A pioneer in the world of cryptography, Kurt Rohloff discusses the business potential of homomorphic encryption.
The world’s organisations and businesses are increasingly relying on data to thrive. While this is a positive, important information does require thorough protections.
Everything from intellectual property (IP) data to healthcare information must be safeguarded against competitors and bad actors alike. Encryption is a crucial strategy element for any business dealing with data, but it can be difficult to do anything with the data once it is encrypted.
The evolution of cryptography
Advances in cryptography, particularly homomorphic encryption (HE), are changing this. Siliconrepublic.com spoke to Kurt Rohloff, co-founder and CTO of Duality Technologies, about how advances will enable secure analytics and AI application on encrypted data.
An engineer by training, Rohloff initially ended up working with the Defense Advanced Research Projects Agency (DARPA), essentially the blue-sky research wing of the US Department of Defense. It was there he became interested in the development of HE.
What is homomorphic encryption?
The first full HE scheme was constructed by computer scientist Craig Gentry in 2009. As Rohloff put it, HE “allows one to take data, encrypt it and run computation on it while encrypted”. Rohloff implemented one of the first HE schemes for DARPA – Palisade – as its founding architect.
When it came to advancing the technology, Rohloff and the other Duality co-founders (including eminent MIT staff) concluded that a commercial version of the scheme would be required in order to see adoption increase. “Up until several years ago, HE was really more of a research project, you saw it through my work at DARPA and other academic activities.”
In a short time, some major advances in the field have occurred. As for the goal of Duality and Rohloff, they are endeavouring “to make the tech as usable as possible so it can run on generic computer environments such as Amazon servers, Google Cloud environments and standard laptops”. Initially, custom hardware was required for HE implementation.
Healthcare use cases
The potential use cases for HE are manifold. Traditional encryption techniques fall down because once the data is encrypted, Rohloff said, “you can’t really do much with it”. He explained that HE can help securely analyse data, ensuring it is protected. He outlined one medical example: “If someone were to have a set of data like blood test or genomic data, and they wanted to outsource the computation to identify mutations affiliated with certain diseases.”
It allows the analysis of data to derive crucial insights, without impacting on the privacy of data subjects. Rohloff noted that rare disease analysis is an area that can benefit from HE implementation. “Across a population, rare diseases are surprisingly common, so any one rare disease might have several thousand people.
“When you look at all rare diseases, you start to see hundreds of thousands. These rare diseases are under-analysed, under-treated and are causing real suffering.” Implementing HE schemes would facilitated the pooling of data by healthcare providers and insurers.
With this technology, organisations “can run more effective analytics over what treatments would be more effective or what symptoms might be indicative of rare diseases, that they couldn’t do otherwise because they have such small populations in and of themselves”.
Protecting intellectual property
Another implementation of HE is in the training of AIs such as neural nets. Once a team has a neural net trained and built and wants to deploy it, the net itself becomes intellectual property. In a competitive landscape, organisations are naturally going to be protective over their technologies. “When you want to go and use this [neural net] you don’t want to share it with anyone and everyone.”
With HE, the data could be encrypted, allowing analytics to be run, or tech to be provided to partners. Considering how high-stakes the intellectual property world is, this could make major changes.
For many teams, security is often viewed as a process you undertake to reduce liability, a box-checking exercise. Rohloff said that HE can be seen as a business enabler, as it opens up data for analysis that would have been essentially useless if generically encrypted.
As the technology continues to advance, features such as access delegation may soon become a reality. For now, Rohloff and the Duality team are working on making further improvements to make HE “more performant and usable”.