? Right then, guess that’s settled!

Awesome. So, cheaper privacy ahead? Nope, says grant3:

FHE is still orders of magnitude more expensive than working on unencrypted data, and even the most optimistic future exploration has it remaining many multiples more expensive … (even assuming Intel's greatest dreams are realized). … FHE will make working on unencrypted data feasible but it will not be cheaper.

And Gravis Zero foresees an oint in the flyment:

FHE is the ultimate DRM (impossible to read, only possible to execute), so it's no wonder it's desired.

Businesses would see FHE instructions as a panacea to keep their secrets but the reality is that antivirus would become all but impossible. It would be buyer's remorse from day one of widespread FHE instruction adoption.

Time for a monochrome metaphor? Craig Gentry wrote this, way back in 2008—Computing Arbitrary Functions of Encrypted Data:

Alice owns a jewelry store. She has raw precious materials – gold, diamonds, silver, etc. – that she wants her workers to assemble into intricately designed rings and necklaces.

But she distrusts her workers and assumes that they will steal her jewels if given the opportunity. In other words, she wants her workers to process the materials into finished pieces, without giving them access to the materials. What does she do?

Here is her plan. She uses a transparent impenetrable glovebox, secured by a lock for which only she has the key. She puts the raw precious materials inside the box, locks it, and gives it to a worker. Using the gloves, the worker assembles the ring or necklace inside the box. Since the box is impenetrable, the worker cannot get to the precious materials, and figures he might as well return the box to Alice, with the finished piece inside.

Meanwhile, trust arglebargle_xiv to offer a more colorful metaphor:

Like many other "holy grails of encryption," this one has about as much … practical use as tits on a bull.

The moral of the story?

One to watch, but don’t hold your breath.

And finally

Don’t drink it

Previously in “And finally”

You have been reading Security Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or sbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

This week’s zomgsauce: Jonas Svidras (via Unsplash)

Keep learning

Read more articles about: SecurityData Security