Microsoft researchers have just published a paper that describes a major breakthrough in speed for homomorphic encryption systems, which make it possible to analyze and make changes to data without first decrypting it.
If fully realized, Microsoft's advancement has major implications for privacy, data-analysis and next-generation applications. First, here are some of the key details of the paper from the Register, which was first to report on its publication:
[Homomorphic encryption] has major advantages from a security standpoint. Hospital records can be examined without compromising patient privacy, financial data can be analyzed without opening it up to theft, and it's perfect for a computing environment where so much data is cloud-based on someone else's servers.
There is, of course, a problem. The first fully working homomorphic encryption system, built by Craig Gentry (now an IBM Research cryptographer), was incredibly slow, taking 100 trillion times as long to perform calculations of encrypted data than plaintext analysis.
IBM has sped things up considerably, making calculations on a 16-core server over two million times faster than past systems, and has open-sourced part of the technology. But, in a new paper, Microsoft says it's made a huge leap forward in speed – and applied the encryption system to deep-learning neural networks.
Professor Kristin Lauter, principal research manager at Microsoft, told The Register that the team has developed artificial intelligence CryptoNets that can process encrypted data without having to decrypt the information thrown at the AI. The team claims that its CryptoNet-based optical recognition system is capable of making 51,000 predictions per hour with 99 per cent accuracy while studying a stream of encrypted input images.
Analysis: Microsoft's Breakthrough Both Answers and Raises Questions
Microsoft's advancement is of course still in the research labs, and so it's important to temper expectations. But if and when homomorphic encryption becomes a more viable option for software vendors to use, there are some cautions to consider.
Two passages in Microsoft's paper stand out, notes Constellation Research VP and principal analyst Doug Henschen. The first:
By combining techniques from cryptography, machine learning, and engineering, we were able to create a setup in which both accuracy and security are achieved while maintaining a high level of throughput.
But there is also this warning, Henschen adds.
The growing interest in Machine Learning As A Service (MLAS)… requires attention to the security and privacy of this model. Not all data types are sensitive, but in many applications in medicine, finance, and marketing, the relevant data on which predictions are to be made is typically very sensitive.
To this end, "CryptoNets seems like another example of advanced analytical capabilities opening up incredible possibilities as well as ethical questions," Henschen says. "It seems like these impressionistic predictions about data could be open to misuse even they don’t technically compromise the details of the data.
"In the hospital scenario, for instance, could the aggregated impression of the data stream be misused even if the details of the patient population remain anonymous?" he says. "And just how abstracted are the predictions? If financial institution X sends a cloud service provider an encrypted stream of details about its customers, could the service provider misuse an impression of that customer base even it has no insight into personally identifiable information?"
Meanwhile, Microsoft is hardly the only company striving for breakthroughs in homomorphic encryption, says Constellation Research VP and principal analyst Steve Wilson: "There are many many research avenues underway, leading to homomorphic encryption algorithms with different properties and attractions. It's impossible to generalize."
"The other problem, less urgent perhaps but critical in the long term, is that we are learning the hard way that de-identification is never absolute," Wilson says. "Even fully encrypted data can be traced back to individuals if you have access to other things like metadata, context, traffic analysis—monitoring where data flows without knowing what it is—and so on."
"So I advise clients to be very careful with homomorphic encryption," Wilson adds. "Cloud providers want to retain all sorts of analytics options, so that tells you fundamentally that the 'encryption' is, well, weak in some sense, easier to crack or reverse than the very familar and complete scrambling algorithms like AES."
"And that brings me to the final note of caution," Wilson says. "Cryptography is a conservative business. It takes years to develop good algorithms and years more to test them and harden them through peer review. We don't see the same level of rigor and intense, public academic peer review to date with homomorphic crypto. Maybe we never will. It might depend on how socially important this stuff becomes."
Reprints
Reprints can be purchased through Constellation Research, Inc. To request official reprints in PDF format, please contact Sales.