## Homomorphic Encryption Library Released

May 2, 2013

One of the issues that tends to come up when people consider the possible use of “cloud computing” is data security.  The data can be stored in an encrypted form, of course, but it generally has to be decrypted in order to be used; this means that the data is potentially vulnerable while it is is plain text (decrypted) form.

I’ve written before about the potential of homomorphic encryption to address this problem.  The basic idea is that we would like to discover an encryption function such that a defined set of operations can be performed on encrypted data (say, adding them) to produce an encrypted result that, when decrypted, is the same as that obtained by operating on the plain text data.

In other words, if we have two numbers, α and β, and suitable encryption and decryption functions E(x) and D(x), respectively, and if

α + β = S

Then, if

E(α) + E(β) = S*

it will be true that

D(S*) = S

So we are able to add the two encrypted values to get a sum that, when decrypted, is the sum of the original (unencrypted) numbers.

This sounds almost like magic, but it has been proved to be theoretically possible, and there is a considerable amount of ongoing work to try to reach a practical implementation.  (For example, back in 2011, a group of researchers at MIT introduced CryptDB, database software that incorporates homomorphic encryption in a form suitable for some applications.

Now, according to an article at the I Programmer site, researchers from IBM’s Thomas J. Watson Research Laboratory have released an open-source library for homomorphic encryption, HElib (documentation and source code available at Github).

HElib is a software library that implements homomorphic encryption (HE). Currently available is an implementation of the Brakerski-Gentry-Vaikuntanathan (BGV) scheme, along with many optimizations to make homomorphic evaluation runs faster, focusing mostly on effective use of the Smart-Vercauteren ciphertext packing techniques and the Gentry-Halevi-Smart optimizations.

Although, as Bruce Schneier has observed, it will take a fair while for any of this technology to be scrutinized thoroughly enough by enough knowledgeable people to ensure that it doesn’t have serious flaws, getting algorithms and code out and available for inspection is an essential part of that process.

##### Update Thursday, May 2, 22:59 EDT

I have changed the headline/title of this post; originally, it was “IBM Releases Homomorphic Encryption Library”; that could be interpreted as describing an “official”  corporate action of IBM.  Since I have no knowledge, one way or another, about this sort of thing, I thought the new headline was less likely to lead to misunderstanding.

## Watson Goes to College

March 9, 2013

Back in early 2011, I wrote a number of posts here about IBM’s Watson system, which scored a convincing victory over human champions in the long-running TV game show, Jeopardy!.   Since then, IBM with its partners has launched efforts to employ Watson in a variety of other fields, including marketing, financial services and medical diagnosis, in which Watson’s ability to assimilate a large body of information from natural language sources can be put to good use.

Now, according to a post on the Gigaom blog, Watson will, in a sense, return to its roots in computer science research.  IBM has supplied a Watson system to the Rensselaer Polytechnic Institute [RPI] in Troy, NY.  According to Professor James Hendler, author of the post, and head of the Computer Science department at RPI, one focus of the work with Watson will be expanding the scope of information sources the system can use.

One of our first goals is to explore how Watson can be used in the big data context.  As an example, in the research group I run, we have collected information about more than one million datasets that have been released by governments around the world. We’re going to see what it takes to get Watson to answer questions such as “What datasets are available that talk about crop failures in the Horn of Africa?”.

Some of the research work with Watson will also be aimed at gaining more understanding of the process of cognition, and the interplay of a large memory and sophisticated processing.

By exploring how Watson’s memory functions as part of a more complex problem solver, we may learn more about how our own minds work. To this end, my colleague Selmer Bringsjord, head of the Cognitive Science Department, and his students, will explore how adding a reasoning component to Watson’s memory-based question-answering could let it do more powerful things.

The Watson system is being provided to RPI as part of a Shared University Research Award granted by IBM Research.  It will have approximately the same capacity as the system used for Jeopardy!, and will be able to support ~20 simultaneous users.  It will be fascinating to see what comes out of this research.

The original IBM press release is here; it includes a brief video from Prof. Hendler.

## Dr. Watson Goes to Work

February 10, 2013

Back in early 2011, I wrote a number of posts here about IBM’s Watson system, which scored a convincing victory over human champions in the long-running TV game show, Jeopardy!.  The match, as a demonstration of the technology, was undoubtedly impressive, but the longer term aim was to employ Watson’s ability to cope with natural language and to assimilate a huge body of data for work in other areas, such as financial services, marketing, and medical diagnosis.  It’s also been suggested that Watson might be made available as a service “in the cloud”.

On Friday, IBM, together with development partners WellPoint, Inc. and Memorial Sloan-Kettering Cancer Center, announced the availability of Watson-based systems for cancer diagnosis and care.

IBM , WellPoint, Inc.,  and Memorial Sloan-Kettering Cancer Center today unveiled the first commercially developed Watson-based cognitive computing breakthroughs.  These innovations stand alone to help transform the quality and speed of care delivered to patients through individualized, evidence based medicine.

Since the beginning of the development, Watson has absorbed more than 600,000 pieces of medical evidence and 2 million pages of text from 42 medical journals.  It has also had thousands of hours of training from clinicians and technology specialists.  The goal is to provide doctors and other care-givers with a menu of treatment options.

Watson has the power to sift through 1.5 million patient records representing decades of cancer treatment history, such as medical records and patient outcomes, and provide to physicians evidence based treatment options all in a matter of seconds.

Keeping up with the latest developments in medical research and clinical practice is a serious issue in health care; by some estimates, the amount of available information doubles every five years.  A system based on Watson may give doctors a better chance of staying on top of all of that.

