Skip to main content

Homomorphic Encryption Applications and Technology

Periodic Reporting for period 1 - HEAT (Homomorphic Encryption Applications and Technology)

Reporting period: 2015-01-01 to 2016-06-30

Mission of HEAT: To develop advanced cryptographic technologies to process sensitive information in encrypted form with the aim of safeguarding the privacy and security of the citizens and organizations that provide the input data.

The HEAT project aims to:
• Develop Somewhat Homomorphic Encryption (SHE) into a practical technology, by focusing on efficiency and security aspects, and examining real world use-cases where it is currently potentially viable.
• Develop novel SHE algorithms optimized for various platforms;
• Perform an in-depth security analysis to select the best possible key sizes;
• Provide open source re-usable software libraries tailored to the different platforms
• Apply the developed technology to three use cases to evaluate the practicality of the proposed solutions.

Motivation: As the amount of information we store, process and share electronically continues to rise, so do the security and privacy concerns about this information. High profile cases, such as the recent Snowden revelations, have contributed significantly to the growing privacy awareness amongst companies and end users. Privacy concerns and corresponding legislation often result, rightfully so, in the slow adoption of new technologies or the cancellation altogether of projects that are unable to offer sufficient privacy guarantees. As such companies and users typically have to choose either privacy (by not using some service) or the extra functionalities such service provides.

The HEAT project will focus on developing technology that enables both privacy and functionality simultaneously resulting in new application areas and business models. The classical approach to securing information is simply to encrypt it. The resulting ciphertext not only is impossible to decipher (except for the legitimate key owner), but it is typically also impossible to process the underlying plaintext solely by manipulating the ciphertext. What is required for functional privacy applications are mechanisms that support computation on encrypted data. These mechanisms naturally bridge the fundamental divide between privacy restrictions on the one hand and functionalities on the other hand.

The HEAT project has following outcomes:
1. Open source toolbox for SHE algorithms in SW and HW: The main deliverable will be an open source toolbox which implements a variety of SHE algorithms in both software and hardware. The goal is to provide a toolbox which can be utilized by others to experiment with and investigate the application of SHE technology within as wide a range of applications as possible.
2. Security analysis and parameter recommendations: To better understand the hardness of the computational problems that underly SHE, HEAT will perform much needed cryptanalytic work. This will allow to better understand the long-term viability of this new form of encryption and to specify security parameters in a much more effective way than currently possible.
3. Focus on real world applications with immediate impact: To validate the practicality of the developed technology in a range of applications, we will use the toolbox in three use cases. As such, we will examine how SHE technology can transform the three problem spaces not only by providing new functionalities but also by opening up new business opportunities.
4. Enable knowledge transfer and exploitation: Cryptographic research, including research supported by the EU via projects such as ECRYPT, traditionally produces outputs that are primarily of academic interest. A strategic objective of the HEAT project is to enable knowledge transfer from such results into tools usable directly by non-expert software engineers.
5. Improve European competitiveness in homomorphic cryptography: By bringing together Europe’s leading experts in this emerging field, and by focusing on a proactive external engagement and training effort, we will spread excellence throughout Europe and ensure we do not get left
The HEAT project started in January 2015 and is set to run for 36 months. During the first project phase, corresponding to the first half of the project, the main focus was on analysing and specifying three use cases (WP1), designing and optimizing schemes and performing an in depth security analysis (WP2) and starting to building up the open source software and hardware libraries (WP3). WP4 on demonstrators and integration only started at M12 and so far dealt with the specification of the demonstrators.

The project was launched successfully during the kick-off meeting in January in Leuven and this meeting established a sound basis for clear and efficient cooperation of the partners towards the research objectives. A public website, blog and Twitter account were set up for external communication and an internal communication infrastructure including SVN and mailing lists was put in place.

The progress achieved by all work packages is in line with the description of work and resulted in 8 deliverables that were produced on time. The work performed can be summarized as follows:

WP1 – Use case specification and requirement analysis
WP1 started at M01 and ran for 12 months. We have worked on the specification of three use-cases where somewhat homomorphic encryption can become an important differentiator. Below we give a description of each use-case and summarize the main results so far.

