Homomorphic Encryption Will Take on the Challenge of AI


Posted on by Ulf Mattsson

Today’s analytics and artificial intelligence (AI) platforms present enormous opportunities for organizations. It’s possible to gain a level of insight that was once unimaginable. But somewhere along the path to unlocking the maximum value from data lies an inconvenient truth: Protecting trade secrets and personally identifiable information (PII) is difficult. 

Tokenization, data masking and anonymization, and data de-identification are all valuable tools. But they aren’t ideal for organizations looking to pool and combine data with partners, consortiums and, sometimes, competitors. For example, a group of financial institutions might want to collectively view data to improve fraud detection, or airlines might want to collectively examine data about fuel consumption.

Homomorphic encryption (HE) takes aim at this challenge. The framework, which can take several approaches, supports multiparty computing by allowing analytics and machine-learning systems to process encrypted data without exposing what’s underneath. In other words, users can view the results, but they can’t see the data. Although the concept has been around for years, HE is finally making an impact.

Protecting Sensitive Data
A growing focus on responsible analytics and AI, along with increasingly stringent regulatory frameworks, is also fueling HE. The technology is particularly suited to tasks involving addition and multiplication. For example, Microsoft has introduced a product called ElectionGuard, which relies on homomorphic encryption to produce verifiable, secure and auditable voting results. It enables voting online and through apps without revealing the identity of individual voters.

HE expands the role of conventional encryption by extending its scope from “data at rest” and “data in transit” to “data in use.” As a result, the applications for HE are significant—and growing. The cryptographic framework expands computing functions and data sharing to third-party providers while maintaining total control of the data. This means that a healthcare provider can test for genetic abnormalities, empower disease-risk analysis and understand family histories without exposing private data.

A retailer might want to create a new revenue stream by pooling its data with business partners, including other retailers, banks and advertising companies. Using HE, it’s suddenly possible to respect proprietary data, user privacy and specific regulations but gain insights that lead to better ad conversion rates, improved customer satisfaction and timelier product and support offerings.

The technology presents numerous other opportunities for data sharing. A construction firm, for instance, might want to demonstrate that it has the financial resources to handle a major project without showing its books to the company or government agency sponsoring the project. It can also show that it complies with regulations. What’s more, HE makes it possible to grant, revoke and change controls as needed, such as when other parties join or leave a group.

Putting Data to Work
Homomorphic encryption exists in different forms. Partially homomorphic encryption (PHE), which is easier to use, is suitable for cases where some data must be protected from view. However, fully homomorphic encryption (FHE) locks down the data completely. A growing number of companies have introduced partial or full HE algorithms, including Microsoft, IBM and Duality.

Understanding products and approaches is vital for anyone looking to venture into the homomorphic encryption space. For example, Microsoft SEAL delivers a homomorphic encryption library that allows additions and multiplications on encrypted integers or real numbers. Other operations, such as encrypted comparison, sorting or regular expressions, are typically not feasible with this tool.

Other challenges and limitations exist. For now, the HE marketplace is somewhat diverse and fragmented. A lack of standardization introduces roadblocks and barriers to adoption and use. The HE community is working to simplify and standardize APIs and SDKs, but that will take time. Most importantly, homomorphic encryption is still a relatively young and immature technology. Although the field has advanced remarkably over the past few years, there are speed impediments that make it impractical for many tasks.

However, over the next few years, we’ll likely see considerable improvements and growing adoption as HE technology frameworks and algorithms advance. In a world where data is increasingly viewed as a currency that unlocks business performance and innovation, homomorphic encryption is something to keep a close eye on. It’s a technology designed for an increasingly interconnected and AI-ready digital world.


Contributors
Ulf Mattsson

Chief Security Strategist, Protegrity

Machine Learning & Artificial Intelligence Privacy

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community