DARPA Fully Homomorphic Encryption (FHE)
Protecting and preserving personally identifiable information (PII), intellectual property, intelligence insights, and other forms of sensitive information has never been more critical. A steady cadence of data breaches and attacks are reported seemingly daily. As the use of cloud computing and virtual networks becomes increasingly pervasive for storing, processing, and moving information, concerns around data vulnerability, access, and privacy are similarly on the rise. This article provides information on the Darpa research on next generation Fully Homomorphic Encryption.
“Today, we are seeing ongoing struggles to trust the technologies and standards in place that are designed to protect critical data,” said DARPA program manager, Tom Rondeau. “Advances in quantum computing are raising questions about the durability of some of the most advanced data protection technologies, while concerns are being raised about the collection, misuse, and handling of personal information by organizations and institutions. These challenges underscore an urgent need to explore new secure computing models that can mitigate risk whether data is at-rest, in-transit, or in use.”
Fully Homomorphic Encryption (FHE) is an approach to data security that delivers mathematical proof of encryption by using cryptographic means, providing a new level of certainty around how data is stored and manipulated. Today, traditional encryption protects data while stored or in transmission, but the information must be decrypted to perform a computation, analyze it, or employ it to train a machine learning model. Decryption endangers the data, exposing it to compromise by savvy adversaries or even accidental leaks. FHE enables computation on encrypted information, allowing users to strike a balance between using sensitive data to its full extent and removing the risk of exposure. While FHE is increasingly touted as a viable path forward, it requires a prohibitive amount of compute power and time.
“A computation that would take a millisecond to complete on a standard laptop would takes weeks to compute on a conventional server running FHE today,” noted Rondeau.
To reduce the processing time from weeks to seconds – even milliseconds – DARPA launched the Data Protection in Virtual Environments (DPRIVE) program. DPRIVE seeks to develop a hardware accelerator for FHE computations that will dramatically reduce the compute runtime overhead compared to software-based FHE approaches. The goal of the program is to design and implement a hardware accelerator for FHE computations that is capable of drastically speeding up FHE calculations, making the technology more accessible for sensitive defense applications as well as commercial use.
The safety and security of critical information – whether it is sensitive intellectual property (IP), financial information, personally identifiable information (PII), intelligence insight, or beyond – is of vital importance. Conventional data encryption methods or cryptographic solutions, such as Advanced Encryption Standards (AES), translate data into a secret “code” that can only be decoded by people with access to a decryption key. These methods protect data as it is transmitted across a network or at rest while in storage. Processing or computing on this data however requires that it is first decrypted, exposing it to numerous vulnerabilities and threats. Fully homomorphic encryption (FHE) offers a solution to this challenge. FHE enables computation on encrypted data, or ciphertext, rather than plaintext, or unencrypted data – essentially keeping data protected at all times. The benefits of FHE are significant, from enabling the use of untrusted networks to enhancing data privacy. Despite its potential, FHE requires enormous computation time to perform even simple operations, making it exceedingly impractical to implement with traditional processing hardware.
FHE relies on a particular type of cryptography called lattice cryptography, which presents complex mathematical challenges to would-be attackers that require technologies beyond the current state of the art to solve. While effective at keeping data protected, the challenge with modern lattice-based FHE is the unavoidable accumulation of noise with each calculation performed. With each homomorphic computation, a certain amount of noise – or error – is generated that corrupts the encrypted data representation. Once this noise accumulation reaches a certain point, it becomes impossible to recover the original underlying plaintext. Essentially, the data in need of protection is now lost. Computational structures called “bootstrapping” help address this untenable noise accumulation, reducing it to a level that is comparable to the original plaintext, but produces massive compute overhead to perform.
“While a number of solutions have been developed, running FHE in software on standard processing hardware remains a nearly impossible challenge,” said DARPA program manager, Dr. Tom Rondeau. “Under previous programs like the Programming Computation on Encrypted Data (PROCEED) program, DARPA helped uncover FHE algorithms and proved what could be possible with FHE running on standard CPUs. It also shed light on the compute penalty and critical limitations of the technology. Today, DARPA is continuing to invest in the exploration of FHE, focusing on a re-architecting of the hardware, software, and algorithms needed to make it a practical, widely usable solution.”
DARPA developed the Data Protection in Virtual Environments (DPRIVE) program to design and implement a hardware accelerator for FHE computations that aims to significantly reduce the current computational burden to drastically speed up FHE calculations. DPRIVE specifically seeks to reduce the computational run time overhead by many orders of magnitude compared to current software-based FHE computations on conventional CPUs, and accelerate FHE calculations to within one order of magnitude of current performance on unencrypted data.
More details on the design and high level architecture of the new generation Fully Homomorphic Encryption can be found in the following resources: