In light of Apple’s major Swift Homomorphic Encryption announcement, Agnès Leroy, Senior Software Engineer, Zama, explains exactly what HE is, the different schemes and their capabilities, and where it might be used going forwards.
At the very end of July, the team working on Apple’s privacy-preserving technologies announced an exciting introduction; ‘swift-homomorphic-encryption’, a new open-source package for its programming language Swift.
Using the powerful capabilities of homomorphic encryption (HE) – a cryptographic technique that allows computation on encrypted data without decryption or access to the decryption key – the news marks a significant turning point for data privacy, particularly for cloud services where data security is a primary concern.
According to a blog detailing the announcement, Apple has already been utilising HE in its own work and products but is now making the move to share this Swift implementation so that others – mainly developers and researchers – can contribute to it and use it for building secure applications that handle sensitive data responsibly.
While HE has been around since the 70s, the fact that one of the world’s most renowned technology companies is now advocating its use not only signals a real shift in how data privacy and security are being prioritised and implemented but will likely see the term ‘homomorphic encryption’ become more familiar to the general public, much like ‘AI’ and ‘machine learning’ have over the last couple of years.
Exactly what is HE?
But as of now, HE – which has traditionally been a highly technical concept – remains somewhat complex for many, particularly those outside of the tech sphere. However, only with a clearer understanding of HE can we be properly equipped to make informed decisions about which products and services align with our privacy expectations.
Although Apple is known for making complex technologies understandable to everyday users, efforts to demystify the technology need to start happening now.
HE’s simplest explanation is that it’s a type of encryption that allows computations to be performed on encrypted data without decrypting it first. This means you can process and analyse data all while it’s still encrypted – and when decrypted, it matches the result of operations performed on the plaintext, which of course is highly useful when it comes to maintaining privacy and security.
There are several types of HE, the key differences being based on the variety and number of operations that can be performed on encrypted data. For example:
- Partially Homomorphic Encryption (PHE): Allows only certain types of operations on encrypted data, such as addition or multiplication of encrypted values.
- Somewhat Homomorphic Encryption (SHE): Supports a limited number of operations (both addition and multiplication) but is restricted in terms of the depth of computations it can handle.
- Fully Homomorphic Encryption (FHE): FHE supports an unlimited number of both addition and multiplication operations on encrypted data, making it much more powerful. With this power, FHE has faced some challenges, previously considered too slow for practical use. However, advances in algorithms and computing power have steadily improved its viability for real-world applications. Today, FHE is being used by developers and it is advancing quickly. There are also a number of different FHE schemes that have been developed over the years, such as:
- Brakerski-Fan-Vercauteren (BFV): Apple’s swift homomorphic encryption package uses the BFV scheme for post-quantum 128-bit security, ensuring secure computation on encrypted data and protection against classical and potential quantum attacks.
- Cheon-Kim-Kim-Song (CKKS): The CKKS scheme is mostly designed to handle computations on many ciphertexts at once, for use cases where it’s alright to have an approximation of the result.
- Fast Fully Homomorphic Encryption over the Torus (TFHE): TFHE was initially proposed as an improvement of the Fast Fully Homomorphic Encryption scheme (FHEW), and then it started developing in a broader direction. The security of the scheme is based on a hard lattice problem called Learning With Errors (LWE) and its variants, such as Ring LWE (RLWE). In fact, the majority of FHE schemes used nowadays are LWE based and use noisy ciphertexts. TFHE (as used in its extended variants) is, however, distinguished from the others because it proposes a special bootstrapping that’s very fast and able to evaluate a function at the same time as it reduces the noise.
Where might HE be used?
HE’s groundbreaking capability has significant implications for data privacy and security across both the public and private sector, where data theft is still a huge problem, simply because it isn’t encrypted during processing.
HE can play a role in securing any sensitive data that needs to be analysed without exposing the actual information.
Take the financial sector, for example. Here, FHE can secure data while complex analyses like fraud detection, credit scoring, and risk assessment are performed. This allows banks to analyse encrypted financial records, ensuring client confidentiality and data integrity, and opens the door to personalised financial services, while adhering to privacy regulations. FHE also facilitates secure data sharing between institutions for anti-fraud purposes, without exposing individual customer data.
For Apple, one of their notable FHE applications is the Live Caller ID Lookup feature in iOS 18, used to protect your privacy when identifying callers and blocking spam. Basically, it sends an encrypted request to a server to find out who is calling you. The server then processes this encrypted request and sends back an encrypted answer without ever seeing your actual phone number. To make this possible, Apple uses a technique called Private Information Retrieval (PIR), which lets you look up private information (like phone numbers) without the server knowing what you’re looking for. Instead of sending the whole database to your phone (which is only practical for small databases), Apple’s FHE implementation only sends a small part of the database that rarely changes, making it highly efficient for handling large databases that are updated frequently.
The future of HE
Apple’s embrace of FHE will no doubt impact public understanding and perception of this powerful cryptographic technology, in turn helping to promote a more privacy-focused mindset going forwards. But there is still work to be done to make FHE faster and more efficient and broaden its use even more so.
At Zama, for example – where we’re using an extension of TFHE as the underlying FHE scheme – we’ve reduced the time needed for a key operation from 20 milliseconds to just 3 milliseconds on CPUs and expect to further improve this by 5 to 10 times with new cryptography breakthroughs we’re working on.
Moving to GPUs and FPGAs should enhance performance by another 5 to 10 times, giving us a potential 100-fold increase in efficiency compared to when we started.
While these improvements are already significant and benefit blockchain and AI applications, we’re still working towards achieving an even greater 100-fold performance boost. Once hardware acceleration is addressed, FHE’s technical challenges are effectively addressed; a situation we expect to see by 2026, seeing FHE widely deployable across various platforms.
Click below to share this article