IBM published the source code on GitHub FHE tool kit for Linux. The utilities run on IBM Z and x86 platforms and are supported by Ubuntu, Fedora, and CentOS.
Fully Homomorphic Encryption (FHE) has long been considered something of a holy grail in cryptography. The task really seemed unrealistic. FHE encryption type assumes manipulation of encrypted data by a third party without the possibility of decryption the data itself or the result of manipulations.
As a simple example, imagine you have a bunch of emails and want to use a third-party spam filter to check if they are spam. The spam filter works on the server because the developer tries to keep his algorithm confidential: either it hides the source code, or the spam filter depends on a very large database that they don’t want to publicly disclose as it makes the attack easier, or both other. It doesn’t matter, the main thing is that the spam filter works on the server anyway – and you can’t run it on your own. What to do in such a situation? You also care about the confidentiality of your data and do not want to transfer the content of emails to third parties in an open, unencrypted form. This is where fully homomorphic encryption comes to the rescue:
Thus, the service keeps the algorithm secret, and you keep your data secret. But FHE allows you to successfully apply the algorithm on this data, so that neither side learns the secrets of the other.
Fully homomorphic encryption has many uses, including in the blockchain, where the server can manipulate the encrypted client data without disclosing the content of the information. That is, the server can fulfill client requests, not knowing what he requested…
Other uses for homomorphic encryption:
- More efficient protocols hidden addresses and more general scalability solutions for privacy protocols, which today require each user to personally scan the entire blockchain for incoming transactions.
- Privacy-preserving data sharing that allows users to perform some specific cloud computing on their data while maintaining full and sole control over it.
- As a component of more powerful cryptographic primitives such as more efficient confidential computing protocols (double-sided version illustrated with classic the task of millionaires, in which two millionaires want to find out which of them is richer without disclosing the exact amount of their wealth).
In general, there are different kinds of homomorphic encryption, some more powerful than others. They differ in what operations can be performed with encrypted data.
Partially homomorphic encryption allows you to perform only one operation with encrypted data: either addition or multiplication
Partly homomorphic encryption (somewhat homomorphic) fully works only on a limited set of data.
Finally, completely homomorphic encryption allows unlimited addition and multiplication operations on any data set.
Implementing partial homomorphic encryption is quite easy: for example, multiplication is implemented in RSA:
, so that
Elliptic curves offer a similar fold option. But to implement at the same time both addition and multiplication are much more difficult. The search for such a scheme has continued since 1978, when Rivest, Adleman and Dertuzos formulated a task and introduced the term “homomorphic encryption”. For 30 years, the existence of completely homomorphic systems has not been proven, and Rivest himself decided that the idea was not subject to implementation.
A major breakthrough occurred only in 2009 after the publication PhD thesis Stanford graduate student Craig Gentry. He described a possible construction of a completely homomorphic cryptosystem on ideal lattices… In his dissertation, he also proposed an innovative idea bootstrapping… This trick turns the partial FHE scheme into a fully homomorphic encryption scheme. The bootstrapping method is shown in the diagram below. In short, here the bits of the private key are encrypted with the public key in a homomorphic scheme and published as a “booster key”, which allows performing homomorphic encryption on the re-encrypted ciphertext, in which the noise is reduced to the original size. That is, we “refresh” the ciphertext, as if erasing the error of the old key.
In simpler terms, the decryption procedure itself is a computation, therefore it can be implemented as a homomorphic scheme that accepts ciphertext bits and bits of a secret key as input.
Gentry’s cryptographic scheme was a major breakthrough, but introduced a new error that was independent of the amount of error in the original encryption. The author himself described a complex solution to the problem, but the modified Brakerski and Vaikuntanathan scheme, proposed in 2011 (the scheme was named BGV (Brakerski-Gentry-Vaikuntanatan). In 2013, IBM released the free cryptographic library HELib with support for homomorphic encryption and BGV scheme. In January 2020, the version was released HELib 1.0.0…
In 2013, Gentry announced himself again. With co-authors Sahai and Waters and presented a third generation full homomorphic encryption scheme – GSW scheme (Gentry, Sahai, Waters), which again uses lattice cryptography and boostrapping.
Over the years of development, a full-fledged set of tools with integrated samples for IDEs has been created on the basis of HELib, which work out of the box.
IBM has previously released fully homomorphic encryption tools for macOS and iOS… In the future, he promises to publish the source code of the Android version.
The Linux version was released rather for demonstration purposes and works on a database with European countries and their capitals (second example for the financial industry is fraud recognition by a neural network based on an encrypted base of anonymous transactions). Until the practical application of homomorphic encryption has not come yet. By evaluation Gentry himself in 2009, for example, processing a search query on Google in case the text is encrypted would require about a trillion times more calculations. Nevertheless, optimizations made by IBM have significantly improved the performance of the library, so that in a few years or decades, it may well find widespread use in web applications. IBM says the library can now be run on IBM Z mainframes.