Root Causes 66: Functional Versus Homomorphic Encryption
Traditionally, file encryption is an all-or-nothing affair where data cannot be gleaned from the encrypted file without fully decrypting its contents. A new brand of cryptography called homomorphic encryption makes it possible for specific types of data to be read from a file while the rest of it remains encrypted. Join our hosts as they explain this new technology approach and its possible implications and use cases.
- Original Broadcast Date: February 18, 2020
Episode Transcript.
Lightly edited for flow and brevity.
-
Tim Callan
So, today, we wanted to talk about functional encryption.
-
Jason Soroko
Yeah. Which is, I guess another way of saying just your everyday, if there is a such thing, everyday encryption. Or here's a better way of putting it Tim. Encryption where, you know, the conversion to cipher text and then the decryption - - the whole series of events, in other words, the leaving of the cipher text, the leaving of the encrypted state into a decrypted state for the purposes of processing that data, or even just to read the data. It wasn't that many podcasts ago; we've talked about S/MIME as an example.
-
Tim Callan
Right.
-
Jason Soroko
One of the challenges with S/MIME is once you have encrypted email how do you search it?
-
Tim Callan
Sure. Absolutely.
-
Jason Soroko
Right. If you have a - - something like a secure email gateway, you're able to provision that secure email gateway with the S/MIME certificate to decrypt, do your searching and then carry on with your life. We've also talked about, uh, decrypting SSL streams, for the purposes of looking for, malware, data loss.
-
Tim Callan
Yeah, exactly. The data exfiltration that's not allowed. Right.
-
Jason Soroko
Right and every one of these cases, we're talking about a decryption event, which, you know, there's a point of vulnerability and in environments such as a secure email gateway, that's, you know, behind closed doors, essentially behind a firewall or, you know, an SSL stream that's being read in a secure environment that can completely make sense. But what happens if you're sending stuff out to the cloud, Tim? Right? What happens if you're sending stuff out to a public cloud or some service that is in a hostile environment and you want that data to not be decrypted, but somehow be worked on. And that's - - that gets into this topic and get out your cards folks. Right? That's what Tim always tells us, uh, which is homomorphic encryption. That's a term that you might see out in the world as you walk around. And if you're a - - if you're at all interested in encryption or PKI, it's a term that you might wonder, what does it mean and how, how does it, you know, what's the utility of this thing and how might I ever see this in the future?
-
Tim Callan
Yeah. And this is a new term, not oft used term, that's coming up more often, right? So it may be that this is an opportunity to help some of our listeners really understand what do people mean when they talk about homomorphic encryption? So, first, just simple definition of homomorphic encryption, Jay.
-
Jason Soroko
I think really the best way to talk about homomorphic encryption or to just, you know, to give the definition is to really say what it does in as clearly as possible, which is taking cipher text - - something you've encrypted - - and have it processed in such a way with a specific set of technologies that enables it to be modified so that when you yourself decrypts it again, once it has come full circle, the resulting clear text, the decrypted - - the decrypted result looks exactly like what you would expect as if it had been decrypted, processed and re-encrypted back to you.
-
Tim Callan
Without allowing decryption of the data. Right? So, the idea is that you're going to allow some specific planned function to be operated upon this encrypted data that will be correctly done so that the results will be valid and accurate, that will not allow access to information inside of the encrypted file or files apart from the specific function that is supposed to be run. Is that right?
-
Jason Soroko
Well said, Tim. Thank you for that. That's so that's a really good way of putting it.
-
Tim Callan
What would be a nice pragmatic example?
-
Jason Soroko
You know what, here's a not pragmatic example first.
-
Tim Callan
Okay.
-
Jason Soroko
Because this might be on people's minds, because a lot of you might be running things like ERP systems or CRMs in the cloud. Right? That's not unusual.
-
Tim Callan
Right.
-
Jason Soroko
And a lot of you worry about, hey, when my data is at rest, I want it to be encrypted.
-
Tim Callan
Right.
-
Jason Soroko
Which is, uh, I fire up my CRM, I import a whole pile of my important PII data into that with my customers and when it's just sitting there it's encrypted and in an encrypted state.
