The future of data privacy: confidential computing, quantum safe cryptography take center stage
Confidential computing, quantum safe cryptography, and fully homomorphic encryption are set to change the future of data privacy as they make their way from a hypothesis to viable commercial applications.
Security
On Thursday, IBM Research hosted an online program exploring each of these technologies and how they could impact how we securely manage, encrypt, store, and transfer information -- with each solving a different challenge posed by future data privacy concerns.
Confidential computing
IBM has been working on confidential computing for roughly a decade. The concept behind the technology is to permit clients to retain full privacy and control over data and operational workloads through hardware-level security.
This can include the implementation of "secure enclaves" -- trusted execution environments -- which can manage data and are only accessible through authorized programming code, keeping information away not only from cloud or infrastructure providers but also external threat actors.
IBM likens the technology to a hotel room safe, in which keycards are required to access the room, but further authorization is required to open the lock to the safe.
According to Hillery Hunter, VP and CTO at IBM Cloud, initial commercial applications of this technology are already embedded in financial services, telecoms, and healthcare offerings. Clients include Daimler and Apple for the CareKit SDK.
In November, IBM and AMD announced a collaborative partnership to work on confidential computing and hybrid cloud deployments.
Google Cloud, too, is investigating the technologies through virtual machines (VMs) which utilize confidential computing principles to secure data both at rest and in transit, and Intel's third-generation Xeon Ice Lake chips have been developed in order to handle the processor demands of confidential computing.
Quantum safe cryptography & standardization
Quantum safe cryptography aims to tackle the problems that will arrive with the day we have a working quantum machine.
While quantum computing is being actively worked on by engineers worldwide, with Honeywell, for example, ramping up the capacity of its own System Model H1 to a quantum volume of 512, it is estimated that a full-capacity quantum computer could exist within the next 10 to 15 years.
When that day arrives, however, the high computational power of these machines would render "virtually all electronic communication insecure," according to IBM, as quantum computers are able to factor large numbers -- a core precept of today's cryptography.
To resolve this, standards based on lattice cryptography have been proposed. This hides data in complex algebraic structures and is considered to be an attractive option for future-proofing data privacy architectures.
According to IBM cryptographer Vadim Lyubashevsky, adopting lattice frameworks is unlikely to impact end-users -- and may actually improve computational performance.
But why bother now, when full quantum machines do not exist? According to mathematician Dustin Moody from the National Institute of Standards and Technology (NIST), the enterprise should look at adopting lattice, "quantum safe" cryptography as soon as it is commercially viable to do so.
Moody says that large-scale quantum computers could be used in attacks able to break cryptography used today -- and so, all an attacker needs to do is harvest information now and store it for decryption in the future.
"It's important to make sure we can counter this threat now," Moody added. "There will be a transition with these algorithms, and it won't necessarily be easy. We are trying to prepare as much as we can and encourage others to do so."
To this end, NIST has launched the post-quantum cryptography project (PQC), which has elicited proposed algorithms for post-quantum encryption. At present, seven applications are under review and a standard is expected to be selected between 2022 and 2023.
See also: Quantum computing: Quantum annealing versus gate-based quantum computers | Quantum computing, networks, satellites, and lots more qubits: China reveals ambitious goals in five-year plan | A quantum computer just solved a decades-old problem three million times faster than a classical computer
Fully homomorphic encryption
Fully homomorphic encryption (FHE) is sought after as a "Holy Grail" of encryption. FHE is a form of encryption that allows information to remain encrypted during computation and processing, regardless of the infrastructure or cloud technologies managing the data.
For example, data could be transferred between different parties and the cloud, analyzed, and sent back without ever being viewed or being made available in plaintext.
FHE utilizes different mathematical algorithms to the encryption we use today and has been in development over the past decade.
While FHE could be transformational in the data privacy arena, the issue is the vast processing power and time is required to facilitate encrypted data processing -- especially when it comes to large datasets used by the enterprise or in research.
Scientists are working on ways to improve the efficiency of FHE algorithms and due to their efforts -- as well as the development of hardware able to support FHE -- early-stage use cases are now being explored.
Enterprise firms are under pressure from increasing data protection regulations and the risk of penalties and fines if data is not adequately protected. At the same time, however, they also need to capitalize on data to create competitive differentiators and improve their operations, as well as to explore new business opportunities.
According to Eric Maass, Director of Strategy & Emerging Technology at IBM, the challenge is "extracting the value of the data while preserving its privacy."
In December, the firm launched the IBM Security Homomorphic Encryption Services, a platform designed to allow the enterprise to experiment with FHE in tandem with existing IT architecture, products, and data.
Intel is working with the US Defense Advanced Research Projects Agency (DARPA) on the Data Protection in Virtual Environments (DPRIVE) program, designed to bring down the cost and time of FHE implementations, and companies including Microsoft, Duality Technologies, Galois, and SRI International are also working toward the same goal.
Maass believes that highly-regulated industries, such as healthcare or financial organizations, will be "early adopters in this space."
Previous and related coverage
- Making the case for COVID-19 vaccine passports: A shift to data democracy
- IBM, AMD to collaborate on HPC, AI, hybrid cloud, confidential computing
- Google's Confidential VMs may change the public cloud market
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0