What if you could unlock the value of your sensitive data without ever decrypting it? With Fully Homomorphic Encryption (FHE), you can compute sensitive data while maintaining your privacy and compliance controls.
What is Fully Homomorphic Encryption (FHE)?
FHE is a more advanced form of encryption that has been under development for the past decade, which is designed to close this gap -- by allowing data to remain encrypted even during computation. The mathematics behind FHE is designed so that computations can be performed directly on encrypted data (ciphertext), without the service behind it needing to “see” that data to provide accurate results.
In a virtual media roundtable, Omri Soceanu, AI Security Group Manager, IBM Research and Patrick Bruinsma, Client Technical Manager, IBM Z, talked about the effectiveness of this innovative technology and why it will be a game-changer for many organisations looking to work with data safely and securely.
When encrypting data, there are usually two methods that companies use: Transmission and storage.
“So, if companies wanted to perform computation over data, then they would have to decrypt it,” said Omri. “And so, if a malicious entity got access to your cloud account, they would see encrypted data but wouldn’t be able to process it. This gives you another layer of security.”
FHE basically allows the computation of still-encrypted data but without sharing the secrets.
On top of that, IBM has made FHE implementations simple, whereby you don’t need FHE expertise to learn and apply it.
According to Omri, “There are just a few lines of code and no real FHE expertise needed for these lines of code. You don’t have to be familiar with schemes or with parameters or with the different implementation constraints. It is pretty easy to use using Python, which is something that is familiar to all data scientists.”
FHE as Quantum safe
In addition, FHE is based on lattice cryptography, which is considered to be quantum-safe – helping harden it against future quantum computing capabilities.
“One of the things IBM did during the early part of the research and implementation is to prove that this could work. We are looking into how we can make this available even if companies don’t have deep-level knowledge of all the research and cryptography and all these deep technical skills that they may assume are required,” said Patrick.
Over the past few years, IBM Research has initiated several efforts to bring FHE out of the research realm and into early education and adoption amongst businesses and enterprise developers. With that, they announced several critical new toolkits and offerings in 2020, including:
IBM collaborated with Brazil’s Banco Bradesco SA to publish a paper in which they homomorphically encrypted banking data, such as credit card transactions and a machine-learning model. It demonstrated that it was possible to run predictions with the same accuracy as without encryption and with adequate performance. This means that with FHE, banks can safely outsource the task of running predictions to an “untrusted” environment.
IBM Security launched first of its kind Homomorphic Encryption Services - to educate and prepare clients to build and deploy FHE-enabled applications as the technology reaches maturity in the near future. IBM Security Homomorphic Encryption Services will include both the tools and expert support needed to start learning about and experimenting with FHE – as well as a scalable hosting environment on IBM Cloud.
With this new encryption model, cloud computing providers and other third parties that store their clients’ encrypted data would be able to fully “analyse” that data on their clients’ behalf without “seeing” any of the private data in plain text.
FHE holds significant promise for a variety of use cases, including extracting value from private data; data set intersection, genomics analytics, oblivious queries (i.e. querying without revealing intent) and secure outsourcing.
FHE is particularly suited to industries that are regulated and use private, confidential, and “crown jewel” data, such as finance and healthcare since the technology can broadly share financial information or patient health records while restricting access to all but the necessary data.