
IBM Releases Fully Homomorphic Encryption Toolkit for macOS and iOS - pavon
https://www.ibm.com/blogs/research/2020/06/ibm-releases-fully-homomorphic-encryption-toolkit-for-macos-and-ios-linux-and-android-coming-soon/
======
gerbal
From the library readme [1]

> The database is a key value store prepopulated with the english names of
> countries and their capital cities from the continent of Europe. Selecting
> the country will perform a search of the matching capital. On a 2019 Macbook
> Pro laptop, the example searches take under 80 seconds.

Does this have a heavy performance cost for even toy applications?

[1] [https://github.com/IBM/fhe-toolkit-
macos/blob/master/Getting...](https://github.com/IBM/fhe-toolkit-
macos/blob/master/GettingStarted.md#step-8)

~~~
remcob
The example is called "Privacy Preserving Search". If the server could see
which row was accessed, that would not satisfy the privacy requirement. This
implies that each query needs to process all the rows equally (and all in the
same complicated encrypted way).

Provable privacy like here or in zero-knowledge proofs is generally extremely
expensive because every possible execution path needs to be taken each
invocation. This is multiplied by the overhead from each simple operation
becoming a complex cryptographic one.

~~~
microcolonel
Seems like the constraints of this basically mean that you might as well just
stream the database to the client and let them do the query.

~~~
bawolff
One of the scenarios is that the cloud provider has an algorithm they want to
keep secret. Clients want to use the algorithm but dont trust cloud provider
with their data.

Honestly though, i mostly find FHE interesting theoretically. The fact that
its possible at all is black magic. I'm sure if it ever gets remotely
efficient people will come up with more creative applications, but in the
meanwhile its resesrch worth it for research sake.

~~~
TeMPOraL
> _One of the scenarios is that the cloud provider has an algorithm they want
> to keep secret. Clients want to use the algorithm but dont trust cloud
> provider with their data._

That would indeed go a long way towards resolving the issues caused by the way
SaaS is done. It would let us decouple compute provider from the service, in a
way in which it would be the end users who are free to chose where the
computation happens, and they'd own all the data by default, while the
business secrets and IP of the service provider would still be protected.

Shame to see it's so computationally expensive, I was really hoping this kind
of computing would take off.

------
lifeisstillgood
I _feel_ this should be massively game changing. But I cannot work out which
game.

All the examples I can find seem to be around levels of privacy preservation
that I just think if i was that concerned i would not risk sending it to
anyone else anyway.

~~~
dowem
I am one of the developers, so I wanted to respond. Imagine you want to search
for a coffee or restaurant nearby. You can now use an app which cares about
your privacy by encrypting your location, and encrypting the intent of your
food search (maybe you want to seek out only italian, chinese, mexican, or
coffee shop places) and the app, sends that encrypted data to the cloud to
retrieve an encrypted response back wherein the app, nor the backend service
could mine anything about you or your preferences. It just satisfied your
request. In such a scenario the app would likely be paid, but the service
wouldn't use you as the product to grab all your information...

~~~
lifeisstillgood
Thank you. But, and I respect the work you and others are doing, this sounds
very much like other technological solutions in search of a problem - the most
obvious is bitcoin replacing fiat money.

I think most of society would be happy with regulatory changes. Preventing
companies from exploiting personal data is fairly simple in a democratic legal
framework.

There are yes governments and states where democracy does not exist, but in
that case they simply won't let me use such a search service anyway, so it's
dubious the technology would be beneficial there.

Some time in the past decade I realised that software has only limited ability
to change the world - it simply does not have the leverage to overcome all the
politics of the world. If we want utopia, we must learn Judo to use the weight
of the world against itself.

I remain optimistic that we can make this world better with these amazing new
technologies, but I fear they cannot succeed on their own.

But I hope you can prove me wrong !

