Intel Continues to Lead Efforts to Establish FHE Standards for Encrypted Computing

Rosario (Ro) Cammarota is chief scientist of privacy-enhanced computing research in the Emerging Security Lab at Intel Labs. The following colleagues from Intel and Intel Labs contributed to this blog: Huijing Gong, Vinodh Gopal, Duhyeong Kim, Ernesto Zamora Ramos, and Alexander Viand.

Highlights:

• Intel’s encrypted computing program is at the forefront of technology and standards development for fully homomorphic encryption (FHE), including an application-specific integrated circuit (ASIC) and new software enablement tools.
• Intel continues efforts to create standards for FHE to protect digital data sharing and collaboration in data-sensitive fields such as finance, healthcare, and national security.
• To encourage ecosystem growth, Intel has initiated programs, created a benchmarking framework, and holds leadership positions in international standards bodies, peer industry player groups, and communities.
  
  

Digital data sharing and collaboration play a pivotal role in shaping the economy. By sharing and pooling data together, businesses and researchers can create an immense reservoir of knowledge for more comprehensive analysis, fostering innovative solutions and insights that were previously unattainable. This process not only accelerates growth and efficiency in various sectors but also propels the economy forward by unlocking new opportunities and driving informed decision making. As we navigate the vast seas of digital data sharing and collaboration, the importance of privacy-enhancing technologies becomes increasingly crucial [1, 2] in making sure that artificial intelligence (AI) technologies find safe, secure, and trustworthy applications development and deployment.

Fully homomorphic encryption (FHE) emerges as a groundbreaking advancement in the realm of privacy-enhanced technologies. FHE is a family of encryption methods that allows data to be processed in its encrypted form. By enabling data analysis without exposing the raw data, FHE not only fortifies privacy but also opens new avenues for secure data collaboration between distinct organizations beyond jurisdiction boundaries. The technology is particularly revolutionary in fields that handle sensitive information, such as finance, healthcare, and national security. It is not just a shield for privacy – for example, to foster trust and compliance – but also pave the way for more responsible and sustainable advancements in AI and other data-driven technologies.

Realizing Encrypted Computing

Intel’s encrypted computing program is at the forefront of technology and standards development for FHE technologies. To cope with the performance tax commonly associated with FHE technologies, Intel is building an application-specific integrated circuit (ASIC) [3, 4] and new software enablement tools to facilitate technology uses. For other enablement aspects and ecosystem growth, Intel initiated programs and holds leadership positions in international standards bodies, peer industry player groups, and communities.

Realizing FHE adoption shares common aspects with the path to adoption of classic encryption methods, where adoption is crucially tied with standards development for the encryption and decryption procedures, selection of security parameters, and the use of such cryptographic blocks in protocols to enable security mechanisms [5]. In addition, the development of FHE standards needs to expand beyond classic security mechanisms to include different FHE families, guidelines for secure parameter selection and capacity to handle complex functions, and usability aspects tied the FHE integration within business logic applications. Also, due to the rich spectrum of opportunities that FHE technologies offer for integration within business logic applications, setting benchmarks for performance is a critical task that requires stakeholder consensus.

FHE Standardization

The need for the development of global standards and best practices such as definitions, technical foundations, and application standards to facilitate the broad deployment of FHE is widely recognized. Initiated and led by Intel, the standards development for HE is ongoing in the Information Security Joint Committee 1 of the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC). ISO/IEC 28033 is a standard under development to cover FHE. It is a multipart standard to capture FHE definition (Part 1 [6]), the original designs and reference implementations for the established FHE methods such as the Brakerski-Gentry-Vaikuntanathan (BGV) and the Brakerski-Fan-Vercauteren (BFV) schemes, Cheon-Kim-Kim-Song (CKKS) and fully homomorphic encryption over the torus,  Chillotti-Gama-Georgieva-Izabachene (CGGI), and their modern variants (Part 2 [7], 3 [8], and 4 [9]) respectively. Additionally, de facto standards development exists as part of the working groups in HomomorphicEncryption.org [10], which includes leading industry, academic, and government experts working towards creating de facto standards for FHE. Intel plays a fundamental role in pushing the envelope of security, usability, and benchmarking through the HomomorphicEncryption.org working groups, aiming to further refine usability, development, and deployment practices for FHE.

Security Guidelines

In recent years, there has been substantial academic and commercial effort dedicated to practical applications for FHE. Consequently, there's a growing call for the standardization of FHE, a crucial part of which involves establishing up to date guidelines for security parameters for FHE. Initiated in 2021, Intel Labs cryptographers Huijing Gong and Duhyeong Kim have been driving a security guidelines project for implementing FHE and updating the 2018 HomomorphicEncryption.org whitepaper on security guidelines [11]. This work not only incorporates cutting-edge cryptanalysis but also expands the range of parameters and provides specific, concrete choices for different FHE schemes [12]. The initiative aims to bridge the knowledge gap in security awareness among experts, engineers, and end-users. Collaborating with leading researchers in lattice-based cryptography and FHE from prestigious institutions such as Seoul National University and University of London (Royal Holloway), and other industry participants, the project is on track for completion by 2024. Currently, all technical aspects are in the advanced stages of completion.