Three specific products were announced today:

The new products include the Interactive Care Insights for Oncology, powered by Watson, in collaboration with IBM, Memorial Sloan-Kettering and WellPoint.   The WellPoint Interactive Care Guide and Interactive Care Reviewer, powered by Watson, designed for utilization management in collaboration with WellPoint and IBM.

The Watson system has improved technically since its debut on Jeopardy!.  IBM says that its performance has increased by 240%, and its physical resource requirements reduced by 75%.  It can now be run on a single Power 750 server.

## IBM Announces Silicon Nanophotonics

December 12, 2012

One of the significant trends in recent computer system design has been the growing use of large-scale parallel processing.  From multiple-core CPUs in PCs to massively parallel systems like Titan at Oak Ridge National Laboratory, currently the world’s fastest supercomputer, and IBM’s Watson system, which won a convincing victory in a challenge match on Jeopardy!, the use of multiple processors has become the technique of choice for getting more processing horsepower.

These systems have achieved impressive levels of performance, but their design has its tricky aspects.  If the collection of processors is to work as one system, there obviously must be some mechanism for communication among them.  In practice, the capacity and speed of these interconnections can limit a system’s potential performance.  Even fiber-optic interconnections can be cumbersome with current technology: at each end, electrical signals must be converted to light pulses, and vice versa, by specialized hardware.

On Monday, IBM announced a new product technology that has the potential to remove some of these bottlenecks.   Building on research work originally described by IBM at the Tokyo SEMICON 2010 conference [presentation PDF], the Silicon Integrated Nanophotonics technology allows the fabrication of a single silicon chip containing both electrical (transistors, capacitors, resistors) and optical (waveguides, photodetectors) elements.

The technology breakthrough allows the integration of different optical components side-by-side with electrical circuits on a single silicon chip, for the first time, in standard 90nm semiconductor fabrication. The new features of the technology include a variety of silicon nanophotonics components, such as modulators, germanium photodetectors and ultra-compact wavelength-division multiplexers to be integrated with high-performance analog and digital CMOS circuitry.

IBM says that the technology allows a single nanophotonic transceiver to transfer data at 25 gigabits per second.  A single chip might incorporate several transceivers, allowing speeds in the terabit per second range, orders of magnitude faster than current interconnect technology.

Probably the more significant aspect of the announcement is that IBM has developed a method of producing these nanophotonic chips using a standard 90 nanometer semiconductor fabrication process.  Although I have not seen any specific figures, this has the potential to provide significantly faster and cheaper interconnections than current technology.

The initial deployments of the technology will probably be in large data centers, supercomputers, and cloud services.  However, if IBM has truly licked the manufacturing problem, there is no reason that the benefits should not, in time, “trickle down” to more everyday devices.

Ars Technica has an article on this announcement.

## Watson in the Clouds

September 24, 2012

I’ve written here several times about IBM’s Watson system, which first gained some public notice as a result of its convincing victory in a Jeopardy! challenge match against two of the venerable game show’s most accomplished human champions.   Since then, IBM has announced initiatives to put Watson to work in a variety of areas, including medical diagnosis, financial services, and marketing.  All of these applications rely on Watson’s ability to process a very large data base of information in natural language, and to use massively  parallel processing to draw inferences from it.  (The Watson system that won the Jeopardy! test match used 10 racks of servers, containing 2880 processor cores, and 16 terabytes of memory.)

Now an article in the New Scientist suggests an intriguing  new possibility for Watson, as a cloud-based service.

Watson, the Jeopardy-winning supercomputer developed by IBM, could become a cloud-based service that people can consult on a wide range of issues, the company announced yesterday.

The details of this are, at this point, fuzzy at best, but making Watson available as a cloud service would certainly make it accessible to a much larger  group of users, given the sizable investment required for a dedicated system.

Because Watson can respond to natural language queries, it is tempting to compare it to other existing systems.  Apple’s Siri, for example, can interpret and respond to spoken requests, but the back-end processor is essentially a search engine.  The Wolfram|Alpha system also responds to natural-language queries, but its ability to deliver answers depends on a structured data base of information, as Dr. Stephen Wolfram has explained.  Watson really is a new sort of system.

All of this is still in the very early stages, of course, but it will be fascinating to see how it develops.

## SELinux Resources

July 15, 2012

I’ve mentioned SELinux (Security Enhanced Linux) here before; developed by the US National Security Agency (NSA), it is not a Linux distribution in the usual sense, but a set of modifications to the stock Linux operating system to provide more robust security capabilities, especially mandatory access control.  (The NSA also has a similar project, SEAndroid, for the Android mobile operating system.)  I’ve recently discovered some additional resources on the technical architecture and history of SELinux, and thought some readers might find them helpful.

IBM’s developerWorks site has released a couple of papers on SELinux in the last few weeks.  The first, Anatomy of Security Enhanced Linux, by M. Tim Jones, discusses some of the mechanisms and techniques that are used in SELinux.  It also has a brief comparison and discussion of other Security-enhanced systems, such as Solaris 10 (formerly Trusted Solaris) and Trusted BSD.  The second paper, SELinux: History of its Development, Architecture, and Operating Principles, by Evgeny Ivashko,  It has a historical overview of the projects development, and its relations to other security projects and initiatives.   Both of these papers, which are intended for a technical audience, are also available as downloadable PDFs, and contain “Resources” sections with links to additional information.

The NSA  also maintains a comprehensive SELinux site, which contains background information, documentation, and download links.  As the main article indicates, SELinux is not intended to be a security panacea, but as an example of how a mainstream OS can be given better security features.

This work is not intended as a complete security solution. It is not an attempt to correct any flaws that may currently exist in an operating system. Instead, it is simply an example of how mandatory access controls that can confine the actions of any process, including an administrator process, can be added into a system.

If you are interested in running SELinux, or just interested in the general topic of OS security, I think you will find some interesting reading.