------
anonymousDan
Awesome. Anyone working in this field able to tell me what is the current
overhead for FHE using this toolchain?

~~~
KenoFischer
Last I looked, HElib was one of the slower implementations. That said, even in
the best case, HE libraries are so slow, that I don't think "overhead" really
captures the paradigm correctly, because the performance is highly dependent
on the application. The best case "overhead" (doing some operation that the HE
scheme natively supports, e.g. arithmetic over a very specific finite field)
is probably 5-6 orders of magnitude.

~~~
ladberg
Is there any application that will benefit from FHE? I can't think of anything
where taking a hit of at least 5 orders of magnitude is worth it over doing
the calculation locally on a trusted CPU.

~~~
KenoFischer
It's not just about outsourcing compute. There's lots of interesting things
you can build on top of an FHE primitive. The linked blog post has the private
information retrieval example (the database owner doesn't want to send you the
whole database, you don't want the database owner to know what you're looking
for). I have a worked example for machine learning here:
[https://juliacomputing.com/blog/2019/11/22/encrypted-
machine...](https://juliacomputing.com/blog/2019/11/22/encrypted-machine-
learning.html) (The model owner doesn't want to share the model, you don't
want to share the image you're asking them to process).

~~~
jellyksong
What's the advantage of using FHE in this example as opposed to Secure MPC?

~~~
KenoFischer
The communications latency of MPC would probably exceed the time required for
FHE in this particular example.

------
anticensor
We need a fully homomorphic encryption scheme specifically designed for
encrypting executable code; such that encrypted code is also a meaningful
code, visible arities of instructions does not change in encryption, operands
get encrypted in the same manner as but separately from instructions.

~~~
p4bl0
You should check out the Cingulata project: [https://github.com/CEA-
LIST/Cingulata](https://github.com/CEA-LIST/Cingulata)

------
software_peguin
Thats awesome! Ive actually been working on my own iOS/ MacOS port to Swift
for Microsoft Seal here
[https://github.com/mmroz/SEAL](https://github.com/mmroz/SEAL). Would love
some feedback :)

------
nondave
"Toolkit" seems like a bit of a stretch - as far as I can tell this is just a
small example progam which uses HElib.

~~~
dowem
Sure, tt is a first release integrating the HElib library, dependencies, and a
working sample project that you just click the play button to get running that
you can import directly from git into the platform IDE of choice. The intent
is for more demo apps to be shipped along with other convenience utilities if
people show interest. We could have left it behind closed doors until it was
"perfect" but that is not really how we prefer to work. The response has been
great, so I hope we double down and improve the toolkits accordingly with
community help and input. It is an open-source project without a version
number, so it may take some time but we will get there.

------
rbanffy
Is this in some form related to IBM Privacy Passports? They are also intended
to disclose partial information to multiple parties from the same data.

------
djaouen
How does FHE handle, say, a quantum cracker?

~~~
KenoFischer
I assume you're talking about the quantum resistance of the underlying schemes
in use? My understanding is that all the current schemes of practical interest
rely on the hardness of (variants of) LWE
([https://en.wikipedia.org/wiki/Learning_with_errors](https://en.wikipedia.org/wiki/Learning_with_errors)),
which is believed to be hard even if you have a quantum computer.

------
mister_hn
Why only for Apple products?

~~~
jml7c5
>That was until today thanks to a new toolkit we are making available for
MacOS, iOS and soon for Linux and Android.

~~~
patentatt
Anyone know why Windows is left off this list? Is it just that the supported
OS’s share a *nix background so porting is more straightforward? Or is there
some deeper reason why?

~~~
dowem
The library the toolkit is based on is called HElib and the developers (myself
included) did not have the bandwidth to port anything to Windows. The core
library and dependencies are Linux native. As it is, we are a bit behind on
the Linux and android toolkits. With limited time and energy, we chose the
most closely related platforms that all have Unix like underpinnings. Thanks
for the question! If you have more feel free to join in the public slack
conversation:

[https://fhekit.slack.com/join/shared_invite/zt-e35rax8l-_ZbB...](https://fhekit.slack.com/join/shared_invite/zt-e35rax8l-_ZbB2XuF3WcXCM2mDe~AZQ#/)

------
jensenbox
Worst video ever.

