19/01/2021[:en]IBM recently announced big developments in homomorphic encryption. This could bring trustworthy confidential computing into the mainstream.
What is Confidential Computing?
Many organizations say that they can't use the cloud. They can't put their data in someone else's data center.
Now, if you only use cloud storage, then all is fine. Encrypt the data on premises. Store nothing but ciphertext in the cloud.
But what if you want to process your data? That is, literally do cloud computing? It seems that you need to decrypt your data in the cloud. Next, do the calculations. Finally, encrypt the result.
Or at least that is the traditional way.
Confidential computing means doing calculations while maintaining the data's confidentiality. New CPU architectures have provided some methods. However...
Hardware Solutions Have Had Problems
The past few years brought many unpleasant surprises about hardware security problems. A big one is related to Intel's Software Guard Extensions or SGX.
Intel built some security-related machine instructions into some recent CPUs. Both user programs and the OS kernel can use them to define enclaves, private regions of memory. Even the OS kernel can not read or write a user-defined enclave.
The plan would be to read encrypted data from the disk, storing it in the enclave. Then, decrypt it within the protected enclave. Next, do the calculations on the sensitive data. Finally, re-encrypt it and transfer it back to the disk.
At least that was the plan. Researchers have found several ways to expose enclave data. Many are variations on speculative execution attacks. Others are side-channel attacks.
Another possible hardware solution is AMD's EPYC Secure Encryption Virtualization, or SEV. This supports Google's Confidential VMs, virtual machines doing confidential computing in the Google Cloud.
I have created a list of hardware vulnerabilities. It's my attempt to keep track of developments. It's hard to keep up!
Hardware solutions for confidential computing have a poor track record. Pure cryptography seems more promising.
How Fast is Cryptography Developing at the Moment?
In October 2019, a team led by Google announced a major step forward in quantum computing. The team's quantum processor finished a task in 200 seconds. They estimated that the DOE's state-of-the-art supercomputer would take 10,000 years to finish the same task.
Meanwhile, NIST has a Post-Quantum Cryptography program well underway. In July 2020, they announced the Round 3 candidates for the coming standard.
Around that time, IBM announced practical tests of fully homomorphic encryption on MacOS and iOS and then on Linux.
This may be like the late 1970s. Public-key cryptography, Diffie-Hellman key agreement, RSA encryption, and DES all appeared during the period 1975-1977. That was before my time, but it's a famous three years.
How to Implement a Homomorphic Encryption Scheme?
Early work on fully homomorphic encryption placed extreme limits on the computation. You could calculate on ciphertext input, as long as your problem was limited to addition. Or a modulo operation. Or an Exclusive-OR operation. It was possible, but not useful.
Open source homomorphic encryption is now practical in the real world. See the above links to IBM's announcements for toolkits on Linux, MacOS, and iOS.
How Difficult is Homomorphic Encryption?
The software is available to be downloaded and used. It's easy for developers.
However, its computational complexity remains an issue. It's hard for computers. It's not as terribly slow as initial solutions were. But homomorphic encryption still makes even simple calculations significantly slower.
The good news is that its performance is acceptable for some popular uses.
For example, machine learning on big data sets containing sensitive information. That problem tolerates approximate answers, meaning that a speed/accuracy trade-off makes the technology practical.
There's still a long way to go in the way of performance for many compute jobs, but the recent developments are a large advance.
What to Know, and Where to go Next?
The CISSP and CCSP exams now include questions about homomorphic encryption. However, it's just "big picture" recognition of the topic. If you know "Homomorphic encryption means calculations on encrypted input yielding encrypted output", that should be plenty. Learning Tree's courses for CISSP test-prep and CCSP test-prep cover all you need to know for those exams.
To check recent developments, and see who is doing what, see the HomomorphicEncryption.org web site. It's run by an open consortium of industry, academia, and government.
If you want to go further, there's a nice survey paper covering the topic, explaining the terminology and concepts.[:]