Privacy-Preserving Computation Techniques & FHE from Ziroh Labs.
The world is becoming increasingly data driven and will only continue to be so. The need for storage and computation from enterprises is insatiable. A direct result of this phenomenon, is the rapid growth of the cloud as enterprises outsource their Computation & Storage needs to third-party clouds. This poses a big and real risk to enterprise Data Security & Privacy.
In the context of Privacy Enhancing Technologies (PET), four specific technologies have emerged to cover varied privacy goals as depicted in the diagram below.
1) Secure Multiparty Computation (MPC).
2) Fully Homomorphic Encryption (FHE).
3) Trusted Execution Environments (TEE).
4) Differential Privacy (DP).
Secure Multiparty Computation (MPC) is a subfield of cryptography. MPC deals with the problem of jointly computing an agreed-upon function among a set of possibly mutually distrusting parties, while preventing any participant from learning anything about the inputs provided by other parties. A more detailed treatment can be found in multiple academic research papers. The brief definition above can be found in the UN Handbook on Privacy-Preserving Computation Techniques. Cost of handbook? $0.00 :-)
Fully Homomorphic Encryption (FHE) is a an encryption primitive that allows computations on the cipher-text without having to decrypt in first. So, in essence, it protects data in Data-In-Use state. Like AES Encryption protects data in its Data-At-Rest state and Data-In-Transit is protected by encrypted connections (HTTPS, SSL, TLS).
Homomorphic Encryption schemes for one single type of arithmetic operation (addition or multiplication) have been around for a very long time. However, the promise of Fully Homomorphic Encryption schemes (as opposed Partial Homomorphic Encryption) is the ability to perform arbitrary computations on encrypted data. This technology in essence can, Hide (from unauthorised party) and Reveal ( to authorised party) Sensitive Data Simultaneously. The Client-side (in a client-server architecture) can get storage, computation from the Server-side ( i.e. the storage, computation provider, like the cloud) without revealing the underlying, sensitive data to the Server-side.
Differential privacy (DP) can limit the amount of information about “individual records” in a database by releasing the result of an “aggregate computation” on that database. Unlike cryptographic techniques, DP can be thought of as a mathematically provable guarantee of privacy protection in the context of statistical analysis. DP guarantees that the result of a (DP compliant) analysis about a individual’s private information is identical whether or not that individual’s private information is included in the input to the analysis.
A Trusted Execution Environment (TEE) is a simply a secure area inside a main processor. An isolated environment. created using using both special purpose hardware and software to protect data inside the TEE. In general, TEE provides a “trusted environment” inside which a compute can run while it is invisible to any other process on the processor, the operating system or any other privileged access. Unlike Homomorphic Encryption, computations inside the TEE are performed on the decrypted, clear-text data.
A handy comparison on these Privacy Preserving Technologies (PET) from the Protecting Privacy in Practice Report by Privacy Enhancing Technologies
Working Group at The Royal Society is depicted below.
At Ziroh Labs, we have developed highly performant Fully Homomorphic Encryption primitive which is currently available as developer-friendly libraries. ( oh yes, our libraries are meant for developers, and not just PhDs)
The Ziroh Labs Fully Homomorphic Encryption Library supports the widest range of computations on String Data Types like the following and all Arithmetic Operations on Numeric Data Types. It’s blazingly fast too.
In an (internal) performance comparison experiment with the SEAL Homomorphic Encryption Library from Microsoft, our algorithms performed much better than the most recent version on the SEAL library both in terms of speed and cipher-text bloat size.
1). Grouping or Ordering using lexicographic properties of encrypted text. Hence, relational operators such as “<,<=,>,>= and ==” can be applied
2). Both Whole String Search such as “JohnDoe” and Partial String Search such as “John*” including Regular Expression Search such as Jo*[a-z]*
3). Combination of whole keywords using Boolean Operators such as John AND Jane, John OR Jane, John NOT Jane, or an arbitrary expression formed using Boolean operators AND, OR, NOT.
4). Multiple other operations like Prefix Search, Suffix Search, Compare, Concatenate, Contains, Split, Replace, Sort etc.
A comparison with other state-of-the-art Homomorphic Encryption Libraries depicted below, makes it evident that the above, highly useful computations on String Data Types are not supported out-of-the-box by any other library.
Similarly, here is a comparison with other state-of-the-art Homomorphic Encryption Libraries for supported computations on Numeric Data Types. These can then be evolved to execute algorithms like Decision Tree, Random Forest, Singular Value Decomposition etc. with encrypted data.
Up until now, most successful products have grown on three pillars — Storage, Computation and Engagement. However, in the future, another vital pillar will continue to become increasingly important — The Pillar of Privacy and Confidentiality. The world will continue to take data driven decision, but unlike in the past this, has to be done without compromising privacy and confidentiality.
The mission at Ziroh Labs is dedicated to this singular purpose of developing Privacy Enhancing Technologies.
For additional details, please reach out to bhaskar at ziroh dot com
