Homomorphic Encryption Library Released

One of the issues that tends to come up when people consider the possible use of “cloud computing” is data security.  The data can be stored in an encrypted form, of course, but it generally has to be decrypted in order to be used; this means that the data is potentially vulnerable while it is is plain text (decrypted) form.

I’ve written before about the potential of homomorphic encryption to address this problem.  The basic idea is that we would like to discover an encryption function such that a defined set of operations can be performed on encrypted data (say, adding them) to produce an encrypted result that, when decrypted, is the same as that obtained by operating on the plain text data.

In other words, if we have two numbers, α and β, and suitable encryption and decryption functions E(x) and D(x), respectively, and if

α + β = S

Then, if

E(α) + E(β) = S*

it will be true that

D(S*) = S

So we are able to add the two encrypted values to get a sum that, when decrypted, is the sum of the original (unencrypted) numbers.

This sounds almost like magic, but it has been proved to be theoretically possible, and there is a considerable amount of ongoing work to try to reach a practical implementation.  (For example, back in 2011, a group of researchers at MIT introduced CryptDB, database software that incorporates homomorphic encryption in a form suitable for some applications.

Now, according to an article at the I Programmer site, researchers from IBM’s Thomas J. Watson Research Laboratory have released an open-source library for homomorphic encryption, HElib (documentation and source code available at Github).

HElib is a software library that implements homomorphic encryption (HE). Currently available is an implementation of the Brakerski-Gentry-Vaikuntanathan (BGV) scheme, along with many optimizations to make homomorphic evaluation runs faster, focusing mostly on effective use of the Smart-Vercauteren ciphertext packing techniques and the Gentry-Halevi-Smart optimizations.

Although, as Bruce Schneier has observed, it will take a fair while for any of this technology to be scrutinized thoroughly enough by enough knowledgeable people to ensure that it doesn’t have serious flaws, getting algorithms and code out and available for inspection is an essential part of that process.

Update Thursday, May 2, 22:59 EDT

I have changed the headline/title of this post; originally, it was “IBM Releases Homomorphic Encryption Library”; that could be interpreted as describing an “official”  corporate action of IBM.  Since I have no knowledge, one way or another, about this sort of thing, I thought the new headline was less likely to lead to misunderstanding.

Expired Certificate Hoses Microsoft’s Cloud Service

Yesterday, at around 3:45 PM EST, users of Microsoft’s Azure cloud computing platform began to experience problems world-wide.   The    problem apparently stemmed from an SSL certificate that had expired.  The certificate was used by Azure storage service, and the problem had knock-on effects on other Azure services as well.   The following message was posted on the Windows Azure Service Dashboard:

On Friday, February 22 at 12:44 PM PST, Storage experienced a worldwide outage impacting HTTPS traffic due to an expired SSL certificate. This did not impact HTTP traffic.

At the time I’m writing this, about 14:25 EST on Saturday, February 23, the Dashboard is still showing “Storage service degradation” across all regions.   The most recent status update says:

We have executed repair steps to update SSL certificate on the impacted clusters and have recovered to over 99% availability across all sub-regions. We will continue monitoring the health of the Storage service and SSL traffic for the next 24 hrs. Customers may experience intermittent failures during this period.

Although there are many systems that have enviable records of reliability, occasional service outages are still something to be expected and planned for.  In some cases, such as a natural disaster, it is possible to have considerable sympathy for the systems’ operators; forecasting rare events is difficult almost by definition (we assume the future will be like the past, because in the past, the future has been like the past).

It’s difficult for me to work up a lot of sympathy in this case, however.  SSL cryptographic certificates have a well-defined expiration date.  In addition, the certificate in question appears to have been issued by “Microsoft Secure Server Authority”; in other words, Microsoft was unable to get a timely renewal of the certificate from itself.  If I were a customer of the Azure service, I would not be too happy right now.

Watson in the Clouds

I’ve written here several times about IBM’s Watson system, which first gained some public notice as a result of its convincing victory in a Jeopardy! challenge match against two of the venerable game show’s most accomplished human champions.   Since then, IBM has announced initiatives to put Watson to work in a variety of areas, including medical diagnosis, financial services, and marketing.  All of these applications rely on Watson’s ability to process a very large data base of information in natural language, and to use massively  parallel processing to draw inferences from it.  (The Watson system that won the Jeopardy! test match used 10 racks of servers, containing 2880 processor cores, and 16 terabytes of memory.)

Now an article in the New Scientist suggests an intriguing  new possibility for Watson, as a cloud-based service.

Watson, the Jeopardy-winning supercomputer developed by IBM, could become a cloud-based service that people can consult on a wide range of issues, the company announced yesterday.

The details of this are, at this point, fuzzy at best, but making Watson available as a cloud service would certainly make it accessible to a much larger  group of users, given the sizable investment required for a dedicated system.

Because Watson can respond to natural language queries, it is tempting to compare it to other existing systems.  Apple’s Siri, for example, can interpret and respond to spoken requests, but the back-end processor is essentially a search engine.  The Wolfram|Alpha system also responds to natural-language queries, but its ability to deliver answers depends on a structured data base of information, as Dr. Stephen Wolfram has explained.  Watson really is a new sort of system.

All of this is still in the very early stages, of course, but it will be fascinating to see how it develops.