siliconindia | | JAN - FEB 202119Future State:The future state is on the horizon. We expect many improvements in the next three to five years as production ready implementations become more available.A key issue in the current data encryption paradigm is that data has to be decrypted prior to performing mathematical computation or using it for data processing purposes. The next generation of encryption technologies is trying to fix this problem by developing encryption techniques that enables data computation on encrypted data. This paradigm will also help with the post quantum computing data security scenarios.Currently there are two primary next-generation encryption techniques, Fully Homomorphic Encryption (FHE) and Multi part compute (MPC). These techniques have delivered promising results in performing data computation while the data is still encrypted. This paper takes a deeper look at the FHE techniques.Encryption BasicsIn the world of computation, data encryption is the technique which provides the capability to encode (encrypt) and decode (decrypt) plaintext data using a key. Generally speaking, mathematical algorithms are used to perform the encryption (encoding) and decryption (decoding) of data. When plaintext data is encrypted the resulting data is called Ciphertext.To put this into simple equations (let's leave asymmetric encryption out for the sake of simplicity) ­ciphertext = Fnencrypt (key,data);data = Fndecrypt (key,ciphertext);Fully Homomorphic Encryption (FHE) FHE allows computations to be carried out directly on encrypted data yielding a ciphertext containing the encrypted output. These computations generate a result consistent with computations on unencrypted data or plaintext. Previous generations of FHE technologies suffered from extremely slow performance and only supported a limited number of mathematical operations. However, significant progress has been made in the current (3rd) generation capabilities.Let's look at this on an introductory level, beginning with a very basic explanation of how FHE works using the example below.i. Financial institution (X) wants to share some personally identifiable information (PII) with an external third-party service data processing provider (Y) which requires some mathematical computation.ii. X sends encrypted data to Y (but does not provide a decryption key for the said data)iii. Y performs data processing on the encrypted dataiv. Y returns the encrypted data results back to Xv. X decrypts the encrypted data result to read the processed data.Company X was able to maintain the confidentiality and integrity of its data, while still successfully obtaining the data processing results required in a highly secure manner, as the data decryption key never left its premises.Theoretically speaking the computation works as follows:C1 = FHEencrypt(D1);C2 = FHEencrypt(D2);D1+D2 = FHEdecrypt(C1+C2);D1*D2 = FHEdecrypt(C1*C2);The second generation of FHE offers some promising implementations, namely CKKS and BFV (which has been used in Microsoft's SEAL implementation), and the Paillier cryptosystem.The third generation of FHE offers two promising implementations of particular interest, namely FHEW (fully homomorphic encryption with Bootstrapping), and TFHE (Fast fully homomorphic encryption).Also Microsoft has reported major improvements in performance of homomorphic encryption with the use of artificial intelligence (AI) CryptoNets based optical recognition systems. This deep-learning neural network uses the homomorphic encryption capabilities powered by Simple Encrypted Arithmetic Library (SEAL) ­ code for which Microsoft revealed last November.In closingData encryption-based data security paradigms are only as good as the safety of the keys used to encrypt the data. Even if the keys are stored securely, the data is available in plaintext in memory or on disk and is susceptible to exfiltration or unauthorized access through various sophisticated memory-based exploits, both in the application or server stack, or in the firmware itself.In the future, data processing will be done either directly on encrypted data (FHE) or by not sharing all the private data itself (MPC). This new paradigm will greatly reduce the cyber risk from data exfiltration, breaches and unauthorized access. Security technologists are at the forefront of emerging technologies in this arena, and considering the current state of the threat scene and emerging cyber risk, are our best line of data security defense. Raj Badhwar
< Page 9 | Page 11 >