- Status: Finalised
Background
Established cryptographic procedures enable protection against unauthorised access to sensitive data during communication with other parties (data in transit) and during the storage of this data (data at rest). However, it is not possible to process data directly in an encrypted state using conventional methods. This is contrasted by newer cryptographic concepts such as encrypted computing (EC).
EC can enable highly confidential and data protection-compliant applications. The results of the preliminary project “Encrypted Computing Compass” form a solid basis for the technological possibilities and use cases.
Aim
The aim of this program is to research new, prototypical technologies with application relevance for internal and external security. Data should be processed directly in encrypted form (data in use). Sensitive and security-critical data can thus be analyzed, but at the same time kept secret from unauthorized access. Such procedures thus cover all three forms of digital data and make it possible to flexibly reconcile data protection and data use.
Disruptive Risk Research
In addition to the usual risks of cryptographic algorithms, namely that cryptanalysis can lead to high-performance procedures that weaken security, there is also the threat of further dangers from quantum computers in the near future.
Methods from the field of fully homomorphic encryption, for example, are based on mathematical problems which, according to current knowledge, cannot be solved efficiently even by quantum computers. These are therefore considered quantum-safe and – as things stand at present – are regarded as particularly future-proof.
Projects
Introduction to Encrypted Computing/Privacy Enhancing Cryptography
Introduction to Encrypted Computing/Privacy Enhancing Cryptography
Established cryptographic procedures usually enable protection against unwanted access to sensitive data during communication with other parties (data in transit) and during the storage of this data (data at rest). However, it is not possible to continue processing data in an encrypted state with these classic methods. This contrasts with newer cryptographic concepts such as Encrypted Computing (EC) and Privacy-Enhancing Cryptography (PEC): EC/PEC technologies such as Fully Homomorphic Encryption (FHE) and Multi Party Computation (MPC) allow data in encrypted form to also be processed (data in use). Decryption to plain text is only necessary if the results are to be viewed by the client/user; however, this is not necessary for the calculations themselves. Sensitive and security-critical data can thus be analyzed, but at the same time kept secret from unauthorized access. EC/PEC processes therefore cover all three forms of digital data and make it possible to flexibly reconcile data protection and data use.
Quantum and future-proof
In addition to the limitation that many common, classical methods (such as RSA) only allow limited calculations in the encrypted domain, there is a risk that quantum computers will be completely broken in the near future because the underlying mathematical problems can be solved efficiently. Methods that are suitable for homomorphic encryption are based on other mathematical problems that, according to current knowledge, cannot be solved efficiently even by quantum computers. They are therefore considered quantum-safe. EC/PEC methods are therefore future-proof according to the current state of research.
Use case “Machine Learning as a Service”
An exemplary use case for FHE in the field of machine learning (ML) is machine learning as a service (MLaaS): In this scenario, a service provider offers to analyze data via an ML model, but does not want to disclose the model for reasons of confidentiality. At the same time, the data owners and users of the service do not want to transmit certain data to the service provider in plain text. Normally, it would not be possible to process the data in this setting, as neither party trusts the other. One solution to this is a homomorphic public key procedure. Such a procedure enables the data owner to encrypt their sensitive data homomorphically and the service provider to evaluate the data in encrypted form using their model in the encrypted domain without decrypting the encrypted data. The service provider then sends back the encrypted result, which can be converted into plain text for the data owner using their private key. The model is protected by the fact that it remains with the service provider at all times, meaning that the data owner cannot access it.
Previous restrictions
Even if such “encrypted calculations” are already possible in theory, the known methods are still often too slow in practice or require too much memory to process large amounts of data. The aim of the project is to develop new methods or improve existing methods so that further use cases can also be covered in practice.
Encrypted Computing Compass
Encrypted Computing Compass
1. project question:
Established cryptographic methods usually enable protection against unwanted access to sensitive data during communication with other parties(data in transit) and during the storage of this data(data at rest). The cryptographic techniques presented in the Encrypted Computing Compass, such as homomorphic encryption and multiparty computation, differ from these classic methods in that they also allow data processing(data in use) in the encrypted domain. This means that the data remains encrypted not only during storage but also during computation. These methods therefore represent one of the highest forms of data protection and they make it possible to cover more use cases than conventional methods. For example, homomorphic encryption makes it possible to outsource computationally intensive tasks to a cloud computer, even if no data is entrusted to it.
The preliminary study “Encrypted Computing Compass” provides an overview of the state of the art in the field of “Encrypted Computing” and will be the starting point for at least one further Cyberagentur project in the field of Encrypted Computing.
