Camille: [00:00:00] Hi, and welcome to What That Means: Homomorphic Encryption. Joining me today for this conversation is Rosario Cammarota or “Ro” for short. He’s a principal engineer at Intel Labs. He leads privacy technologies research with a focus on cryptographic techniques to compute on encrypted data. He is an I Tripoli senior member and also serves as a committee member for hardware and system security, including NDSS host DEC and IC CAD.
He’s a prolific author and inventor, and one of the recipients of the Semiconductor Research Corporation, Mahboob Khan Outstanding Industry Liaison Awards, three years in a row. He got his PhD in 2013 in Computer Science from the University of California at Irvine.
Ro, welcome to the show.
Rosario: [00:00:48] Thank you. Camille. And thank you for having me.
Camille: [00:00:51] I am hoping that we can kick this off with you defining homomorphic encryption in under three minutes.
Rosario: [00:00:58] We’ll try. So, um, homomorphic encryption is a cryptographic technique, um, to compute un-encrypted data. In traditional encryption, you can protect the confidentiality of data when it is in transit, while it is transmitted, or when it is stored. But any time that you need to perform a computation on the content within the encrypted envelope, you do need to decrypt the data.
Homomorphic encryption defines a set of encryption techniques and rules that allow you to perform a computation on the content of the encrypted envelope without the decryption. And it has two advantages. The first, is that the data is never decrypted through its lifecycle. The second, is that the decryption keys that are used in traditional encryption techniques to access the content of the data, they don’t need to be stored on the system. Usually these keys are the target of attack.
Camille: [00:01:58] Okay. Thank you. Uh, let’s dive a little deeper. So when, when you were describing homomorphic encryption, you sort of opened with the different kinds of encryption. And I just want to review those. There’s data at rest data, in transit, and data while it’s being acted upon or processed. And I think the industry is pretty good at data at rest and data in transit.
And it feels like right now is kind of, you know, over the last few years, this big emergence of, “well, we need to protect data while it’s actually being acted upon.”
Rosario: [00:02:33] Yeah, I think the, um, there is the cryptographic community has been going after this goal of protecting confidentiality of data at any time for long time. In fact, the, the concept of, uh, processing data while in their encrypted form is not a new concept. Homomorphic encryption, specifically, is considered the Holy Grail of cryptography, just because it pods this capacity of computing on encrypted data. But it, this decade, uh, is actually characterized from two main trains.
So the first that is that the institutions understand that data sharing and collaboration can bring actually new revenue streams, can also bring goods to society. And all of this is powered by the fact that the amount of data available to be processed keeps increasing. And the availability of modern artificial intelligence techniques allows you to extract the value from this data.
Camille: [00:03:39] Well, you’re talking about new business models because of homomorphic encryption, right? So, today we do have ways in the industry to protect data while it’s being used. Can you talk about those and then what homomorphic encryption will bring?
Rosario: [00:03:56] Yes. So first of all, that we can use, uh, uh, trusted execution to protect data while it is outsourced to remote location, right? You can delegate computation and protect it while it is, um, acting. And trusted execution is the state of the art of these protections nowadays.
It is also true that any time that you do need to process data within a trusted execution, you need to decrypt the data. So, so to speak while the trusted execution, uh, protects, uh, the services, the data of your tenant from an untrusted infrastructure, it protects the, basically the integrity of the code that it’s executing. Homomorphic encryption raises the bar of protection by protecting the data also from the tenant.
Camille: [00:04:51] So tell us, like what kind of use cases are going to be enabled by this?
Rosario: [00:04:57] Yeah, typical use cases, in my opinion, the most important one actually are related to data sharing and collaboration. So if you think the multiple entities can put together, let’s say healthcare data or financial data. And, um, have higher guarantee while processing this data, they are not leaking third party data. Also while processing their own data, they are not violating any privacy aspects inherent with the data.
And we can actually, um, deploy on the cloud, the services that can, perform, uh, MRI scans, for example, in the healthcare domain, uh, at a very fast rate. Sometimes time is very important in, uh, performing diagnosis. It can save lives. So now the problem is that MRI scans are also very sensitive. And in addition to what they carry there is the association with the patient directly.