Usability

While new algorithms and hardware innovation achieved breakthroughs in FHE performance, usability/accessibility remains a major obstacle for the widespread adoption of encrypted computing. As of today, a high level of specialized expert knowledge is required to unlock the full potential of FHE. Addressing the underlying complexities in FHE is challenging, as state-of-the-art approaches taken by experts frequently require deep insights into both the underlying cryptographic scheme and the application to be implemented. To enable wider adoption, there is the need to design abstractions, tools, and techniques that address this complexity and enable non-expert developers to realize secure and efficient applications. However, current FHE toolchains are stand-alone and generally not cross-compatible, and compilers frequently use ad hoc intermediate representations (IRs) and output formats that are not interoperable with other tools.

Intel is helping to address this through the HE.org working group on compilers and accelerators, which has kicked off the process towards developing a unified set of abstractions and intermediate representations (AIRs) for the FHE development ecosystem. The working group brings together all major players in the FHE ecosystem and aims to increase portability and interoperability of FHE software. In addition to serving as a forum for discussion and exchange, the working group is actively developing a reference implementation (HEIR) based on the industry standard multi-level intermediate representation (MLIR/LLVM) compiler framework, of which Intel Labs security researcher Alexander Viand is co-chair. The working group presented the project at the 2023 LLVM Developer Meeting in Santa Clara and the MLIR Open Design Meeting and successfully advocated for the inclusion of the first set of FHE abstractions that were developed into the upstream LLVM project.

Benchmarking

Standardization of benchmarking is crucial for ensuring consistency and accuracy in hardware and software performance measurements, and to make data driven decisions for best deployment practices. By establishing standardized benchmarks, industry stakeholders can create a common ground for evaluating and comparing the performance of different hardware components and software solutions.

The limited selection of FHE benchmarking frameworks (which are difficult to extend and use) is a factor that has contributed to many comparisons among specific FHE implementations without a baseline or a standardized form of testing. Users do not have a tool that would easily allow them to test and compare different FHE solutions that best match their problem. This can often lead to the portrayal of skewed results towards datasets or configurations that "work well" for the competing solution. IP owners, and software and hardware creators have little chance to put their best foot forward on a level playground where fair comparison can take place with up-to-date solutions that show state-of-the-art performance in the FHE space.

To solve the lack of benchmarking tools for FHE, Intel developed and maintains HEBench, a FHE benchmarking framework that allows fair and consistent performance comparison among different implementations (in hardware and/or software) of a collection of HE workloads. In addition, we have created a FHE benchmarking community with industry leaders with the purpose of standardizing HEBench as the benchmarking tool [13], according to Ernesto Zamora Ramos, a security and AI researcher at Intel Labs.

HEBench has been designed with the philosophy of providing a flexible, easy-to-extend framework that is algorithm agnostic and does not enforce circuit execution. This allows workloads to execute anywhere and in any way that the implementation deems appropriate. The only requirement enforced is that the results from the workload operations are correct before providing performance measurements. HEBench has been presented in several venues, including the 5th HomomorphicEncryption.org Standards Meeting in 2022, and GenoPri 2022, and its development continues as part of Intel’s encrypted computing program.

Encrypted Computing and Confidential Computing

Privacy-enhancing technologies such as federated learning, differential privacy, Trusted-Execution Environment (TEE) in confidential computing, FHE, and multi-party computation [2] have different properties that make them suitable for specific application domains and requirements, including AI versus non-AI, data versus system security, performance, and availability. It is conceivable to believe that privacy-aware technology solutions will require not a single, but a combination of privacy-enhancing technologies.

For example, FHE is a pure cryptographic technique. Modern FHE extends that to large sets of numbers and large amounts of operations that represent higher-level tasks. Among its strengths is only requiring trust in the math, not the host, system admins, or software. However, FHE can be a thousandfold slower than performing those same operations without FHE, and FHE does not implicitly provide any form of data or code integrity. That means that even though the information is protected from reading, it is not protected from unwanted changes. Code integrity is out of scope for the FHE security model.

Confidential computing also has strengths and limitations. Confidential computing is practical. It uses existing code and protects it without modification, and the performance impacts are generally within a few percentage points, not orders of magnitude. Confidential computing can also enforce code integrity. Given the strengths and limitations of FHE and confidential computing, they complement each other. Perhaps most significantly, confidential computing provides code integrity (at load time), whereas code integrity is out of scope for the FHE model.

Confidential computing is widely available from cloud providers and hardware vendors. It provides practical, useful protections for data in use and in a few years, HE should become available for production use cases. Running FHE computations in a confidential computing enclave will add code integrity protection to FHE and defense in depth to confidential computing [14].

Conclusion

For cryptographic solutions to be commercially viable, there are a few key aspects that must be adequately addressed: security practices, performance, and software enablement (applications, libraries, and their use). Software implementations alone often cannot meet the performance requirements, necessitating specialized hardware features in the form of ASICs on discrete cards, accelerators integrated onto the CPU system-on-a-chip (SoC), or new instructions extending the CPU instruction set architecture (ISA). Such aspects are even more important for FHE-based solutions where the software enablement is entangled with the business application logic.