2. project partner/contractor:
CISPA | BOX | KIT |
Dr. Nico Döttling, CISPA, Saarbrücken Anne Müller, CISPA, Saarbrücken Anne Müller (cispa.de) | Thomas Agrikola, KIT, Karlsruhe Laurin Benz, KIT, Karlsruhe KIT– Chair Müller-Quade – Employees – Laurin Benz, M.Sc. | |
Prof. Dr. Jörn Müller-Quade, KASTEL, KIT, Karlsruhe |
3. abstract of the publication:
Data forms the basis of important economic or social decisions and scientific progress. However, much data, such as company secrets or personal data, should be protected. It would therefore be desirable to be able to calculate on secret data and obtain results without revealing secrets. Techniques of modern cryptography allow computing on secrets and this document, the Encrypted Computing Compass, is intended to provide a classification of these techniques and assess the practicability of the solutions. Roughly speaking, modern cryptography offers three approaches to computing on secrets:
- Fully homomorphic encryption (FHE) is a public key encryption method with which numbers can be encrypted in such a way that it is possible to calculate with these encrypted numbers without knowing the numbers themselves. The results of the calculation remain encrypted numbers and the result can only be decrypted with the secret key. FHE methods are the focus of this study, as there has been enormous progress in these methods in recent times and the possibilities and limitations of these methods are not generally known.
- Secure multiparty computations (MPC) are cryptographic methods in which several participants each have secret inputs and want to calculate together on these inputs without revealing more than the result of the calculation. In theory, it has been known since the 1980s that such methods exist for arbitrary computations, but significant progress has since been made in the efficiency of the methods. Secure multiparty computations are considered in this paper as an alternative to FHE methods. Depending on the application, secure multiparty computations may be more suitable than FHE methods, especially if the communication overhead may be large.
- Secure enclaves or Trusted Execution Environments (TEEs) are hardware components that encapsulate a secure calculation in such a way that even the operator of the hardware cannot access the secret inputs or manipulate the output. Enclaves and TEEs are only considered in passing in this document because, unlike FHE or MPC, they require a high level of trust in the manufacturer of the enclave. Nevertheless, enclaves and TEEs could be an interesting alternative for lower security requirements because they compute directly on the secrets without additional effort and therefore have an efficiency that is unrivaled by other methods. A combination of different methods with different levels of efficiency and security could be a promising approach for the future.
The aim of this document is to provide a compact and understandable presentation of the scientific foundations on which FHE and MPC methods are based, as well as a preliminary study of practical feasibility for relevant use cases. The document is divided into the following sections:
Ontology (Chapter 12), this section clarifies the necessary terms and allows direct access to relevant literature.
Lattice-based cryptography (Chapter 2), in this chapter the mathematical foundations of lattice-based encryption methods are motivated and introduced, in particular the underlying security assumptions are considered, for example that lattice-based methods are considered secure even against quantum computers.
Lattice-based encryption methods (Chapter 3), two specific encryption methods are specified here. These are public-key methods, i.e. methods in which anyone can encrypt, but only the owner of a secret key can decrypt. These lattice-based methods already allow the addition of encrypted secrets and form the basis of fully homomorphic methods.
Somewhat Homomorphic Encryption (Chapter 4), this chapter explains the basics of fully homomorphic encryption methods from the first approaches to the currently most up-to-date methods of the so-called fourth generation.
Fully-Homomorphic Encryption (Chapter 5), where the various fully-homomorphic methods are briefly introduced, as well as the relevant research groups and available libraries. This chapter thus reflects the current state of research and provides the key references for future studies on fully homomorphic encryption.
Advanced methods (Chapter 6), here variants of FHE methods are presented that have additional properties or offer advantages. In particular, methods for numerical, i.e. approximate calculations, methods that allow more participants, methods that support quantum calculations or the obfuscation of circuits.
Secure multi-party computation (MPC) (Chapter 7), this chapter presents alternatives to FHE methods that allow more efficient computation on secret data for some applications, but have a significantly higher communication overhead.
We have only briefly considered secure hardware (Chapter 8) in this document because a great deal of trust in the hardware and the manufacturer is required as long as secure hardware is not combined with other approaches. We have looked at Trusted Platform Modules (TPMs), which ensure that only certain certified programs run on the computer, and secure enclaves, which can encapsulate calculations.
Applications and use cases (Chapter 9), this chapter is a core part of the preliminary study, as it looks at specific relevant application examples and their feasibility on encrypted data. As a summary of the use case study, it can be concluded that FHE-based approaches are currently not competitive with alternative approaches for applications where neither communication complexity nor load balancing are important.
Benchmarks (Chapter 10), this section presents an FHE Estimator that was developed and implemented as an essential part of this preliminary study. This FHE Estimator is accessible via a website and, based on a given program, can estimate the effort that would be required to calculate this program as a circuit with an FHE method.
Decision support (Chapter 11), this section provides a systematic classification of the various approaches available for calculating on secrets, building on the previous chapters. Questions about a planned application are used to decide step by step which approach is best suited for the application.