Fully Homomorphic Encryption is considered the “holy grail” of encryption. But right now it takes too much compute power to be used widely.
The Defense Advanced Research Agency awarded four research teams multimillion-dollar contracts to figure out how to build hardware and software stacks capable of cutting down the amount of time and power required to perform computations on encrypted data.
The four performers for DARPA’s Data Protection in Virtual Environments program aim to build silicon chips capable of supporting Fully Homomorphic Encryption, which enables users to compute and analyze data without exposing it to compromise by decrypting it. FHE still requires far too much compute overhead to be considered a practical option, so DPRIVE performers will create brand new chips specialized for FHE.
Galois, Duality Technologies, SRI International and Intel—which said in a press release will partner with Microsoft—were awarded contracts in January to participate in the three-phase project. Tom Rondeau, DARPA program manager, told Nextgov in an interview that kickoff meetings for the program this week included stakeholders from the military services, the Federal Communications Commission, the National Telecommunications and Information Administration, and the Centers for Disease Control and Prevention.
Rondeau explained FHE technology is relatively recent; it first emerged in 2009 from a Stanford graduate student’s dissertation. After the paper was published, DARPA initiated its Programming Computation on Encrypted Data, or PROCEED, program, which Rondeau said used software and algorithm development to make FHE easier.
“That still left us with this massive compute overhead,” Rondeau said.
DPRIVE ties together advancements from PROCEED as well as other microsystems development work to try to build a chip that specializes in the kind of hard math problems FHE requires, Rondeau said.
DARPA analyzed existing graphics process unit and field-programmable gate array technologies and found them lacking, Rondeau said. They weren’t big enough and didn’t map well to the specific FHE problem set—that’s why DARPA is looking for a whole new structure behind the processor design for the DPRIVE program.
“We’re ambitious,” Rondeau said. “We're going for another five orders of magnitude. Most people are happy with a 10x improvement, and we're asking for 100,000x improvement in speed.”
The first phase of the program will take 15 months, and that’s when the teams will create the core math logic blocks that will do the process required for FHE, but also the interconnections needed to move data between memory and compute elements, Rondeau said. The end of the first phase will include tests of this logic on emulated circuits.
The second phase will also last 15 months, during which performers will build out the rest of the elements, like memory and data pathways, needed to produce a full system on a chip in addition to the logic blocks proved out during phase one.
Phase two is also when teams will start testing the technology on convolutional neural networks. Teams will be tested to see if their technology can do image recognition on a convolutional neural network. In phase three, successful designs will be sent out to foundries. That’s when the new hardware will be built to boot up and test.
“So that’s the end goal, is to actually have a prototype of a real working silicon chip,” Rondeau said.
The technology still has a long way to go even if the DPRIVE program proves a success, but examples of applications abound. One military example is a call for fires: Once a target for a weapon is identified, a spotter or sensor in the field has to call it back to the person who has the authority to call for the target to be fired upon.
“So in this process, you can imagine as we're building international partnerships with different forces … they may be acting as our spotters,” Rondeau said. “But we may not want them to understand what we're doing with that data. And so the ability to take that data, ingest the data from a sensor deployed by a partner nation, and protect what that data actually means, can be done under this homomorphic encryption, where you can actually compute the solutions under cipher and send to the fire station the answer.”
Or, for the intelligence community, entities could share analyses of data with partners without granting access to the raw data itself. This is important for protecting data privacy because it creates a way to draw meaning from data without compromising the privacy of the data. Rosario Cammarota, principal engineer for Intel Labs, in a press release called FHE the “holy grail” for keeping data secure while it’s in use.
But beyond the DPRIVE program, key management—meaning, who gets the keys to break the cipher—and other security issues still remain challenges for FHE technology, according to Rondeau.
Still, as quantum computing technologies advance, FHE may become more important. Rondeau said the math behind FHE suggests it will be resistant to quantum computing advancements.
“How quantum computers operate do not tackle this particular type of problem well,” Rondeau said. “In fact, if you look at what [the National Institute for Standards and Technology] is doing to standardize and certify the quantum-resistant encryption schemes, they're all based on this thing called lattice encryption, and that's the core of homomorphic encryption as well.”
Using the same kind of math tools allows FHE to stay strong against quantum cryptography, Rondeau said, barring some kind of mathematical breakthrough.