Welcome to what that means with Camille companion episodes to the InTechnology podcast. In this series, Camille asks top technical experts to explain in plain English, commonly used terms in their field, then dives deeper, giving you insights into the hottest topics and arguments they face. Get the definition directly from those who are defining it. Now, here is Camille Morhardt.
Camille Morhardt 00:35
Welcome to today’s podcast. We’re going to talk about all things encryption, in fact, What That Means: encryption and encrypted computing. And I have with me today, Ro Cammarota. He is Principal Engineer in Intel Labs Security and Privacy Lab and he’s also Chief Scientist for Privacy Enhanced Computing Research. Welcome to the podcast Ro.
Ro Cammarota 0:58
Thank you, Camille. Thanks for having me.
Camille Morhardt 01:00
So Ro, it’s great to have you on this podcast. Thank you for joining us. And I wanted to kick it off by asking you about a new software development kit for encrypted computing. And then we’ll get into what is encrypted computing and how does it work and what are some of the problems that’s going to solve. But this was just introduced at Intel Innovation not too long ago. So can you tell us more about it?
Ro Cammarota 01:23
So quite recently, you know, at innovation, we announced the Encrypted Computing Software Development Kit, which provides a number of standardized interfaces to write software that can process encrypted data with the homomorphic encryption and can target a simulation environment that simulate the accelerator that we are building within the DARPA grant program.
Camille Morhardt 01:53
That’s fantastic. Okay, well, let’s get into the definition of encrypted computing next. What is it? What does it mean?
Ro Cammarota 02:02
So yeah, let’s start with encrypted computing. So encrypted computing refers basically to the ability of a computer to process encrypted data without ever decrypting it. So you might wonder, how is this different from what we do today? Well, today, we try to keep data encrypted, as long as you can, until you are able to process data. When you have to process data. It has to be decrypted before you can actually start processing. In encrypted computing, we are envisioning computers that keep data encrypted, the even in CPU registers and caches and never decrypting it.
How is this useful? Well, the meaning of encrypted computing really means reaching the pinnacle of data privacy, because being the data always encrypted, even during computation, not only prevents data leaks when data is temporarily not in use–and that’s what typical encryption does by providing confidentiality of data. But if data is processed in its encrypted form, the other benefit that you have is that the input, the intermediate results of the computation, as well as the output are all encrypted. And somehow now the output is not correlated in its encrypted form to the intermediate values of the computation as well as the input. So now confidentiality becomes a lot larger in its meaning and it starts overlapping with data privacy.
Camille Morhardt 03:39
Okay. And did this used to be referred to as homomorphic encryption, and now we’re calling it just encryption?
Ro Cammarota 03:49
Yes. So there are many ways to process encrypted data. Homomorphic encryption has a number of properties that are appealing in terms of its applications. And the foundational to our encrypted computing technology is basically enabling homomorphic encryption.
Camille Morhardt 04:09
Okay. And how does homomorphic encryption differ from other kinds of encryption?
Ro Cammarota 04:12
So, so let’s start with the concept of homomorphism in mathematics. So homomorphism means the same shape. So practically, it means that if you have an algebraic system, so typically the set of integers, for example, and you know that you can process integers in a certain way. So a normal amorphous means a map that basically transforms the integers into a different form–let’s say to transform the integers into butterflies and eat the preserves of the operation. So now you can perform this operation inside of butterflies without ever looking at the integers and only when you reach the results of your operations, you will revert to the process.
Now there is an intellectual challenge into here that typically homomorphisms they do exist, but they are very difficult to be proven secure from a cryptographic perspective. And that’s been the case for the past 30 years, or 40, if I may say. And at the same time, when you have a classic crypto systems, as you have today–like the Advanced Encryption Standard–it does not carry a homomorphism. So what that means if I have two ciphertexts encrypted with the Advanced Encryption Standard, and they try to process them together, somehow, the result is not the processing of the data enveloped in the ciphertext. And that’s because typical encryption does a heavy use of non-linear functions that do not preserve the homomorphism, so to speak.
Camille Morhardt 05:45
Okay, so talk to us about practical applications of encrypted computing. I mean, I am familiar with confidential computing, also, which is this notion of isolating and protecting workloads while they’re being processed and not decrypting them until there’s been a verification of the security of an environment; you’re talking about something different, you’re talking about keeping workloads encrypted 100% of the time, I assume that it’s been not feasible to date because it takes too much performance away. Is that the case or what’s changing now that it’s closer to emergence?
Ro Cammarota 06:20
So what is changed today? Many things. So the first thing is that the being a new type of encryption technology, fundamentally, it needs to have standards and best practices associated with it. And those are being formed in the past few years, especially at the international standards organization that is producing a standard to capture common aspects of this cryptography and its parameterization for its use in practice; so this was not there before. So standardization becomes a big part of this effort.
