WHY THIS MATTERS IN BRIEF
Homomorphic encryption gives organisations a secure and easy way to run analytics on data without having to first decrypt it, but up until now it’s been oh so slow…
IBM has announced that it’s rewritten its C++ Homomorphic encryption library and claims that it now goes up to 75 times faster. Homomorphic encryption is a encryption technique that lets companies perform operations, such as data analysis, on encrypted data without having to first decrypt it – something that could expose it to being stolen and, or read by undesirables. As such it should come as no surprise that this makes it very attractive to most people, including Microsoft who will soon be adding it into their Azure cloud as a way to help companies keep their data private while still being able to analyse it at scale and at speed.
Using homomorphic encryption would make sensitive operations much more secure, and that’s one of its biggest allures. For example, companies such as Numerai, a revolutionary hedge fund out of South Africa who uses homomorphic encryption in anger and attracted investment from the biggest names in finance, use it to keep their data encrypted while at the same time letting their crowd funded data scientists analyse it to create better investment models. And the returns of this approach, so far, both in terms of actual cash in the bank as well as in investment, have been staggering.
IBM has been working on homomorphic encryption for some time now, and released the first version of its HElib C++ library three years ago, but the technology always suffered huge performance penalties.
IBM’s first attempts at homomorphic encryption, under the hand of its inventor Craig Gentry, ran “100 trillion times” slower than plaintext operations, and let’s face it that’s bad by anyone’s standard. IBM later managed to accelerate it by a factor of 2 million times by running it on a 16-core server.
Hence Big Blue’s ongoing work on HElib. Released at GitHub, the latest version gets its performance kick from a “re-implementation of homomorphic linear transformations”, making it between 15 and 75 times faster, which all of a sudden makes it interesting and, more importantly, useable in real world applications.
In thier paper presented to the International Association for Cryptologic Research, IBM’s Shai Halevi and Victor Shoup explain how they improved speed.
“In the linear transformation algorithms currently implemented in HElib, the bulk of the time is spent moving data among the slots in the encrypted vector,” they wrote.
This is done with “special automorphisms,” a mathematical operation that maps an object to itself, and the computational cost comes from how many times the automorphisms have to loop around.
“The main cost of applying such an automorphism to a ciphertext is actually that of “key switching,” after applying the automorphism to each ring element in the ciphertext, which is actually a very cheap operation, we end up with an encryption relative to the “wrong” secret key, by using data in the public key specific to this particular automorphism, a so called “key switching matrix,” we can convert the ciphertext back to one that is an encryption relative to the “right” secret key” the paper said.
“So the main goals in improving performance are to reduce the number of automorphisms, and to reduce the cost of each automorphism.”
In more plain-ish English the new library implements a new strategy for calculating those automorphisms, by achieving between 15 and 20 times speedup, the researchers refactored many of the necessary computations, and some of the calculations are shifted out of the library’s main loop, getting a 6 to 8 times speedup.
The way public keys are constructed for homomorphic encryption is also expensive because of the aforementioned key-switching matrix. Each matrix adds several megabytes to the public key, and in HElib there could be several hundred such matrices in a public key. The researchers say for common operations, they were able to cut the size of the matrix by 33 to 50 percent.
HElib is still a research level project. As stated on the GitHub page…
“At its present state, this library is mostly meant for researchers working on HE and its uses. Also currently it is fairly low-level, and is best thought of as ‘assembly language for HE’. That is, it provides low-level routines (set, add, multiply, shift, etc.), with as much access to optimisations as we can give. Hopefully in time we will be able to provide higher-level routines.”
However, despite still being a “research project” as companies get more serious about data analytics and data privacy, yes, no scoffing about that one please, I doubt it will be too long before we see homomorphic encryption make in an appearance in a cloud near you, and that will be a game changer, so watch this space.