So homomorphic encryption in this case would allow, to have healthcare-type of services that can perform analysis on, uh, inputs that contain sensitive data related to patients without revealing information.
Another aspect is for example, increasing the data size of clinical trials with real-time data. So real-time data is type of data that is available when there are patients that are treated with experimental drugs. Their data can actually be homomorphically encrypted, aggregated with the clinical trials, so overall, uh, ending up in a larger data size. And the larger data size promises basically to, uh, improve the type of analysis that you can do on the data and the play the role as a catalyst to bring certain drugs to market faster.
Camille: [00:07:03] Right. So what are the biggest barriers or the biggest challenges in this evolution of homomorphic encryption? It doesn’t exist in the wild yet, right? So why not? What’s the, are we struggling with performance issues or what what’s the problem?
Rosario: [00:07:19] Well, there are technical and technology, uh, issues, and as well as there are, uh, there are also, um, I would say educational-type of issues. So I think the educational parts and the dissemination of information needs to be a lot broader that there’s been happening until now. So that’s the first thing. So people need to become more familiar even to, uh, professionals. So this idea that you can compute on encrypted data without decrypting, may be puzzling, to say the least.
Rosario: Then there are technology barriers and I really would start from the technology well before the technical, uh, that is related to the fact that while, uh, this is computing meeting the cryptography, essentially, you still want to do general purpose computing. But the underlying, uh, computational, um, uh, methods are cryptographic methods. So cryptography needs to be standardized.
And the, at the moment, not only for homomorphic encryption, but more in general for privacy enhancing technologies, you know, standardization just started this year.
Rosario: So, so we are, we are a little bit earlier for that then, you know, for industries or play an important role in the consumer electronics, uh, or the semiconductor industry, in general, the adoption of standardized cryptography is very important. And, you know, understanding what are the industry practices, um, how to look into compliance. Those are all very fundamental issues that I classify as technological issues.
Then there are technical issues, uh, with it. Homomorphic encryption is very computational expensive. And just the encryption procedure compared to traditional encryption also makes, uh, is relatively inefficient. It’s relatively inefficient meaning that the ciphertext of homomorphic encryption procedure is a lot larger than the original data type. For typical application or proof of concepts that we have seen the whole it may be 100x to 1000x. In the past it was going up to 10,000x. So there has been progress.
Camille: [00:09:37] And this is, you’re saying that basically the file size, once you’ve encrypted the data is now orders of magnitude larger. Okay, than the original?
Rosario: [00:09:45] Yes, and so that tells you that, uh, you know, so these systems needs to look different in a sense, because it needs to process a very different data types. So data type in homomorphic encryption domain is a ciphertext. So whether you had been a native domain, an integer, a vector of integers, fixed-point numbers, real numbers. So everything is converted to the ciphertext. There is a single data pipe, but it’s a lot more complex.
Camille: [00:10:16] What kind of general timeframe is the industry arguing there’ll be actual homomorphic encryption used maybe on a small scale, but available?
Rosario: [00:10:27] Uh, you know, for some use cases that requires batch processing—basically, not real time processing–is something that can be used nowadays. And I believe the main barriers actually for why there are more meaningful adoption is really related to the technological aspect that I mentioned earlier.
Camille: [00:10:48] Uh-huh. Things like standards?
Rosario: [00:10:51] Uh-huh. Now from these use cases that are very specific to something like enabling the general purpose computing with the homomorphic encryption, then there is a huge gap to fill.
Camille: [00:11:04] Okay. So that’s interesting. Um, so you would only encrypt sensitive data because it’s taxing to do so? And then it’s a giant file size. So you wouldn’t be, we wouldn’t be encrypting all of the data on our system? It would, we would be selecting data. That’s very, very important that it not being exposed. Oh, I, I have a question also, if we’re coming out in the future, how does this kind of align or intersect with post-quantum cryptography?
Rosario: [00:11:35] So homomorphic encryption, I needed to say very generically what it was, but now if we look a little bit under the hood of it, it’s actually the term of homomorphic encryption describes a family of cryptographic schemes.
