encrypted data in the cloud

Computing with encrypted data

Great strides have been made in the past few years in encrypting and protecting data both at rest and in motion.

The Achilles’ heel of computing, however, remains actually working with the data. Currently, that data first must be decrypted, which means it’s also open to cyberattack and potential theft. One of the holy grails of computing research has been to find a fast and easy way to manipulate data while it’s still encrypted.

One promising solution -- fully homomorphic encryption -- has been known for years. Although substantial progress has been made to improve its performance, FHE is still difficult to implement, and to date there’s been little exploration of how to optimize it for everyday computing.

Galois, a Portland, Ore., security services company, intends to change that with help from a $1 million Intelligence Advanced Research Projects Activity contract that aims to assess how feasible it is to easily program with FHE. The one-year Rapid MAchine-learning Processing Applications and Reconfigurable Targeting of Security (RAMPARTS) initiative could finally move FHE to where domain experts who have little cryptographic expertise can use it.

A partial solution to computing with encrypted data came out of work done in the 1970s, according to David Archer, principal investigator at Galois. But this “somewhat homomorphic” scheme allowed for computations for only a small number of operations before too much “noise” was introduced, which prevented decryption of the data.

The breakthrough came in 2009, when Craig Gentry, a researcher at IBM’s T.J. Watson Research Center, described a fully homomorphic scheme that allowed complicated processing even though the data was encrypted and users couldn’t see it.

“However,” Archer said, processing with FHE even five years ago “was still around 12 orders of magnitude slower than computing with the unencrypted data. A [Defense Advanced Research Projects Agency] program called PROCEED (PROgramming Computation on EncryptEd Data) reduced that to just six orders of magnitude, but that’s still thousands of times slower than computing in the clear.”

That makes computing with FHE much too slow for real-world applications, he said, which is where the “practical and easy-to-use” goal of the RAMPARTS program comes in.

Research on FHE has pushed it to the point where it’s feasible for practical use with some applications, Archer said, but programming for it “is a bit worse than using Assembly language 30 years ago. We need a system where domain experts, not necessarily programmers, should be able to take a dataset, homomorphically encrypt it, then send it to my server and it will run and I don’t need to know anything about the code.”

Such a solution would allow people to write code simply, automatically optimize the code -- which he said is now hard to do -- and then easily decrypt the data.

RAMPARTS aims to show how feasible it will be to take FHE and make it easy to program, using currently common languages, and automatically optimize that for a secured computation setting.

Galois pointed to various areas where this kind of encrypted computing would be valuable:

  • Public health analysts could use patient medical records to compute trends such as opioid addiction without having to use unencrypted personal information.
  • Nations could work together to make sure their satellites don’t collide without having to share sensitive data such as trajectory information.
  • Law enforcement could use facial recognition to identify criminals in videos without risking the privacy of individuals.
  • Cyberthreat information could be more easily shared without running the risk of unintentionally revealing proprietary data.

More generally, cloud computing could be made far more secure because users wouldn’t have to decrypt cloud-based data before they perform any operation on it, which would make it vulnerable to cyberattack.

Archer said he believes RAMPARTS will show the feasibility of further development of FHE programming, which means that in around five years’ time, specific applications could be developed. It’s unlikely more general applications will be developed by then, he said, because of the complexity involved.

However, there is already pent-up demand from some areas of government such as the Defense Department for applications that use FHE. Even if RAMPARTS itself won’t produce those solutions, Archer said its success means potential users can begin planning for their deployment, and work out how they will fit operationally into existing ecosystems.

About the Author

Brian Robinson is a freelance technology writer for GCN.

inside gcn

  • dispatcher (Gorodenkoff/Shutterstock.com)

    Mining emergency calls to improve responses

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group