Microsoft and Intel will be working with the Defense Advanced Research Projects Agency (DARPA) to develop and implement fully homomorphic encryption (FHE) in hardware. A breakthrough in this field would have a profound impact on cybersecurity.
The encryption schemes in use today all have a common weakness: decryption. You can encrypt data any way you like, but if you want to perform useful work with it, you have to decrypt it first. Homomorphic encryption removes this problem. Not only can you compute using encrypted data, but the output of your computation also remains encrypted. A fully homomorphic encryption scheme would be capable of performing all mathematical operations on any encrypted data without the need to decrypt it.
FHE is a sort of cryptographic Holy Grail. A lot of work has been done on the topic over the past decade, but all of the current implementation methods rely on software execution rather than dedicated hardware, and they run too slowly to be of much practical use. DARPA wants to change this via its Data Protection in Virtual Environments (DPRIVE) program. The government agency has selected four research teams to pursue the question, led by Duality Technologies, Galois, SRI International, and Intel. The teams are tasked with developing a hardware accelerator for FHE that can compete with the processing speed of unencrypted algorithms. The various teams are also tasked with evaluating different word sizes rather than sticking to the 64-bit words common in modern computing.
Intel plans to tackle the problem by developing an Application Specific Integrated Circuit (ASIC) to address it. This is an interesting choice on Intel’s part, given some of the work that’s been done to implement FHE on Intel FPGAs. A 2019 paper by Microsoft engineers described a hypothetical FHE implementation dubbed “HEAX,” which demonstrated substantial performance improvements over CPU-based workloads, as shown in the following tables:
The performance improvement from the Stratix10 FPGA implementation ranges from 25x – 232.5x faster than a conventional x86 CPU. These are significant improvements, and one can imagine that a higher-end FPGA might be able to deliver even larger gains. DARPA, however, is looking for more than a 200-300x speed improvement.
“We currently estimate we are about a million times slower to compute in the FHE world than we are in the plaintext world,” said Tom Rondeau, DPRIVE’s program manager. “The goal of DPRIVE is to bring FHE down to the computational speeds we see in plaintext. If we are able to achieve this goal while positioning the technology to scale, DPRIVE will have a significant impact on our ability to protect and preserve data and user privacy,”
Intel seems a bit short of FPGA’s capable of delivering quite that much additional performance, so a custom ASIC design would seem to be the way to go, at least for now. Such silicon would likely be integrated on-die in a future Xeon or Core processor if the technology ever comes to the enterprise or consumer markets.
After Intel develops its implementation, Microsoft will lead the testing and commercial development by rolling the capability out across Azure. Fully homomorphic computing has significant implications for security in cloud computing environments, where there are understandable tensions between organizations that might like to use the cloud for various purposes but are leery of uploading data to third-party servers. Homomorphic encryption would resolve many of these issues.
Fully homomorphic encryption wouldn’t just “fix” computer security. But it would offer an end-to-end encryption method of a type we don’t currently possess. The ability to compute without first decrypting data would be a major security improvement compared with the status quo, provided we can improve the performance hit of doing so.