Intel and Microsoft are working together as part of the Defense Advanced Research Projects Agency (DARPA) program, which aims to develop hardware and software to significantly improve the performance of Fully Homomorphic Encryption (FHE) computing. As part of the plan, Intel will develop a hardware accelerator that can use data that is always encrypted and protected to make machine learning feasible.
If successful, after years of hard work, organizations from industries that require strict data confidentiality, such as medical, financial, banking, or government, can easily share sensitive data with partners and third-party services in the public cloud without exposing them. risk. .
Rosario Cammarota, principal engineer at Intel Labs, told CSO: “We will evaluate the platform on many workloads spanning statistical learning and machine learning.” “The performance goals will be very ambitious. They will be very ambitious. [DARPA] Compared with the performance achieved by the FHE software on the current CPU, our goal is to increase the performance of the algorithm by more than five orders of magnitude. This is important because today we cannot train machine learning models on encrypted data, but the platform within these performance goals will be able to perform such training. ”
What makes fully homomorphic encryption attractive
Fully homomorphic encryption is a form of encryption that allows mathematical operations to be performed directly on encrypted data (ciphertext) without first decrypting it. The calculation result is also encrypted, and only the data owner with the private key can access it. This result is the same as the result of performing the same operation on the unencrypted version of the data (plain text).
Encryption can be used to maintain the confidentiality of data in different states: at rest (storage), transmission (transmission over the network), and memory (during processing). The security of data in memory has always been the biggest challenge, which is why a Trusted Execution Environment (TEE) has been developed in hardware, such as Intel SGX or ARM TrustZone. The memory space of these secure areas is separated from the memory space of the main operating system, and can be used to safely perform operations on sensitive data without directly exposing it to processes running under the main operating system.
However, these solutions have limitations. First, they face the same key management challenge as the encryption of data in transit or data at rest: the secret key needs to be present on the server or TEE for decryption. For cloud computing, this means trusting the cloud operator. Second, in the case where the data owner is just the user of the service or application running in the cloud and not the owner of the service or application itself, they do not really solve the issue of trust and confidentiality.
The most attractive feature of FHE is that you can send encrypted data to a third-party service for processing without providing them with an encryption key, so in essence, you can get the results of these calculations without using your The confidentiality of the data.
Take a cloud-based medical predictive analysis service using machine learning as an example. FHE can enable medical institutions to use this service to help doctors provide better diagnoses without exposing protected patient data. Similarly, the technology can be used to analyze large data sets that combine public and private data. For example, a drug development company can use FHE to safely analyze data from patients who have tried experimental treatments but do not agree to participate in public clinical trials as part of a larger data set that contains data from such trials. This can be done using third-party services running in the cloud.
According to Cammarota, the use case can be further expanded by using multi-key homomorphic encryption, which is a form of FHE in which multiple parties merge their individually encrypted data into a pool, and then process the entire data pool to get result. The information is only visible to the parties who provided the data.
Current status of FHE
Although there have been software implementations of FHE and various libraries and toolkits from large industry names such as IBM and Microsoft, because FHE has an inherent problem: data corruption, their performance on current CPUs is very poor. Unlike typical encryption schemes that ensure data integrity, FHE does not do this because the overall goal is to perform calculations that change the ciphertext and affect its integrity. In encryption terms, FHE uses a scalable algorithm by design.
DARPA explained: “Each homomorphic calculation will generate a certain amount of noise (or error), thereby destroying the encrypted data representation.” “Once this noise has accumulated to a certain level, it is impossible to restore the original underlying plaintext. From Essentially, the data that needs to be protected has been lost. The computational structure called’guide’ helps to solve this unsustainable accumulation of noise, reducing it to a level that can be compared with the original plain text, but it will produce A lot of computational overhead to perform.”
This problem severely limits the practical application of FHE. According to Cammarota, machine learning inference is currently possible, but there are some limitations, but using FHE data for machine learning training is out of reach. In order to solve this problem, new technologies need to be developed to greatly improve the performance of FHE workloads. This is why DARPA has established the Virtual Environment Data Protection (DPRIVE) program.
Intel joins DPRIVE
As part of the DPRIVE plan, Intel’s goal will be for many years to develop hardware accelerators for FHE in the form of application-specific integrated circuits (ASICs). However, before manufacturing such a system-on-a-chip (SoC), the first stage of the program will focus on identifying key building blocks to accelerate fully homomorphic encryption algorithms, Cammarota said.
This work will be completed in cooperation with Microsoft, which plans to test the technology and integrate it into their cloud products to promote commercial adoption. Both Microsoft and Intel are members of the Homomorphic Encryption Standardization Alliance of industry, government and academia.
ASICs are integrated circuits commonly used as peripherals, and are designed and optimized for specific operations or specific types of operations. Compared with general-purpose chips, they can achieve better performance on specific tasks. For example, bitcoin mining equipment that essentially solves mathematical problems to obtain reward bitcoins uses ASICs instead of regular CPUs.
In other words, some operations that previously required hardware accelerators have been integrated into general-purpose CPUs over time. Floating-point unit (FPU), also known as math co-processor, was previously implemented separately as an accessory, but has now become a standard part of most CPUs and GPUs. Stand-alone cryptographic accelerators are still common, but some of their functions have also been integrated into the CPU. The Intel Advanced Encryption Standard New Instructions (AES-NI) is a good example of hardware-accelerated encryption operations, which are now a standard configuration for most CPUs.
Cammarota said that over time, the FHE hardware acceleration technology developed as part of DARPA DPRIVE may adopt a similar approach, but it needs to be evaluated by different Intel business units and pointed out that multiple teams of the company are cooperating with the project. Including Intel Labs, which is the research department, data platform group and design engineering group.
Making fully homomorphic encryption cheap is also a way to democratize the technology. Cammarota said that this is exactly what AES-NI does with AES encryption, so it is entirely possible.
However, to gain widespread adoption, it is also important to standardize this type of encryption that is going in parallel with the development of FHE hardware acceleration and continues to mature. Cammarota said: “It’s a bit weird to think of homomorphic encryption as a security technology.” “On the one hand, you look at the workload, on the other hand, the fact that you can calculate based on encrypted data is very exciting because you can A new business model, and now you can protect your assets. On the other hand, this is an encryption technology, so when it comes to actual deployment, people will not only see excitement, but also ask: Is it standardized? We Can it be deployed safely? Do we know how to deploy it safely? Therefore, there will be close collaboration between the results. [DPRIVE] Planning and standardization process. ”