Accessible Privacy Preserving Computation

Privacy and security are gaining tremendous importance across all organizations as public perception of these issues has shifted and expectations, including regulatory demands, have increased. This, in turn, has led organizations to adopt stronger security and privacy protection. Although industry best practice such as in-transit and at-rest encryption provide important protection for user data, the need to decrypt data to compute on it (in-use) still exposes the data to a wide variety of threats. Secure computation techniques such as fully homomorphic encryption (FHE), which allows a third party to perform arbitrary computations on encrypted data, address this gap. In recent years, we have seen a leap in performance in FHE driven by a series of breakthroughs and advancements that have propelled FHE into the realm of practical applications. With hardware accelerators on the horizon, FHE will soon be competitive for a wide range of applications. However, applying FHE in practice is notoriously difficult. Deploying FHE in practice and at scale is today hindered primarily by its complexity rather than its performance potential. The performance characteristics of FHE are nonintuitive and highly contextual, and anticipating them requires significant experience and expertise. The next leap towards broader adoption of FHE requires designing and building a development ecosystem for FHE that facilitates FHE application development. We need to provide the right abstractions and automatic optimizations to tame the current complexity of FHE development and deliver on the performance potential of FHE. The aim of this work is to build the tools for an accessible FHE development ecosystem.

• The State of Fully Homomorphic Encryption Compilers (Published in IEEE S&P’21): Fully Homomorphic Encryption allows a third party to perform arbitrary computations on encrypted data, learning neither the inputs nor the computation results. Hence, it provides resilience in situations where computations are carried out by an untrusted or potentially compromised party. This powerful concept was first conceived by Rivest et al. in the 1970s. However, it remained unrealized until Craig Gentry presented the first feasible FHE scheme in 2009. Since then, FHE has gone from theoretical breakthrough to practical deployment. However, developing FHE systems remains complex, requiring expert knowledge. In this work, we outline the inherent engineering challenges in developing FHE applications and discuss how tools like compilers that translate between standard programs and FHE implementations can step in to address some of these complexities. We survey, evaluate, and systematize FHE tools and compilers. Using different case study applications that represent common aspects of FHE applications, highlight where barriers to entry have been successfully lowered and where they still remain.

• HECO (Published in USENIX Security’23): FHE imposes a fundamentally different programming paradigm. This arises not only because the security guarantees imply programs must be data independent but also because FHE ciphertexts deteriorate during homomorphic operations, which must be carefully managed. In addition, many schemes feature powerful inherent parallelism. However, fully exploiting this feature requires significant rethinking and redesigning of applications and algorithms to match the FHE programming paradigm. As a result of these challenges, a vast gap currently exists between state-of-the-art performance results and what non-experts can achieve themselves. Towards this, we developed HECO, an end-to-end compiler for FHE that aims aims to enable non-experts to develop secure and efficient FHE applications. At its core is a program transformation logic that translates standard high-level imperative code to the unique programming paradigm of FHE. From an unoptimized high-level input, our compiler can generate code that matches the performance of code written by an expert.

• Verifiable Fully Homomorphic Encryption: FHE is seeing increasing real-world deployment to protect data in use by allowing computation over encrypted data. However, the same malleability that enables homomorphic computations also raises integrity issues, which have so far been mostly overlooked. While FHE’s lack of integrity has obvious implications for correctness, it also has severe implications for confidentiality: a malicious server can leverage the lack of integrity to carry out interactive key-recovery attacks. As a result, virtually all FHE schemes and applications assume an honest-but-curious server who does not deviate from the protocol. This assumption is insufficient for a wide range of critical deployment scenarios. While there has been work that aims to address this gap, these have remained isolated efforts considering only aspects of the overall problem and fail to fully address the needs and characteristics of modern FHE schemes and applications. In this project, we analyze existing FHE integrity approaches, present attacks that exploit gaps in prior work, and propose a new notion for maliciously-secure verifiable FHE. We then instantiate this new notion with a range of techniques, analyzing them and evaluating their performance in a range of different settings.

• Intermediate Representations (IRs) Standards for FHE : Current FHE toolchains are standalone and generally not cross-compatible, and compilers frequently use ad hoc IRs and output formats. Not only does this lead to a substantial waste of development resources spent re-implementing common functionality, it also means developers cannot easily switch their approach or mix and match tools to exploit their strengths fully. We are working on designing common abstractions for FHE compilers and tools, including sets of IRs (e.g., MLIR dialects) that capture the information required for complex optimizations while still allowing easy lowering to simpler representations. To ensure this standardization reflects the community needs, we initiated an effort that brings together major players (i.e., ZAMA, Intel, Microsoft, Google) working on tools for FHE development. If you are interested in joining these meetings, please contact us.