Encrypted Computing represents the pinnacle of data security and privacy by taking Confidential Computing to a whole new level. Confidential computing works to keep data encrypted for as long as possible until it is inside a secure enclave where it can be decrypted for processing. Confidential computing today provides data encryption for data at rest and data in transit. The inability to keep data encrypted during computation can inhibit the ability to fully share and extract the maximum value out of data, e.g., via sharing and collaboration with statistical and machine learning methods.
With encrypted computing we can augment the capacity of confidential computing solutions through post-quantum protection. Encrypted computing uses a technique called Fully Homomorphic Encryption (FHE) that allows the hardware to process the data at each stage in the data life cycle – at rest, in transit, and most importantly, in use – without it ever being decrypted. The processor performs calculations directly on the encrypted data. The data stays encrypted during computation, even in registers and caches, hence avoiding unintended leakage. Data protection is guaranteed by the mathematical strength of the encryption method, eliminating many potential vulnerabilities and providing the highest possible security guarantees, but at higher computational costs than classic cryptography.
Applications of encrypted computing are numerous:
- Increasing the sample size of clinical trials to expedite the development and adoption of new drugs without compromising patients’ privacy.
- Performing database operations with tables belonging to different organizations without organizations revealing their data.
- Improving financial, insurance, healthcare, and credit systems, while maintaining compliance with privacy regulations.
Deploying encrypted computing can make regulators, customers, and institutions all pleased about data privacy, human rights preservation, and privacy compliance while making data sharing and collaboration ubiquitous.
Intel’s goal is to achieve industry adoption of encrypted computing within the next five years, augmenting the capacity of confidential computing for higher data protection during processing for future-looking security and privacy needs. However, there are two main barriers to large-scale implementation. First, it requires entirely new encryption methods and standards; the path to adoption of new cryptographic methods is typically slow due to a lack of education and standardizations of such techniques. Next, the computational overhead is several orders of magnitude greater than unencrypted processing. Lattice cryptography typically requires millions of Classic CPU operations, which therefore necessitates hardware that can move and operate on large-degree lattices efficiently.
There is a clear need for both hardware acceleration support and software tools that can move and operate on large degree lattice elements efficiently. Intel is addressing each of these hurdles; working on hardware, software, and algorithms developed hand in hand with international standards for cryptography, best practices, and interoperable software tools, to make encrypted computing more practical.
DARPA DPRIVE
Intel is currently working with the Defense Advanced Research Projects Agency (DARPA) Data Protection in Virtual Environments (DPRIVE) program, the goal of which is to achieve several orders of magnitude better performance when compared to executing those same FHE operations in software on a CPU. The multi-year program represents a cross-team effort across multiple Intel groups, including Intel Labs and internal engineering teams, to tackle “the final frontier” in data privacy, which is computing on fully encrypted data without access to decryption keys.
Seeing early success, Intel is currently midway through Phase 2 in designing, an FHE hardware accelerator with the goal of reducing computational run-time overhead by many orders of magnitude compared to software-based FHE computations on conventional CPUs. The accelerator is a new type of near memory computer architecture with tightly connected functional units and distributed memory that bridges the performance gap with cleartext computation, enabling the benefits of FHE deployment in next-generation security solutions.
Encrypted Computing SDK
Intel previously released the Intel® Homomorphic Encryption Toolkit, which is used in existing Intel® Xeon Scalable Processors. Recently, Intel announced a beta version of its Encrypted Computing SDK, which is meant to be used with future accelerator hardware. The SDK will be available toward the end of 2023 and includes a set of interoperable interfaces to develop FHE software, translation tools, and a sample simulator of its hardware accelerator. The hardware, the software stack, and the algorithms are developed hand in hand with international standards for cryptography, best practices, and interoperable software tools. With the release of the beta SDK, Intel hopes to engage more researchers in the development process and usher in the practical application of encrypted computing for the future, of security.