IBM releases toolkit aimed at keeping data encrypted even while in use

IBM's new toolkit aims to give developers easier access to fully homomorphic encryption, a nascent technology with significant promise for a number of security use cases.
Written by Stephanie Condon, Senior Writer

Eleven years ago,IBM made a breakthrough in the development of fully homomorphic encryption (FHE), a technology that allows for computation and analysis of data while keeping it encrypted. FHE holds significant promise for a number of uses, IBM says -- particularly any operations that involve highly sensitive data that must be protected. 

However, FHE remains a complicated technology that's hard to implement. IBM aims to change that with the release of new toolkits that should help developers start experimenting with FHE and eventually incorporate it into the products they build. The toolkit is available today in GitHub for MacOS and iOS, and it will soon be available for Linux and Android. 

Today, files are often encrypted in transit and at rest but decrypted while in use, creating a security vulnerability. This often compels organizations to make trade-offs and go through long vetting processes in order to ensure they can keep their valuable data protected while still gaining some value out of it. FHE aims to resolve that issue.  

"If we are able to perform computation with data encrypted, we can address this paradox of the need to know versus the need to share," Flavio Bergamaschi, FHE pioneer and IBM Researcher, explained to reporters. "It's almost the same as enabling the processing of that data without getting access to it. If we can achieve that, we are adding a level of security beyond what [exists] today."

FHE is particularly well-suited for heavily-regulated industries like finance and healthcare, Bergamaschi said. 

"Whenever you have 'crown jewel' data you want to protect, this is potentially the right type of encryption to work with," he said.

Based on lattice cryptography, FHE is "to the best of our knowledge" quantum resistant, Bergamaschi. 

While the technology holds great potential, it does require a significant shift in the security paradigm. Typically, inside the business logic of an application, data remains decrypted, Bergamaschi explained. But with the implementation of FHE, that's no longer the case -- meaning some functions and operations will change. In other words, "There will be a need to rewrite parts of the business logic," Bergamaschi said. "But the security that you gain with that, where the data is encrypted all the time, is very high."

Bergamaschi outlined four use case archetypes well-suited for FHE. First, the technology makes sense for enabling "oblivious queries" -- when you perform a query without revealing the intent. This is relevant, for example, with map applications that learn things about you -- such as where you are and where you want to go -- each time you perform a query. 

FHE also holds promise for data set intersection, when you have two data sets but only want to work with the overlapping data. This is useful in a variety of areas, from genomics analytics to joint marketing campaigns. FHE should also be useful for secure outsourcing -- such as outsourcing computation to the cloud -- as well as extracting value from private data. 

To prove its value in the last area -- extracting value from private data -- IBM completed a proof of concept with Brazil's Bradesco Bank, the second-largest bank in South America. The goal was to use FHE to securely analyze customer data in order to predict whether someone would require a loan within three months. Typically, the bank's data analysts have to work in a heavily protected, segregated environment to perform this kind of data analysis, to make sure the decrypted customer data stays safe. 

Researchers used a large data set -- 360,000 customer IDs, each with 546 different features -- and put a homomorphic encryption layer between the data and the analysts. They proved they could deliver predictions with the same accuracy as they could without encryption. 

While the technology is still in development, IBM is interested now in getting it into the hands of developers to make the concept less abstract. The toolkits now available are based on HELib, a mature and versatile encryption library. They include sample programs and IDE integration, making it easier to write FHE-based code.

Editorial standards