Consult with Intel® experts on HPC topics
19 Discussions

Intel Completes DARPA DPRIVE Phase One Milestone for a Fully Homomorphic Encryption Platform

0 0 3,688

Posted on behalf of Rosario Cammarota, Intel Principal Engineer, and DARPA DPRIVE Principal Investigator

Fully homomorphic encryption (FHE) is a new cryptosystem that allows applications to perform computation on encrypted data without exposing the data itself and decryption keys. This differs from traditional encryption methods that protect data when transmitted or stored, but not during use as the information must be decrypted to be used in computation or analysis. The possibility of data theft of unencrypted data is eliminated with FHE because the data always remains encrypted. Even if stolen, the FHE data remains useless to a thief because it cannot be decrypted by an unintended recipient. Despite this extraordinary security benefit, FHE is simply too time-consuming to be practical on existing hardware devices. Currently, a computation that would take a millisecond to complete on a standard laptop would take weeks to compute on a conventional server running FHE software. [i]

Creating a Five Order of Magnitude Faster FHE Accelerator

To achieve real-time FHE, Intel signed an agreement with Defense Advanced Research Projects Agency (DARPA) in 2021 to take part in its Data Protection in Virtual Environments (DPRIVE) program. As part of the selection announcement, DARPA program manager Tom Rondeau noted “We currently estimate we are about a million times slower to compute in the FHE world then we are in the plaintext world. The goal of DPRIVE is to bring FHE down to the computational speeds we see in plaintext. If we are able to achieve this goal while positioning the technology to scale, DPRIVE will have a significant impact on our ability to protect and preserve data and user privacy.” Intel’s role in the project is to develop a platform with the orders-of-magnitude faster performance capability that can perform real-time FHE in a form factor that can be plugged into a conventional computer system.[ii] Scalability obviously occurs according to the number of FHE accelerated nodes in a cloud or compute cluster.

Meeting these aggressive design goals meant that the technical  team composed of Intel Labs, Security Architecture and Engineering, and Advanced Accelerated Systems and Graphics had to “start from scratch to create a massively parallel Multiple Instruction Multiple Data (MIMD) architecture and specialized memory subsystem that can deliver a five order of magnitude performance increase.” Chris Wilkerson on my team explains. “No existing CPU or GPU architecture can provide the necessary memory bandwidth and massive MIMD parallelism required to support real-time FHE. This mandates a completely new computer architecture design, starting from the design of a completely new set of arithmetic circuit data paths.”

Sanu Mathew on my team explains, “We are not performing standard integer or floating-point computations. Instead, we had to design special arithmetic units that can natively perform massive numbers of modular arithmetic multiplications and additions in parallel on large numbers. The nice thing about FHE is that there is a huge amount of parallelism in the algorithm. This means we can throw large amounts of these special arithmetic units at the problem, subject to the certain restrictions including the design goal that the accelerator be air cooled.”

Jin Yang, who is also on my team and works on the formal methods to ensure that the arithmetic, algorithms, and parallel hardware deliver correct results, points out, “There is significant complexity in the hardware and hardware/software interaction in the massively parallel design that implements FHE. This raises significant challenges in formal verification to ensure that everything works together to deliver mathematically correct results regardless of the order in which the arithmetic operations are executed by the hardware. We cannot simply perform bit-wise comparisons for verification. Instead, mathematical correctness has to be established using a variety of formal verification tools, along with simulation and emulation.”

A Phase One Design Success

As of the date of this blog publication, the Intel Labs team has met their phase one milestone deliverable. The implementation is all there, and many of the gates used by the basic software infrastructure can be emulated. Meeting the phase one goal required a 15-month effort by the Intel Labs team followed by an evaluation period of around 6 months while DARPA verified that the work met the phase one requirements. The successful conclusion of the phase one effort means the team will soon start another 15-month effort that will again be verified by DARPA to confirm that the work satisfies the phase two milestone requirements.

A Design with Many Possibilities

This is an exciting time as this new hardware design can make the dream of real-time FHE possible. Intel publicly acknowledges, "When fully realized, the accelerator could deliver a massive improvement in executing FHE workloads over existing CPU-driven systems, potentially reducing cryptograms' processing time by five orders of magnitude." [iii]

The technology is so groundbreaking that the team expects this design work to have many beneficial effects inside Intel. Poornima Lalwaney another member of  my team explains, “What we are building for Intel is an enabler. This is not a one-time investment but rather a seed to grow a portfolio of products.” Thanks to DARPA and the DPRIVE program, Intel is the first semiconductor player intending to build silicon and software for FHE.

Very importantly, this project also positions Intel to be a leader in the post-quantum world as the hardware is capable of running a fair number of postquantum cryptography schemes. Mathew makes this explicit, “There is a new set of security algorithms that are being formulated today called post-quantum crypto tools. People are figuring out the best ways to implement them, so these tools are not yet standardized. The kind of hardware that we're building fits very well into this post-quantum crypto space.”

Planning for a post-quantum world is essential to the future of global commerce as we know it. As Rondeau noted in the 2021 DARPA announcement, “Advances in quantum computing are raising questions about the durability of some of the most advanced data protection technologies.” [iv] Our team at Intel believes the accelerator technology we are developing will play a large role in our post-quantum future.


[i] https://www.darpa.mil/news-events/2021-03-08

[ii] https://www.zdnet.com/article/intel-joins-darpa-in-search-of-encryption-holy-grail/

[iii] https://www.zdnet.com/article/intel-joins-darpa-in-search-of-encryption-holy-grail/

[iv] https://www.darpa.mil/news-events/2021-03-08



Performance varies by use, configuration, and other factors. Learn more at www.Intel.com/PerformanceIndex​.  

Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available ​updates.  See backup for configuration details.  No product or component can be absolutely secure. 

For workloads and configurations visit www.Intel.com/PerformanceIndex. Results may vary.

Intel does not control or audit third-party data.  You should consult other sources to evaluate accuracy.

Your costs and results may vary. 

Intel technologies may require enabled hardware, software, or service activation.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.  Other names and brands may be claimed as the property of others.