In a Nutshell: Sensitive information is shared constantly in today’s connected world. That’s why Microsoft’s homomorphic technology boosts security by enabling computations to take place on encrypted data, so it never needs to be decrypted, which opens it up to vulnerabilities. Now, Microsoft has released its easy-to-use Simple Encrypted Arithmetic Library (SEAL) for free use, and financial institutions are among the types of companies that can benefit most from this type of security. We spoke with Kristin Lauter, Principal Researcher and Research Manager for the Cryptography Group at Microsoft Research, to walk us through an overview of homomorphic technology and why it is crucial for companies to adopt the latest advances in cryptography.
In December, Microsoft open-sourced its Simple Encrypted Arithmetic Library (SEAL), in an effort to move toward standardizing homomorphic encryption.
If you’re wondering how to decrypt that information — essentially, companies can now keep your sensitive data more secure than ever using technology developed by Microsoft. To further explain SEAL and homomorphic encryption, we recently spoke to Kristin Lauter, Ph.D., who is the Principal Researcher and Research Manager for the Cryptography Group at Microsoft Research.
She said the Simple Encrypted Arithmetic Library is intended to be a resource that anybody can use — not just cryptography experts — to ensure data remains safe in the cloud even while computations are being done on it.
“It has made a bit of a splash since we’ve made the technology of the library commercially available,” Lauter said. “Now, anybody can just take the library and use it. Before, it was only for research purposes and non-commercial use.”
SEAL is written in C++ and has no external dependencies, which Lauter said makes it even easier to use.
Lauter said having access to SEAL and applying homomorphic encryption to data is particularly important for the finance industry because companies routinely handle very sensitive customer financial data.
Homomorphic Encryption Elevates Security and Minimizes Costs by Eliminating the Need to Decrypt Data
Lauter said data generally exists in three states: at rest, in transit, and in computation. Data at rest is information that is simply being stored and is generally protected by Advanced Encryption Standard block ciphers. She said that, at a minimum, all financial services companies should be using this type of backend encryption.
Data in transit is when a company is exchanging or receiving any kind of data with a customer or partner, generally over the internet. Again, she said there are standards in place that protect data in this state.
Homomorphic encryption — and Microsoft SEAL — applies to data in computation, which is data that is actively being computed or operated on. Historically, to perform operations on encrypted data, companies would have to decrypt the data first, perform the desired operations, then re-encrypt the data.
“What homomorphic encryption does is it allows the company to encrypt records on their side and store them in the cloud, and yet we can still operate on the records,” Lauter said. “For example, we can do a search, we can do data analytics, we can do AI predictions, all on the encrypted data and give the encrypted results back to our customer.”
That means customer data is protected at every step, and, even if Microsoft is performing computations on the data, the company never even has access to the decrypted information. Lauter said the application of homomorphic encryption is relevant across a wide variety of industries, but the finance industry can benefit particularly well from the technology.
“There is so much sensitivity around people’s financial data so it has to be secured anyway,” she said. “Adding this layer of homomorphic encryption just helps to ensure it’s always protected, even if there is a break in, data loss, or even a rogue system administrator.”
Because the data is always encrypted, it is useless to any outside party.
Additionally, eliminating the time and effort required to decrypt and re-encrypt data saves money and helps streamline data analysis and computations for companies.
Adopting the Latest Security Practices are Crucial for Protecting Sensitive Financial Data
“Because of all the high-profile data breaches we’ve heard about in recent years, I hope companies are really thinking more about encryption and keeping data safe,” Lauter said.
And while she hopes to see the finance and many other industries employ homomorphic encryption, she said adopting a new technology such as this can be a lengthy process. When solutions for outstanding problems such as homomorphic encryption are proposed, there’s often about a 10-year time lag in the industry before adoption, she said.
“The reason for that is because mathematicians need to have time to work on these problems and figure out a lot of the details,” she said. “The first solution for homomorphic encryption was proposed in 2009 so we’re just getting to that 10-year time-frame right now.”
She said Microsoft and her research team have tried to accelerate adoption in a number of ways. In 2017, Microsoft launched an industry and academia coalition to standardize the technology that has resulted in big-name partners like IBM, Intel, and Samsung coming on board to help release the standard.
Lauter said the first standard was released at a workshop in March 2018, followed by the most recent standard, which was released in October of last year.
Government agencies have also been responsive she said. The National Institute of Standards and Technology (NIST) has worked with Microsoft to organize workshops attended by representatives from other areas of the government, including the NSA.
“So, overall we’ve seen a lot of alignment of industry partners and government around getting this technology standardized,” Lauter said.
She said she hopes to see the coalition’s initial standards adopted by agencies like NIST, that will then establish some government baseline standards. Then, once government requirements are issued, third-party services will become involved in the process to ensure that companies are meeting those requirements.
“You can see that I’m describing this long process that happens every time with new cryptography technologies,” she said. “And we’re right at the beginning of that process now.”
Lauter said with those initial steps in place, she feels confident that the whole process is moving in the right direction.
“From an operational point of view, I think it’s a big win for the financial services industry to start encrypting all their records in homomorphically encrypted form,” she said, “both for the convenience of being able to use cloud services and being able to add that extra layer of security.”
Microsoft SEAL’s Homomorphic Encryption Technology Made Possible by the Cryptography Research Group
Microsoft SEAL would not be possible without the efforts of the entire team behind it, Lauter said.
“The whole team deserves acknowledgment for their role in this process,” she said. “These are researchers who have worked so hard on this project to get it where it is today.”
For the past three years, she said Kim Laine, Ph.D., has led the SEAL development efforts. Laine also co-organizes the Homomorphic Encryption Standardization initiative. As a researcher in the Cryptography Research Group at the Microsoft Research Lab in Redmond, Laine’s interests lie in “solving privacy challenges in machine learning using modern cryptography.”
She said researchers Hao Chen, Ph.D., and Ran Gilad-Bachrach, Ph.D., are also integral to the Cryptography Research Group and Microsoft’s efforts in homomorphic encryption.
“And we’ve been working with our partner team in Engineering, where Sreekanth Kannepalli has been leading the effort to work with our AI teams to make this a reality,” Lauter said. “He’s leading the overall efforts to deploy the technology.”
Lauter has been working for Microsoft Research for nearly two decades. She said that, as the Manager for the Microsoft Cryptography group for almost 10 years, she has covered all different aspects of cryptography, privacy, and security.
“She is particularly known for her work on homomorphic encryption, elliptic curve cryptography, and for introducing supersingular isogeny graphs as a hard problem into cryptography,” according to Lauter’s Microsoft bio.
She said the Elliptic Curve Cryptography (ECC) has been used across Microsoft’s products since 2005, beginning with Windows Vista. From 2015 to 2017, Lauter was the President of the Association for Women in Mathematics. She is also a Co-Founder of Women in Number Theory.
The Benefits of Standardizing Homomorphic Encryption
“I really believe in this technology,” Lauter said. “I think, in the future, consumers, businesses, everyone, will routinely use homomorphic encryption to upload their sensitive data to the cloud to allow for operations to be done on it.”
Adding this layer of security will help to ensure data is kept safe across all industries, she said, and she’s happy to see the beginnings of the standardization effort and looks forward to it becoming a true baseline for security.
“That’s the future I want to get to,” Lauter said. “I believe in it.”