The second thing that has been basically attention not only of academia, but also industry research, particularly with IBM research, Microsoft research and also Intel Labs at some point to pay attention or methods to process encrypted data. But today, what is different is that homomorphic encryption is being standardized. It means that a family of encryption methods becomes a very identified subset of encryption methods that are pretty much stable in their development And they are expensive from a computational perspective, but because now the field is kind of stable, there have been investments in creating the hardware to accelerate homomorphic encryption; I am referring basically probably to the largest investment that has been put in hardware for homomorphic encryption from the United States government, which is the DARPA program, which at Intel, we are part of that program. And we are developing basically a hardware platform that is filling the gap in terms of performance in encrypted computing versus the cleartext computation.
So now today, for example, you can aggregate data that comes from multiple sources. And this data is homomorphically encrypted and you can either learn on this data like or draw insights from this data, by querying it anonymously, with speeds and performance that are tolerable. And just to give you an example, when it started 20 years ago, that industry research started paying attention to homomorphic encryption, the status was that processing encrypted data was a trillion times slower. Then processing the clear text data. Ten years later, in spite of the advances in computer architecture, the performance profile has been pretty much flat. And what really contributed to reducing this performance tasks associated with the processing encrypted data were theoretical breakthrough, you know, moving from execution of circuit to arithmetic circuit, exploiting the different level of parallelism in the algorithms. Now in 2021, is DARPA the program started and it poses a very ambitious goal of reducing the performance tax by at least four orders of magnitude within four years.
Camille Morhardt 09:37
What is that if you lop off four zeros of a trillion What are you at?
Ro Cammarota 09:40
Oh, you are going to within 10x. Because of the theoretical advances, you jump from a trillion to just a million, and while a million is still a lot, going from a trillion to 1 million, it’s actually it’s actually see significant. Now basically you’re saying as everything is stable now we can add the hardware to jump from this million to within the next over it. And it’s quite remarkable because it enables many applications that otherwise were not there before.
Camille Morhardt 10:11
Okay, so can you talk to us about what is happening with quantum computing and this notion that the encryption system that the world relies on, is going to break? And is there a solution for that? And how far along is it?
Ro Cammarota 10:26
So he is very clear that there is a risk that should the quantum computer become a reality, these algorithms for prime factorization and search–and I’m talking about quantum algorithms– can be executed on these quantum computers, then the public key cryptosystem is at risk. Why? Because the prime factorization or more in general discrete logarithm problem is not secure anymore with the cryptography that is standardized today. Whereas from what concerns share the key type of cryptography like the advanced encryption standards, or other primitives such as one-wayish functions, those can be actually secured against quantum computers just by increasing the security parameters of the crypto system.
But what do we do with the public key cryptography? Well, there are several families of cryptography based on different mathematics that can be quantum resistant. For example, there is lattice-based cryptography, which is based on foundationally, a set of primitives that are actually common also homomorphic encryption. There is code-based cryptography, similar properties, but different mathematics, multivariate cryptography, cryptographic schemes based on these industry-based cryptography. There are various families of cryptographic mechanisms that promise to be secure against quantum computers.
So what is that change in between potentially being endangered by quantum computers today? Well, the industry has been working together. And thanks to standards both in the United States like NIST, but also internationally, like ISO, the International Standards Organization, we now do have standards for post-quantum cryptography. And the standards basically pick candidates that belong to different families for the implementation of different security mechanisms.
Quantum computers are closer than they were before. But how far from reality they are is still an open question. The only thing that we know is that we need to start predicting now. And for that the standards are in place. And during the standards development, admittedly, industry has done lots of progress in actually studying the algorithms, rolling them out–especially the semiconductor industry like Intel–providing space for a hardware acceleration and tools to program post-quantum algorithms, and save us from at least three traits that I can tell about. So the first one is basically recording and decrypting later–that’s what you would do when someone is eavesdropping conversation across the internet. And other important traits to keep in mind is basically the outer integration of software. That also happens with the cryptographic mechanisms. And if those mechanisms are compromised, then clearly there may be proliferation of software that is not genuine, so to speak. All these needs to be protected with the rollout of post-quantum cryptography mechanism. They now not only we have the technical means, but we have the standards.
Camille Morhardt 13:44
So when you mentioned there’s a variety of approaches—lattice-based, multivariate, etc.–are there multiple standards for the different approaches? Or are we moving toward one or the other approach?
Ro Cammarota 13:57
No. So typically standards for cryptography they define cryptographic suite that is a mix of basically of crypto primitives for their use in different security mechanisms. Like for example is this bulk encryption typically bulk encryption into a secure channel after authentication of the parties. So the authentication will be done with certain security primitives. The key exchange basically to enable the bulk encryption is yet another security mechanism. And then there is a bulk encryption that is the typical encryption that you have. That is this. So typically, a standard would define all these mechanisms and the way to use them properly, as well as what is the parameterization of these mechanisms in their deployment to reach a certain level of security that everyone has agreed on in the industry.
