From the NSA to Silicon Valley, a new kind of encryption is going commercial
Encryption as we know it is on the brink of a major advancement: Mathematics teams at IBM, Intel, Microsoft and a range of startup firms are pushing ahead with research that could make it possible for technology companies to encrypt data while it’s in use.
This kind of security, known as homomorphic encryption, would mark a significant upgrade over current forms of encryption, which secure data while it’s stored or while it’s moving through a connection. Homomorphic encryption would better protect users who are using internet searches and accessing stored credit numbers as well as businesses that are sharing proprietary data as part of information sharing programs.
The protocol was developed in part by U.S. National Security Agency researchers looking for a way to quickly search or transmit classified material without sacrificing security. It’s since become the focus of security-minded investors.
“We think that whoever cracks homomorphic encryption is going to have a lock on the next generation of cryptography,” said Mark Horvath, an analyst at the market research firm Gartner. “There’s a lot of people who don’t quite understand what it means, or assume it’s just marketing and it can’t possibly work. But it’s all really cutting edge stuff, and there is a lot of money going against it because we all know we’re getting close.”
Homomorphic encryption soon will help large companies protect their information at times when they need to share it in a multi-party computing environment, Horvath said.
For example, real-estate developers seek the most efficient price for steel by comparing their rates with prices that other developers are paying, he said. Those proprietary rates are anonymized, encrypted and submitted to a third-parties that pool the information for wider industry consumption.
“Homomorphic encryption can help that process by allowing companies to share that information in an encrypted way from the start,” Horvath said. “It happens faster, and there’s less of a risk people will find out what you’re paying for steel.”
The race intensified in December when Microsoft released its Simple Encrypted Arithmetic Library (SEAL), an open-source library developed by the company’s cryptographers. The effort is meant to keep personal data private as the cloud makes accessibility more convenient, the company said.
“With traditional encryption schemes, it is impossible to run any computation on encrypted data,” Microsoft said in a blog post. “So we either store our data encrypted in the cloud and download it to perform any useful operations, which can be logistically inconvenient, or we provide the decryption key to service providers, risking our privacy. Homomorphic encryption, which allows processing of encrypted data, gives us the ability to use these services without exposing our private information.”
Intel announced it is using the SEAL library. IBM said last year it also is working on its own homomorphic encryption technology. Much of IBM’s project has focused on increasing the speed of processing data that has gone through the homomorphic encryption process, according to the Register.
Firms still are trying to navigate the details, but homomorphic encryption could become widely adopted within five years, Horvath said. Other use cases could include more efficiently transmitting an individual’s medical records without going through the encryption and decryption processes, he said.
This line of encryption research is distinct from quantum computing, which theoretically would help machines in the future work more efficiently than the computers available today. Researchers have suggested quantum computing could quickly overcome most modern cryptographic schemes. However, early experiments have suggested that perfect homomorphic encryption schemes could be resistant to quantum decryption, Horvath said.
First, researchers need to get the math right. Homomorphic encryption is technically feasible, Horvath says, but the process involves such complex multiplication and addition processes that most solutions are incomplete.
Investors see an opportunity in that challenge. Until now, encrypting data in-use has been a kind of a pipe dream for many technologists. Now, as corporate giants invest in this research, venture capitalists are taking notice.
“This is a big deal in my mind,” said Bob Ackerman, founder and managing director at Allegis Cyber, an early stage venture firm, and a board member at Data Tribe. “Innovation is thinking proactively about how we build architectures which are secure by design … and data-centric security is an area where I think we’re getting out of a reactive approach.”
Enveil is one company receiving attention for its promise to provide scalable homomorphic encryption. The company was founded by Ellison Anne Williams, a former researcher at the NSA, and has received a combined $4 million in funding from In-Q-Tel (the CIA’s venture arm), Bloomberg Beta, Thomson Reuters, Data Tribe and USAA.
The firm has the goal of creating new revenue opportunities to protecting sensitive information. It is working with companies in the health care and financial industries. One use-case for the latter involves helping traders secretly find information about possible mergers and acquisition targets without revealing their interest and losing leverage in a deal.
“They can encrypt that search for the trade within their walls, send it out encrypted to the data aggregator, and then have the information returned to them,” Williams said, adding that interest in homomorphic encryption has rapidly grown since Enveil launched in 2016.
“If you’d never heard of it it sounded like it was from the moon and if you did it sounded impossible,” she said. “We’ve seen it become buzzy, and start to appear in investment reports and analyst reports. … Then we started to get the reaction of, ‘Can we invest in you?’”