Over a decade ago, IBM Research sent the world of cryptography abuzz, when our scientists announced a major breakthrough with fully homomorphic encryption (FHE). A mouthful perhaps, but this mathematical concept allows something no other crypto scheme does — to perform arbitrary calculations on encrypted data without decrypting it.
And now we are taking this work to the next level. Our team is now offering a first-of-its-kind security homomorphic encryption services package that provides education, expert support and a prototyping environment for clients, enabling them to start experimenting with FHE.
Researchers first started tinkering with homomorphic encryption in the 1970s, but the real pivotal moment came in 2009. It was then that Craig Gentry, back then an IBMer, now — research fellow at Algorand Foundation, published his seminal work, "A Fully Homomorphic Encryption Scheme." Thanks to this work, researchers and companies began to consider FHE for cloud security, from banking and financial services to online shopping and healthcare. At the time, Craig compared it to “one of those boxes with the gloves that are used to handle toxic chemicals… All the manipulation happens inside the box, and the chemicals are never exposed to the outside world.”
While a crucial moment, at the time FHE was believed to be too slow for routine use because the computation was too complex and required too much computing power. But fast-forward to today — we’ve been continuously pushing the limits of this ‘black-box’ crypto scheme and have now hugely sped up the technology.
Critically, though, we think that to continue its journey into the wider use, FHE needs to be in the hands of data scientists and regular application developers, not just crypto experts. That’s what we are striving for: to reduce the barrier to entry so that FHE becomes consumable by all.
By working together with leading businesses that understand the unique challenges in their industry and with academics developing and using FHE, we enable the development of a new generation of AI, machine learning, and cloud technologies that allow critical computations to be performed on sensitive data – without compromising on privacy.
Today’s world runs on data, whether you are a consumer using a traffic app or a major company that needs data to understand customers or to run computations. And with that abundance of data, security and privacy are key. With business information stored in the cloud, it is exposed to security risks and vulnerabilities on a daily basis. IBM X-Force Threat Intelligence Index found that in 2019, some 8.5 billion records were breached, giving attackers access to stolen credentials. Securing data and access to sensitive information is more important than ever.
That’s where FHE comes in.
While encryption allows data to be protected both during transit and storage, the data typically must be decrypted while accessed for computing and business-critical operations – creating the opportunity for potential compromise of privacy and confidentiality controls. FHE is designed to close this gap. It allows data to remain encrypted even during computations, so that they are performed on encrypted data (ciphertext), without the service behind it needing to ‘see’ that data.
Earlier this year, IBM Research took another leap forward and released FHE toolkits based on HELib, an open source HE library. The toolkit allows developers with basic platform tool familiarity to start using it just by following a few simple instructions.
IBM has also worked with a select group of clients including Banco Bradesco, one of Brazil’s largest banks, using real financial data. Researchers showed that it was possible to perform encrypted predictions concealing the data and the result throughout the processing, obtaining the level of privacy not currently possible with any other methods. FHE can provide privacy protection for users requesting predictions— redefining the boundaries of what data must be stored and by whom.
There’s still a lot of work to do with FHE, and we’re excited to see FHE move out of research to a broader audience who, we hope, will soon see the value of this technology and take the next steps in improving cloud security.