Camille Morhardt 14:50
So any approach you want is okay, as long as it meets certain criteria? Okay. understood what else is going on in the encrypted computing world.
Ro Cammarota 15:01
Oh much is going on. We talked about the standards for cryptography. We talked about, you know, there is a hardware acceleration coming. That’s a big deal. And that comes also with the tools and other means basically to probably program the accelerator.
But I have to say that this type of cryptography is very different from the classical cryptography, because you are processing encrypted data, which is something that you were not doing before. So what does that exactly mean to us? Well, first of all, the cryptography underneath needs to be secure, it needs to be parameterised properly, and that we understand; that it’s similar to what happens in post quantum cryptography or pre-quantum cryptography when you want to enable certain security mechanisms. Great. However, because you are processing encrypted data, now, the driver doesn’t really come much from the cryptography as much from the application that is processing the encrypted data. And so there are several other research factors that needs to be tackled. Once you are past the standardization and you ever close the performance gap–which is the ability of people to write program, that they have the same functionality as the clear text program, but actually they process encrypted data. So that translation problem is the next big problem that we do need to address.
Because the question is, “okay, are we already doing it? Or is there something that is baking?” Well, the homomorphic encryption community worldwide, is not that big, but it’s very sensitive and very knowledgeable about all these, these various problems. And within that community, there are several working groups. And one of these is specifically looking into programming languages for processing encrypted data, as well as the translation of “vanilla” programs into their equivalent to process encrypted data, as well as how are you going to deploy these programs in the context of systems and communication infrastructures, generally speaking, communication, and compute infrastructure that already exist?
So all of these enters into the realm of education, you know, really growing a new workforce that has interdisciplinary mindset between application, and somebody that is a cryptographic mechanism that it’s not to doing necessarily classic security mechanisms like authentication or bulk encryption of key encapsulations and other things. But it’s actually there to assist to process encrypted data. The application logic needs to evolve to process encrypted data. But then all of these needs to fit within a certain data lifecycle that already exists. Homemorphic encryption, and by induction, encrypted computing is probably the only encrypted data processing technologies that there’s all the right properties to fit in.
Camille Morhardt 18:11
That’s a lot of work. And so it sounds like one of the main things is just going to be helping translate or have that link between software and hardware, making good use of hardware acceleration in the encryption. And then ideally, having it set up so that developers don’t have to learn in depth how to make this work; that they can somehow plug into, I don’t know if it’d be API or some kind of a layer that’s actually doing that underlying work on their behalf.
Ro Cammarota 18:42
It is right. And in fact, we are following something that is not entirely new, which is the history of computer science. Once you get into the encrypted domain, you actually end up with a very primitive computing model. And therefore, it’s just like having 40 years ago, a co-processor that is capable to process real numbers. Okay, so to speak. We are at that stage in this moment, with a lot of needs, because people are saying, “well, can you do larger language models in homomorphic encryption? Can you do these other applications and things?” which are applications that they’ve grown like in the past ten years, and they’ve exploded not only in terms of their usefulness, but in size, as the data size in the data available to this application keep increasing. Homomorphic encryption, you know, makes a baby steps. But yes, it’s very useful in a number of application domains. And it will continue to be more and more useful as encrypted computing keeps making strides forward.
Camille Morhardt 19:48
Will it be used in sort of a hybrid form at all where some things are kept in protection, processed in the clear? other things are actually retained to encrypted always?
Ro Cammarota 19:58
That’s a very good question in many ways, so not everything needs to be protected. They’re not everything is the same sensitivity, right? The likely use of homomorphic encryption will be as part of your data pipeline. So again, it’s all about data. And the application drives, what do you do with this data and encrypt the data; at some point, as you get into a block, that is doing a encrypted computing, the output will always be encrypted. And then the problem remains on how you mix that output without other output that doesn’t have the same sensitivity. It is an open problem.
There is a lot of literature in the computer science and engineering fields, even for what concerns things like eye-level synthesis, when you want to define some variable that is secure or some other that is not secure. But with homomorphic encryption, there are similarities, but the problem is a lot more complex, because in this data that you’re trying to protect, often time carry personal information, or it can leak in direct to personal information. And so this is the first time that the security technology is not pushed by compliance, but is pushed by the fact that every single being, living being, is an intuitive understanding of what privacy is. And it makes a huge difference and it makes it also very exciting.
Camille Morhardt 21:29
Cool, well, Ro thank you so much for your time again, Principal Engineer in Intel Security and Privacy Computing Lab and he’s Chief Scientist of Privacy Enhanced Computing at Intel.
Ro Cammarota 21:43
Stay tuned for the next episode of InTechnology, and follow @TomMGarrison and Camille @Morhardt on Twitter to continue the conversation. Thanks for listening.
Announcer 2 22:01
The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.