9 April 2022 | New Scientist | 39details from any organisation can be retrieved.
In a paper published in October 2021, the
team used a combination of FHE and SMC
to securely pool data from multiple sources
and use it to predict the efficacy of cancer
treatments or identify specific variations in
people’s genomes that predict the progression
of HIV infection. The trial was so successful
that the team has now deployed the
technology to allow Switzerland’s five
university hospitals to share patient data,
both for medical research and to help doctors
personalise treatments. “We’re implementing
it in real life,” says Fellay, “making the data of
the Swiss hospitals shareable to answer any
research question as long as the data exists.”
If data is the new oil, then it seems the
world’s thirst for it isn’t letting up. FHE
could be akin to a new mining technology, one
that will open up some of the most valuable
but currently inaccessible deposits. Its slow
speed may be a stumbling block. But, as
Goldwasser says, comparing the technology
with completely unencrypted processing
makes no sense. “If you believe that security
is not a plus, but it’s a must,” she says, “then
in some sense there is no overhead.” ❚chips are used to dealing with. So several
research teams involved in the project,
including one led by Duality, are investigating
ways to alter circuits to efficiently process,
store and move this kind of data. The goal is to
analyse any FHE-encrypted data just 10 times
slower than usual, says Rondeau, who is
managing the programme.
Even if it were lightning fast, FHE wouldn’t
be flawless. Van Dijk says it doesn’t work well
with certain kinds of program, such as those
that contain branching logic made up of
“if this, do that” operations. Meanwhile,
information security researcher Martin
Albrecht at Royal Holloway, University of
London, points out that the justification for
FHE is based on the need to share data so it
can be analysed. But a lot of routine data
analysis isn’t that complicated – doing it
yourself might sometimes be simpler
than getting to grips with FHE.
For his part, de Montjoye is a proponent
of privacy engineering: not relying on one
technology to protect people’s data, but
combining several approaches in a defensive
package. FHE is a great addition to that toolbox,
he reckons, but not a standalone winner.
This is exactly the approach that Fellay
and his colleagues have taken to smooth the
sharing of medical data. Fellay worked with
computer scientists at the Swiss Federal
Institute of Technology in Lausanne who
created a scheme combining FHE with
another privacy-preserving tactic called secure
multiparty computation (SMC). This sees the
different organisations join up chunks of their
data in such a way that none of the privateCR
ED
IT:^
ERIC^ AUDRAS/ONOKY-^ P
HOTONONSTO
P/ALAMYEdd Gent is a journalist
based in Bangalore, Indiaprocess quicker by improving the underlying
mathematics. But lately the focus has shifted,
says Michael Osborne at IBM Research in
Zurich, Switzerland. There is a growing
realisation that massive speed enhancements
can be achieved by optimising the way
cryptography is applied for specific uses.
“We’re getting orders of magnitudes
improvements,” says Osborne.
IBM now has a suite of FHE tools that can
run AI and other analyses on encrypted data.
Its researchers have shown they can detect
fraudulent transactions in encrypted credit
card data using an artificial neural network
that can crunch 4000 records per second.
They also demonstrated that they could
use the same kind of analysis to scour the
encrypted CT scans of more than 1500 people’s
lungs to detect signs of covid-19 infection.
Also in the works are real-world, proof-of-
concept projects with a variety of customers.
In 2020, IBM revealed the results of a pilot
study conducted with the Brazilian bank Banco
Bradesco. Privacy concerns and regulations
often prevent banks from sharing sensitive
data either internally or externally. But in the
study, IBM showed it could use machine
learning to analyse encrypted financial
transactions from the bank’s customers to
predict if they were likely to take out a loan.
The system was able to make predictions for
more than 16,500 customers in 10 seconds
and it performed just as accurately as the same
analysis performed on unencrypted data.
Suspicious activity
Other companies are keen on this extreme
form of encryption too. Computer scientist
Shafi Goldwasser, a co-founder of privacy
technology start-up Duality, says the firm
is achieving significantly faster speeds by
helping customers better structure their data
and tailoring tools to their problems. Duality’s
encryption tech has already been integrated
into the software systems that technology
giant Oracle uses to detect financial crimes,
where it is assisting banks in sharing data
to detect suspicious activity.
Still, for most applications, FHE
processing remains at least 100,000 times
slower compared with unencrypted data, says
Rondeau. This is why, in 2020, DARPA launched
a programme called Data Protection in Virtual
Environments to create specialised chips
designed to run FHE. Lattice-encrypted data
comes in much larger chunks than normal
Sharing medical data, like
these MRI scans, can risk
violating patient privacy