So now the most efficient homomorphic encryption schemes are based on a lattice-based cryptography constructions. So there are instances, so there is a really a relation there because there is a common mathematical foundation on the mathematical primitives that are common to the instances of traditional security mechanisms with the post-quantum security and the introduction of protocols like homomorphic encryption.
But the current look at homomorphic encryption is there to the instantiation of this mathematical object should be at least such that it can protect the data with industry standard classic security levels.
Camille: [00:12:41] Okay. So will you mentioned lattice-based and that’s the same kind of encryption that’s going into post-quantum cryptography. So that’s the underlying, you’re using this similar kind of a thing. So once we do start protecting things with homomorphic encryption, we can expect that that will last into the future when quantum computer arrives.
Rosario: [00:13:02] Yeah. That’s uh, that is true, even though I would add a little warning here, uh, which is the following. Traditional cryptography looks at protection for objects that are going to last for decades. When we look into computation, the computation is expected to complete in a reasonable amount of time. Um, and therefore, while there is a foundational to, uh, look into post-quantum property over homomorphically encrypted data, my guess is that in the future, we will see the deployment of a hybrid type of schemes. Some that they have a classical security properties in the post-quantum area. Uh, someday, uh, guarantee classical security properties and, uh, um, you know, how there’s that are quantum resistant, so to speak.
Camille: [00:13:58] Right. So hybrid based on what’s needed for that kind of data and kind of balancing performance versus privacy. That’s funny. I was going to ask you, I started thinking if homomorphic encryption is the Holy Grail, um, and then we’ve truly solved data at rest data in transit, uh, data while being acted upon then what’s next?
Rosario: [00:14:22] Well, there are actually, um, many other problems under the hood, even with the technologies. When we bring a technology to the point of meaningful market adoption, uh, there are many other things that needs to be taken care of. And, um, moving forward, there are many privacy announcing technologies, uh, schemes in addition to a homomorphic encryption.
So we can mention secure multi-party computation, we can mention functional encryption proof of work on encrypted data and all sorts of other things that are actually fundamental, uh, to build a system that is deployable.
Camille: [00:15:02] Okay.
Rosario: [00:15:03] And so in future, I would not expect that. “Okay, we have realized the homomorphic encryption and the benefits, and that’s the only thing that is, uh, going to last forever.”
Camille: [00:15:15] Okay (laughs). Makes sense. Um, is there a specific relationship between, uh, distributed ledger technology or blockchain technology and homomorphic?
Rosario: [00:15:28] Um, so homomorphic encryption is something that can be used in combination with other protocols. And that these actually follow up from, from what I was saying just a minute ago. And while I’m not an expert in in these technologies, they definitely, really, you can build a subset of these protocols on a homomorphic encrypted data, such that, uh, the portion that looks into consensus. Currently you’re protected with isolation mechanisms, or you can do it with multi-party computation, or you could do it with homomorphic encryption, too.
Camille: [00:16:03] Okay. So they, they worked together. Um, my final question is something that nobody listening can know, uh, because I’ve got you on video and I see a number of guitars behind you. And I think I see some bass guitars also, so I just want to know what that’s all about.
Rosario: [00:16:20] Yeah. Well, I haven’t been– thanks for the, for the question. So I own about five electric guitars, uh, and one acoustic. I’ve been playing electric guitars for about 20 years or so. Each of these guitars are different from each other. It’s not because they look different, but in terms of the electronics, the wood of the fret board and other details. So they have a different personality.
Camille: [00:16:48] Very nice. Could you, can you grab one and just play something quickly for us?
Rosario: [00:16:52] Oh, I wouldn’t not do that (both laugh) without warming up.
Camille: [00:16:57] The microphone isn’t set up properly, otherwise. No problem. (laughs) Okay. Well, um, Ro thank you so much. I learned a lot and I feel like there’s, you know, probably three or four more hours worth of conversation on homomorphic encryption, but we’ll call it for today. I appreciate your joining the show.
Rosario: [00:17:16] Thank you. Thank you Camille.
Camille: [00:17:18] And listeners, please check out other episodes where we define technical terms in plain English on What That Means, and also stay tuned for upcoming episodes of the other portion of Cyber Security Inside where Tom Garrison and I interview guests about all kinds of topics in cyber security.