Encrypted Computing – Analysis & Processing of Encrypted Data (EC2)

Encrypted Computing as Privacy Enhancing Cryptography

Established cryptographic procedures usually enable protection against unwanted access to sensitive data during communication with other parties (data in transit) and during the storage of this data (data at rest). However, it is not possible to continue processing data in an encrypted state with these classic methods. This contrasts with newer cryptographic concepts such as Encrypted Computing (EC) and Privacy-Enhancing Cryptography (PEC): EC/PEC technologies such as Fully Homomorphic Encryption (FHE) and Multi Party Computation (MPC) allow data in encrypted form to also be processed (data in use). Decryption to plain text is only necessary if the results are to be viewed by the client/user; however, this is not necessary for the calculations themselves. Sensitive and security-critical data can thus be analyzed, but at the same time kept secret from unauthorized access. EC/PEC processes thus cover all three forms of digital data and make it possible to flexibly reconcile data protection and data use.

Quantum and Future-Proof

In addition to the limitation that many common, classical methods (such as RSA) only allow limited calculations in the encrypted domain, there is a risk that quantum computers will be completely broken in the near future because the underlying mathematical problems can be solved efficiently. Methods that are suitable for homomorphic encryption are based on other mathematical problems that, according to current knowledge, cannot be solved efficiently even by quantum computers. They are therefore considered quantum-safe. EC/PEC methods are therefore future-proof according to the current state of research.

Use case “Machine Learning as a Service”

An exemplary use case for FHE in the field of machine learning (ML) is machine learning as a service (MLaaS): In this scenario, a service provider offers to analyze data via an ML model, but does not want to disclose the model for reasons of confidentiality. At the same time, the data owners and users of the service do not want to transmit certain data to the service provider in plain text. Normally, it would not be possible to process the data in this setting, as neither party trusts the other. One solution to this is a homomorphic public key procedure. Such a procedure enables the data owner to encrypt their sensitive data homomorphically and the service provider to evaluate the data in encrypted form using their model in the encrypted domain without decrypting the encrypted data. The service provider then sends back the encrypted result, which can be converted into plain text for the data owner using their private key. The model is protected by the fact that it remains with the service provider at all times, meaning that the data owner cannot access it.

Previous Restrictions

Even if such “encrypted calculations” are already possible in theory, the known methods are still often too slow in practice or require too much memory to process large amounts of data. The aim of the project is to develop new methods or improve existing methods so that further use cases can also be covered in practice.

Encrypted Computing Compass

1. project question:

Established cryptographic methods usually enable protection against unwanted access to sensitive data during communication with other parties(data in transit) and during the storage of this data(data at rest). The cryptographic techniques presented in the Encrypted Computing Compass, such as homomorphic encryption and multiparty computation, differ from these classic methods in that they also allow data processing(data in use) in the encrypted domain. This means that the data remains encrypted not only during storage but also during computation. These methods therefore represent one of the highest forms of data protection and they make it possible to cover more use cases than conventional methods. For example, homomorphic encryption makes it possible to outsource computationally intensive tasks to a cloud computer, even if no data is entrusted to it.

The preliminary study “Encrypted Computing Compass” provides an overview of the state of the art in the field of encrypted computing and is the starting point for at least one further Cyberagentur project in the field of encrypted computing.

2. project partner/contractor:

CISPA:

• Dr. Nico Döttling, CISPA, Saarbrücken
• Anne Müller, CISPA, Saarbrücken
• Anne Müller (cispa.de)

KASTEL:

• Prof. Dr. Jörn Müller-Quade, KASTEL, KIT, Karlsruhe

KIT:

• Prof. Dr. Jörn Müller-Quade, KASTEL, KIT, Karlsruhe
• Thomas Agrikola, KIT, Karlsruhe
• Laurin Benz, KIT, Karlsruhe
• KIT – Chair Müller-Quade – Employees – Laurin Benz, M.Sc.

3. abstract of the publication:

Data forms the basis of important economic or social decisions and scientific progress. However, much data, such as company secrets or personal data, should be protected. It would therefore be desirable to be able to calculate on secret data and obtain results without revealing secrets. Techniques of modern cryptography allow computing on secrets and this document, the Encrypted Computing Compass, is intended to provide a classification of these techniques and assess the practicability of the solutions. Roughly speaking, modern cryptography offers three approaches to computing on secrets:

1. Fully homomorphic encryption (FHE) is a public key encryption method with which numbers can be encrypted in such a way that it is possible to calculate with these encrypted numbers without knowing the numbers themselves. The results of the calculation remain encrypted numbers and the result can only be decrypted with the secret key. FHE methods are the focus of this study, as there has been enormous progress in these methods in recent times and the possibilities and limitations of these methods are not generally known.
2. Secure multiparty computations (MPC) are cryptographic methods in which several participants each have secret inputs and want to calculate together on these inputs without revealing more than the result of the calculation. In theory, it has been known since the 1980s that such methods exist for arbitrary computations, but significant progress has since been made in the efficiency of the methods. Secure multiparty computations are considered in this paper as an alternative to FHE methods. Depending on the application, secure multiparty computations may be more suitable than FHE methods, especially if the communication overhead may be large.
3. Secure enclaves or Trusted Execution Environments (TEEs) are hardware components that encapsulate a secure calculation in such a way that even the operator of the hardware cannot access the secret inputs or manipulate the output. Enclaves and TEEs are only considered in passing in this document because, unlike FHE or MPC, they require a high level of trust in the manufacturer of the enclave. Nevertheless, enclaves and TEEs could be an interesting alternative for lower security requirements because they compute directly on the secrets without additional effort and therefore have an efficiency that is unrivaled by other methods. A combination of different methods with different levels of efficiency and security could be a promising approach for the future.

The aim of this document is to present the scientific foundations on which FHE and MPC methods are based in a compact and understandable way, as well as a preliminary study of practical feasibility for relevant use cases.