While these specialized hardware features can solve performance needs, they can impose a significant product cost for many generations of products. For hardware vendors to have confidence that these features are a good return on investment, various standards bodies need to ensure that cryptographic algorithms are stable and secure.

Waiting for cryptographic standards to be established and mature is the safest approach, but given the multi-year design cycles, this may not yield the fastest time to market. The better strategy is to participate and preferably lead the standards towards secure schemes that are feasible for efficient hardware implementation. Intel’s engagement in international standards bodies such as ISO/IEC addresses the problem of confidence around the stability and security of some FHE algorithmic variants ahead of the introduction of Intel’s encrypted computing solutions. This approach is not new to Intel’s strategy to bring encryption technologies to market. Intel has adopted this strategy over the past two decades. For example, Intel drove the adoption of the Advanced Encryption Standard with Galois Counter Mode (AES-GCM) by relentlessly driving the cost of cryptographic operations down [15]. This approach permits hardware features to start earlier, which then motivates the software ecosystem to make the necessary changes to adopt the standards, according to Vinodh Gopal, a senior principal engineer at Intel.

Using Intel’s development approach for standards and technology for encrypted computing and FHE standards is particularly important for software uplift and ecosystem enablement, greatly increasing the likelihood of adoption.

References

 [1] Miles Brundage, Shahar Avin, Jasmine Wang, Haydn Belfield, Gretchen Krueger, Gillian K. Hadfield, Heidy Khlaaf, Jingying Yang, Helen Toner, Ruth Fong, Tegan Maharaj, Pang Wei Koh, Sara Hooker, Jade Leung, Andrew Trask, Emma Bluemke, Jonathan Lebensold, Cullen O'Keefe, Mark Koren, Théo Ryffel, J. B. Rubinovitz, Tamay Besiroglu, Federica Carugati, Jack Clark, Peter Eckersley, Sarah de Haas, Maritza Johnson, Ben Laurie, Alex Ingerman, Igor Krawczuk, Amanda Askell, Rosario Cammarota, Andrew Lohn, David Krueger, Charlotte Stix, Peter Henderson, Logan Graham, Carina Prunkl, Bianca Martin, Elizabeth Seger, Noa Zilberman, Seán Ó hÉigeartaigh, Frens Kroeger, Girish Sastry, Rebecca Kagan, Adrian Weller, Brian Tse, Elizabeth Barnes, Allan Dafoe, Paul Scharre, Ariel Herbert-Voss, Martijn Rasser, Shagun Sodhani, Carrick Flynn, Thomas Krendl Gilbert, Lisa Dyer, Saif Khan, Yoshua Bengio, Markus Anderljung. Toward Trustworthy AI Development: Mechanisms for Supporting Verifiable Claims. CoRR abs/2004.07213 (2020).

[2] The White House Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. October 2023.

[3] Intel Innovation 2023: Accelerating the Convergence of AI and Security. September 2023.

[4] Samuel K. Moore. Chips to Compute with Encrypted Data Are Coming - IEEE Spectrum. December 2023.

[5] Alex W. Dent and Chris J. Mitchell. User's Guide to Cryptography and Standards. Artech House Publishers, illustrated edition. (November 26, 2004).

[6] ISO/IEC AWI 28033-1 Information security. Fully homomorphic encryption. Part 1: General.

[7] ISO/IEC AWI 28033-2 Information security. Fully homomorphic encryption. Part 2: BGV/BFV variants.

[8] ISO/IEC AWI 28033-3 Information security. Fully homomorphic encryption. Part 3: CKKS variants.

[9] ISO/IEC AWI 28033-4 Information security. Fully homomorphic encryption. Part 4: CGGI variants.

[10] HomomorphicEncryption.org Homomorphic Encryption Standardization. (Webpage).

[11] Homomorphic Encryption Security Standard document (November 21, 2018).

[12] Huijing Gong, Rosario Cammarota, Jung Hee Cheon, Ben Curtis, Wei Dai, Erin Hales, Duhyeong Kim, Bryan Kumara, Changmin Lee, Xianhui Lu, Carsten Maple, Rachel Player, Luis Antonio Ruiz Lopez, Yongsoo Song, Alberto Pedrouzo Ulloa, Donggeon Yhee, Bahattin Yildiz and Ilaria Chillotti. Security Guidelines for Implementing Homomorphic Encryption. Accepted in FHE.org. 2024.

[13] HEBench (website).

[14] Dan Middleton, and Rosario Cammarota. Confidential Computing and Homomorphic Encryption. Confidential Computing Consortium. March 2023.

[15] Rafael Misoczki, Sean Gulley, Vinodh Gopal, Martin G. Dixon, Hrvoje Vrsalovic, and Wajdi K. Feghali. Toward Postquantum Security for Embedded Cores. IEEE Computer Society. Expert Opinion Jul/Aug 2019.