-
Tim Callan
God forbid someone gets access and gets the file; I want that file to be of no value. Right?
-
Jason Soroko
Exactly. But the problem is, of course you have a credential, you have a privileged credential into that CRM, you log in, you start modifying records within that encrypted database, the problem is the system is decrypting as you're going along, right? It’s decrypting. You're allowed to make your changes because of your privilege and then you're re-entering that information, resaving it into the database in an encrypted state. This is not homomorphic encryption.
-
Tim Callan
Right.
-
Jason Soroko
Homomorphic encryption must do probably with use cases that are far more sensitive. Anything where you need to have say an extremely sensitive data that needs to be, you know, have a mathematical calculation put upon it or needs to be aggregated or needs to be any of these things that, you know, a computer does best. Perhaps it's sensitive geographic information, you know, uh, targets, military targets.
-
Tim Callan
There's a bunch of PII for all my employees and I need to be able to get some high-level statistics. I need to see how my diversity programs compare to national averages.
-
Jason Soroko
Perfect. And I want to process that in a public cloud because the public cloud is, uh, you know, it's offering me a price point that's just too good to be - - too good to not take advantage of.
-
Tim Callan
And flexibility and scalability and all of the other great things that you can get in on that kind of platform, of course.
-
Jason Soroko
Perfect. But on the other hand, you know, this is going to - - maybe I even trust that public cloud with my data, but I definitely do not trust the public internet where my data has to go.
-
Tim Callan
Right. So, in the case of this example, I could go - - I've got this stuff sitting in a public cloud environment, it must be encrypted because if something happens to it - - It's my employees PII. Right? It's a terrible thing to give away and yet I'm trying to ensure compliance. Right? I have compliance requirements because of my industry or my government or my partners or whatever and I need to demonstrate that I am, you know, that I am compliant in terms of my employee base. And so, what I do is I go and I can run a function, you know, using a homomorphic encryption technique where I can tease out this one data point from all of those records without leaving other things like, you know, Tax IDs and Social Security Numbers, for instance exposed. Is that correct?
-
Jason Soroko
That's it, Tim. Essentially the chain of encryption never breaks except for the point at which you want to encrypt it at the beginning and when then eventually you want to read the result. It really answers the question, can I have my data never leave the safety of encryption and therefore fully protect the privacy of whatever is inside the sensitive data throughout its entire process of being processed in a potentially external environment.
-
Tim Callan
So, Jay, I'm going to ask a question and you may not know the answer because you and I didn't rehearse this ahead of time because we don't. Um, but I am not - - I am no cryptographer. I am a standards and practices guy, and I understand what cryptography does and I understand the value and I know what the different, you know, hashing algorithms and cipher suites are and which ones are deprecated, and which ones are current. But you start saying something to me like I'm going to take an encrypted file and I'm going to go in and cherry pick the specific bits of it that I can read without reading the rest and my tiny little brain is just blown. Like how does this work? How can people do this?
-
Jason Soroko
Isn't it amazing, Tim? I mean to us, who've been in the industry a long time it does seem like sorcery or something that's really - - should never have been possible.
-
Tim Callan
Or it seems like a gee, wouldn't it be nice if we could, but it isn't, it's a we can.
-
Jason Soroko
I think it has a lot to do with the nature of the encryption itself.
-
Tim Callan
Yeah.
-
Jason Soroko
We're not talking about, you know, the typical algorithms that you and I know and love and that I'm sure people on this, you know, listeners could, we could rhyme off, for typical encryption. This is a different form of encryption basically added with some fancy math, right? Enabling you to do this. So, without getting too deeply into it, Tim, I think the purpose of this podcast was really to just introduce what is it at the surface, allow ourselves to have our minds blown by the concept and perhaps scratch our heads about how in the world is that possible. But I will tell you, I think it's worth saying on this early podcast is - - I think it's IBM who owns a lot of the patents around the answer to your question, Tim.
-
Tim Callan
Okay.
-
Jason Soroko
And I think one of the interesting things about that is, that might answer the question of how will we see this employed in the future? Because obviously if somebody wanted to take the baton and run with this in a commercial way, they would need to get something set up with IBM, because obviously you're working with their IP.
