Security news that informs and inspires

IBM Releases Open Source Encryption Toolkit


When data is encrypted while at rest, it cannot be used or read by unauthorized parties. Data in transit can be encrypted so that someone can’t intercept the information and try to read the contents. However, it is harder to protect the data when it is in use. That is the problem IBM is hoping to address with its open source toolkits implementing fully homomorphic encryption (FHE).

“The common methods of storing and sharing sensitive data with colleagues and partners have weak links. Today, files are often encrypted in transit and at rest, but decrypted while in use. This provides hackers and insiders with repeated opportunities to exfiltrate unencrypted data. FHE plugs these holes. It allows the manipulation of data by permissioned parties while it remains encrypted, minimizing the time it exists in its most vulnerable state,” said Flavio Bergamaschi, a senior research scientist at IBM Research.

The IBM Fully Homomorphic Encryption Toolkits is intended to allow developers experiment with FHE and make it easier to incorporate FHE into their applications. The toolkits are currently available on GitHub for macOS and iOS. Android and Linux versions are expected at some point. The kits include platform-specific IDE configuration, a complete sample program, and the dependency libraries needed to build applications using HElib, a mature and versatile encryption library. For example, the iOS toolkit includes a program to run a query against an encrypted database to find the names of the capital cities of various European countries.

“Now, in the time it takes most people to brew a pot of coffee or declutter a desk, developers can follow simple instructions to get up and running with a FHE toolkit,” said Eli Dow, a researcher at IBM Research.

Since FHE lets data be shared and used without exposing it during processing, it is ideal for sensitive applications such as those used in the financial and healthcare industries. FHE can also be used to selectively restrict decryption capabilities, so people can see only the portions of a file that they are entitled to, and are necessary for them to do their work, Bergamaschi said.

IBM released the core library for FHE as open source back in 2013. Developers need more than just library—they need working code, tutorials, documentation, and use cases to use the library successfully, Dow said. The toolkits will help developers as they rethink traditional programming models, especially since they will have to make some changes to the application’s business logic to handle the fact that the data never gets decrypted.

A developer interested in implementing “privacy-preserving search,” or when users get their search results without their queries being exposed to the provider, could use FHE to access the encrypted database. The sample program in the iOS toolkit is an example of a privacy-preserving search. FHE could also be used in machine learning applications where the model is trained using encrypted data, Dow said.

“For example, what if all the health care providers on the planet could pool fully encrypted patient records to allow analytics on patient data without divulging anything about the individuals involved. Think of the progress that could be made with regards to treating certain kinds of diseases!” Dow said.

IBM invented FHE in 2009, but it remained on the “cryptographic shelf” because the complex computations made it slow, and the amount of computing power required make it impractical for real applications, Bergamaschi said.

“In recent years, thanks to algorithmic advancements, Fully Homomorphic Encryption has reached an inflection point where its performance is becoming practical. This has revolutionized security and data privacy and how we outsource computation to untrusted clouds,” IBM said.

The toolkits are not final and will be changing as the community grows around these tools.

“We wanted to quickly put them out to get the technology into the hands of early adopters who want to make these concepts less abstract and more concrete as we look to build up a community of users and use cases,” Bergamaschi said.