Satellite Use Case

This use case investigates the application of homomorphic encryption to the processing of data acquired by ground observation satellites. We have described three candidate signal processing algorithms and have assessed their suitability to homomorphic encryption. We found that the scenario where an end user owns the satellite payload (and trusts the satellite operator) while it does not trust the data processing facilities to be of most interest. We identified the Advanced Synthetic Aperture Radar (ASAR) payload processing as the more promising vehicle for the use of somewhat homomorphic encryption. Our assessment is that the most promising use case is that of protecting synthetic aperture radar data throughout all of the processing from the ground station up to the product released to the end user. The detailed findings and recommendations and further research challenges are described in Deliverable D1.1.

Smart Grid Use Case

This use case investigates how homomorphic encryption can alleviate consumer’s security and privacy concerns whenever a smart meter forwards meter readings to the smart grid. We identified three use-cases where homomorphic encryption help to protect the privacy of the user. In all three scenarios the user provides privacy sensitive data, detailed meter readings, to a service which not necessary requires such detailed per-user statistics to compute (or obtain) the desired information. These use-cases are load monitoring and forecasting, fraud detection, and billing. In the two first scenarios sophisticated and precise forecasting algorithms are required. We investigated the usage of artificial neural networks where the processed data is encrypted (using homomorphic encryption algorithms). It seems unrealistic that the training as well as the collection of data can be performed locally on the smart meter in the consumer home. Therefore we suggest that training of this data and the computation (and updating procedures) on this trained and encrypted data is a valuable solution which could be outsourced to one of the service users in the smart grid network. Investigating which input data should be used, besides the meter readings, and how many hidden layers are sufficient are forwarded as research directions for WP2. The technical details are outlined in deliverable D.1.2.

ADOC Use Case
Organized Crime is becoming increasingly diverse in its method, group structures and impact on society. Internet and mobile technologies have emerged as key facilitators for organized crime. Although electronic co
The progress beyond the state of the art is mainly driven by HEAT’s main goal, which is to develop Somewhat Homomorphic Encryption (SHE) into a practical technology, by focusing on efficiency and security aspects, and examining real world use-cases where it is currently potentially viable. For each aspect, we now summarize the progress beyond the state of the art.

Efficiency of SHE
To date several SHE schemes have appeared in the literature, all of which are completely general and were mostly designed with Fully Homomorphic Encryption (FHE) in mind. FHE schemes are notoriously inefficient, and by optimizing SHE schemes for specific applications, we intend to show its practicality. The HEAT project is the first to provide an extensive in depth comparison of the different schemes, and parameter recommendations for different types of applications.

Security analysis
Since SHE is a very recent invention, the practical security of the above mentioned systems is in general not well understood, so an in depth security analysis is required. In the HEAT project we have already shown that one of the most popular SHE schemes (due to its efficiency) is in fact not secure and therefore can no longer used. We have also analysed the practical hardness of several underlying mathematical problems that form the basis of the above cryptosystems. This is important to make an optimal parameter choice for each security level.

Open source libraries
One of the main outcomes of the HEAT project will be the open source implementations of a selected set of SHE schemes both in software and hardware. Currently we have already been working on three different libraries and have developed a general API that can be used by the higher level applications. To enable reuse all these libraries will be made available to the general public.

Real-world use cases
To illustrate the practicality of the developed technologies, we will demonstrate its use in three real world use cases. The use cases have not been attempted before due to their efficiency constraints. For the smart meter use case, we are developing technology that enables a much wider functionality to process encrypted meter data, compared to the current state of the art. In particular, it will be possible to run neural networks on encrypted data which can be used in forecasting and fraud detection. For the automated detection of crime we are currently developing tools and technology that allow encrypted databases to be aggregated and detection algorithms to be run. Finally, for the satellite use case, image processing algorithms are being developed that will enable analysis of encrypted images. None of these use cases has been tried before and each illustrates a specific use of SHE that will find applications in other areas than the ones originally developed for.
Impact
It is clear that computing on encrypted data, in this case enabled by using homomorphic encryption, constitutes a disruptive technology that will create a paradigm shift in how one can simultaneously secure data but still enable data processing. This in turn will generate new economic and technological opportunities for Europe. The potential impact of the technology developed during the HEAT project is summarized below:

New products, services and business models with higher level of security and privacy
New applications and business models in different domains such as cloud computing, e-health, e-government, social media and supply chains require computation on different types of security-critical data and demand for sophisticated functionality and security. Homomorphic cryptography offers the tantalising goal of being able to process sensitive information within such applications, without needing to compromise on the privacy and security of the citizens, and organizations, who provide the input data.

Built-in compliance with security and privacy regulation
Much of European privacy regulation is devoted to ensurin
HEAT prongs and phases with workpackages