-
Tim Callan
Right. So, this could be a commercial offering from IBM, for example, and so one of the implications of what you said and something that I would have suspected is that before you're ever encrypting these data to begin with, you have already planned what will be accessible and by whom, or at least which chunks of data will be accessible by different parties. So, I can say I can grant party A, the right to get this part of the dataset and I can give party B or process B application B the right to get this part of the dataset and you decide that before you ever encrypt it. Right?
-
Jason Soroko
I think it's a good point, Tim. And for any of you who are listening to this wondering, is this a replacement for standard forms of encryption? The answer is no. This is something that has a specific usage model and will solve specific use case privacy problems, but it's not for everything. It definitely - - this solves very, very specific problems that I think are going to become even more prevalent in the future, especially with using the cloud for all kinds of things where today that processing probably happens in house but, uh, that that's exactly right, Tim. This is something you would be planning out and thinking very hard about from the earliest stages.
-
Tim Callan
So then one of the implications of that is this isn't really responsive. Like, if the CEO comes and says gentlemen, we need to know the following things or ladies and gentlemen, excuse me, we need to know the following things now, and we hadn't planned for it ahead of time homomorphic encryption approach does not help us. This would be more about a I know perfectly well that I'm going to need to have the following applications or processes or third parties getting to the following things and I'm comfortable and I vetted it and I'm confident that it's okay to give them access to that piece of data, and I'm going to build a homomorphic encryption structure that allows those ongoing predicted activities to occur, right?
-
Jason Soroko
So, Tim, here's an analogy of what you just said with another form of technology, such as Blockchain. Right now, if you and I were tasked with, hey, go build this system and put it on a distributed ledger such as Blockchain, the first thing you and I are going to do is go, oh my God. well, I don’t want to be building this from scratch.
-
Tim Callan
Right. So, where can I just sit on top of a platform and I'm probably going to go to one of the major public clouds and go, oh, thank goodness. They already have, you know, Hyperledger and a bunch of other things that might help us.
-
Jason Soroko
So, in other words, I'm wondering if because the public clouds might benefit from homomorphic encryption the most, they may be the ones who lead the charge of hey, here's the platform, you just have to hook it to our API, as an example.
-
Tim Callan
Right and there'd be another motivation for the public clouds to do that which is differentiation. Right. So, one of the challenges that all of these services have, all of these, you know, the three bigs have, is that, um, it's hard to lock in a customer. Uh, they tend to be a very level playing fields from a tooling perspective - - repatriation between them tends to be quite easy and as a result, there is always - - there's a massive customer flight risk and whatever they can do to build in, you know, genuine value add, right or genuine feature functional differentiation that make it painful to leave them, is something they're very motivated to do.
-
Jason Soroko
Oh, 100%. I mean, they want you to run your loads on their metal.
-
Tim Callan
Right.
-
Jason Soroko
And that's how they monetize. And if part of your problem as a customer is that you never want to leave a chain of trust, this is a potential technology for that. And, Tim, I'm going to echo something you said earlier, which is, you know, I'm also not claiming to be an expert in this. In fact, I probably, I don't know how many experts there are in the world on this. I bet you I could count on one hand.
-
Tim Callan
Right.
-
Jason Soroko
But, uh, you know, I think one of the reasons we chose to talk about it today was really just if you see that term come up in your daily life, you might wonder what it is and we just wanted to help you to understand.
-
Tim Callan
Yeah. And it's real, it’s growing, even if it's never going to be the de facto standard, it certainly - - you can see how this could become a valid part of the large enterprises toolkit that they want to reach into for certain specific uses and have available to them. And so, we could see this becoming something in the years to come that's more widely understood, more widely used and generally that it becomes an important part of your computing platform.
-
Jason Soroko
Yeah, but you know what? I bet you, quantum entanglement will just come along and blow this all away, so.
-
Tim Callan
Well, we're going to have to talk about that as well. So good teaser for a future a podcast because that is another thing we need to talk about. Maybe this is a good spot to leave it today, Jay.
-
Jason Soroko
Thanks a lot, Tim.
-
Tim Callan
So, thanks Jay and thank you Listeners. This has been Root Causes.