A medical facility aiming to utilize a cloud computing platform for conducting artificial intelligence data evaluations on sensitive patient information requires assurance that this information will remain confidential during processing. Homomorphic encryption serves as a unique type of security framework that can offer this guarantee.

This approach encodes data in such a manner that computations can be executed without the need to decrypt it, thus preventing unauthorized individuals from gaining insights into the underlying patient information. Nevertheless, methods to accomplish homomorphic encryption are limited, and they tend to be so computation-heavy that actual implementation in real-life scenarios is frequently impractical.

Researchers at MIT have introduced a novel theoretical method for creating homomorphic encryption systems that is straightforward and dependent on computationally efficient cryptographic tools. Their strategy fuses two instruments, enhancing their overall functionality beyond what either could achieve independently. The team utilizes this to develop a “somewhat homomorphic” encryption method — specifically, it permits users to execute a restricted number of operations on encrypted data without needing to decrypt it, unlike fully homomorphic encryption, which allows for more intricate computations.

This somewhat homomorphic approach could accommodate numerous applications, such as confidential database searches and private statistical evaluations.

Although this framework remains theoretical, and significant work still lies ahead before it can be employed practically, its simplified mathematical foundation may render it efficient enough to safeguard user information across a broader spectrum of real-world situations.

“Our aspiration is for you to enter your ChatGPT query, encrypt it, transmit the encrypted data to ChatGPT, and receive outputs without it ever accessing your request,” states Henry Corrigan-Gibbs, the Douglas Ross Career Development Professor of Software Technology within the MIT Department of Electrical Engineering and Computer Science (EECS) and a co-author of a publication on this security model. “We are still quite far from that point, partly because these systems are incredibly inefficient. In this research, we aimed to create homomorphic encryption schemes that diverge from conventional tools, as alternative methods can frequently yield more efficient, practical designs.”

His co-authors comprise Alexandra Henzinger, an EECS graduate student; Yael Kalai, an Ellen Swallow Richards (1873) Professor and professor of EECS; and Vinod Vaikuntanathan, the Ford Professor of Engineering and a principal investigator at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL). The findings will be presented at the International Conference on the Theory and Applications of Cryptographic Techniques.

Striking a balance between security and versatility

MIT researchers began contemplating homomorphic encryption as early as the 1970s. However, crafting the mathematical framework necessary to securely embed a message while allowing sufficient flexibility for computation has proven to be profoundly challenging. The initial homomorphic encryption scheme was only established in 2009.

“These two requirements are inherently at odds. On one side, security is paramount; on the other, we need flexibility within the homomorphism. Our mathematical avenues to achieve this are exceedingly limited,” comments Henzinger.

In essence, homomorphic schemes introduce noise to a message for encryption. As algorithms and machine learning models perform tasks on that encoded message, the noise grows unavoidably. If a computation is carried out for an extended period, the noise could eventually obscure the message entirely.

“For instance, if you execute a deep neural network on these encrypted data, by the end of the computation, the noise could be a billion times more substantial than the original message, making it impossible to discern what the message conveys,” Corrigan-Gibbs clarifies.

There are two primary strategies to mitigate this dilemma. A user might minimize operations, but doing so limits the utilization of the encrypted data. Conversely, a user could implement additional steps to diminish noise, though these techniques often require an overwhelming amount of extra processing power.

Somewhat homomorphic encryption aims to satisfy users by meeting them halfway. It allows for secure operations on encrypted data using a specific category of functions that curtail noise from escalating excessively.

These functions, referred to as bounded polynomials, are specifically crafted to avoid overly complex operations. For example, they permit numerous additions while restricting the number of multiplications performed on encrypted data to limit excess noise generation.

More than the sum of their components

The researchers constructed their framework by merging two fundamental cryptographic instruments. They initiated their work with a linear homomorphic encryption model, which is limited to performing additions on encrypted data, and incorporated one theoretical assumption into it.

This cryptographic presumption “elevates” the linear model into a somewhat homomorphic variant capable of operating with a broader array of more intricate functions.

The mechanism for executing homomorphic encryptions is relatively straightforward. The researchers’ model encodes each data piece into a matrix so that the matrix conceals the underlying data inherently. To perform additions or multiplications on such encrypted data, one simply needs to add or multiply the corresponding matrices.

The researchers utilized mathematical proofs to demonstrate that their theoretical encryption model ensures security when operations are confined to this category of bounded polynomial functions.

With this theoretical model established, the subsequent challenge will be to make it applicable for real-world use. This will necessitate the development of a fast encryption scheme capable of executing certain computations on contemporary hardware.

“We haven’t dedicated a decade to optimizing this scheme yet, so we are uncertain about its potential efficiency,” notes Henzinger.

Moreover, the researchers aspire to broaden their approach to accommodate more complex operations, inching closer to devising a new pathway towards fully homomorphic encryption.

“What excites us is that, when we combine these two straightforward elements, an unexpected and different outcome arises. It gives us hope. What other advancements can we explore now? Perhaps adding something else can lead to even more thrilling possibilities,” Corrigan-Gibbs expresses.

This research was partly funded by Apple, Capital One, Facebook, Google, Mozilla, NASDAQ, MIT’s FinTech@CSAIL Initiative, the National Science Foundation (NSF), and a Simons Investigator Award.