Homomorphic encryption has often been referred to as the Holy Grail of encryption, since it allows computations to be carried out on encrypted data, without needing to decrypt it first.

With existing encryption schemes, encrypted data may be shared, but the key also has to be shared if you want to do anything with it — a critical vulnerability. With homomorphic encryption, sensitive data could be encrypted and then processed in the cloud, and the encrypted result returned without the data ever having been decrypted.

Homomorphic encryption was first discovered in 2009, and ten years on, it is finally ready for initial commercial adoption. Up to now, while processing encrypted data was theoretically possible, it was so computationally intense that it was deemed out of reach for real-world applications. Recent advances have brought it within the realms of usability for the first time.

The implications for AI are tremendous. In the world of machine learning, large-scale computation tasks, particularly training, are frequently offloaded to remote computing resources or accelerators in the cloud. This is a concern for privacy-bound industries such as finance and healthcare, which hold vast untapped potential for data science and AI. Then there is the concept of pooling data from different sources for training AI systems, without actually sharing the data — each party retains their data privacy, while the system learns from it anyway.

Duality Secure PlusAI

Homomorphic encryption allows meaningful computation on encrypted data, facilitated by Duality Technologies' SecurePlus middleware (Image: Duality Technologies)

Cancer Research

EETimes spoke to homomorphic encryption expert Kurt Rohloff about the impact commercial homomorphic encryption (HE) will have on the AI systems of the future.

Rohloff, an electrical engineer by training who has spent the majority of his career running HE projects for DARPA, is now CTO of Duality Technologies, a start-up that helps regulatory-bound companies share HE-encrypted data.

Kurt Rohloff, Duality Technologies

Kurt Rohloff (Image: Duality Technologies)

One of Duality’s current projects is a commission from the US NIH (National Institute for Health), which enables cancer research centres to encrypt patient data so that it can be analysed off-site without compromising patient confidentiality. At the moment, Rohloff said, the system supports running inference on encrypted data. Currently in the prototype stage is a system which will allow cancer centers to pool their data and use it for training machine learning models.

“For rare diseases, any one cancer research center might only see a handful of cases per year or even per decade, so it’s very hard to develop treatments for these rare diseases,” Rohloff said. “Homomorphic encryption provides a set of techniques that allows research centers to encrypt their data, share the encrypted data only, and then allow other researchers to run analytics on the data to identify genetic conditions which are indicative of these types of cancers, furthering the research to enable treatments.”

Models can also be encrypted. The commercial applications for encrypted models include enabling fintechs (financial technology startups) to demonstrate their algorithms on real data from banks, without either party having to share either the model or the data.

While Duality is ostensibly a cryptography company, Rohloff describes it more as a data science company, in that it enables analytics on data which is protected by encryption. The company’s SecurePlus platform is middleware which allows companies to encrypt data and then run analytics on the encrypted data, on companies’ own servers or in the cloud.

Computationally expensive

Of course, there is no such thing as a free lunch. The computing overhead for working with homomorphically-encrypted data today is a factor of 10x to 100x for inference-type computations.

This could potentially be reduced by advances in hardware acceleration, Rohloff said.

“There is a lot of potential for hardware acceleration to impact the runtime of homomorphic encryption computations,” he said. “The underlying maths is highly vectorised, but it’s integer maths as opposed to floating point type operations. It’s a mixture of models where SIMD-style, GPU-style computing, as well as FPGA-style computing, would have a potential impact.”

Does Rohloff imagine a future breed of AI accelerator chips built specifically for accelerating HE-encrypted workloads?

“Definitely, yes,” he said. “There has been a movement in the last few years to accelerate certain kinds of workloads, particularly in AI, and I definitely see an emerging need for this as the market starts to pick up homomorphic encryption. There have been some initial results designing hardware, including at DARPA, but the market right now is still focused on software.”

What would be the challenges of building such an accelerator chip?

“It is an issue of dimensionality and bit width,” he said. “We are dealing with vectorised operations and the dimensions of the vectors are typically in the order of tens of thousands... 16,000 or 32,000 dimensionality is fairly standard in this case. We have done a fair amount of work on 64-bit operations, but I can easily see us going to multi-hundred-bit or even multi-thousand-bit word sizes.”

Standards body

Duality, along with Intel AI and Microsoft, co-hosted the latest HomomorphicEncryption.org standards meeting last week in Santa Clara, CA. The aim of the standards body is to enable broader adoption of a technology which today is only understood by a relatively small community of academics and experts.

“This technology is emerging into use in regulated data industries, where there are liability concerns surrounding the sharing of regulated data,” Rohloff said. “The aim of the standards body is to develop industry-wide identification of what are appropriately vetted crypto protocols and what are appropriately vetted parameter settings, to provide security and privacy when using this kind of technology... and to provide a higher level of confidence so that this technology can be trusted by non-experts.”

The group meets every six months or so, and is open to participants from academia and industry.

The standards meetings have seen an increase in industry involvement, Rohloff said.

“The market is growing, early adopters are picking it up and charging forward,” he said. “I’m excited to see this growth after having been involved in this community for over 10 years, since the beginning.”