Solving the holy grail of “Encryption in Use”
Part 3 of 4 in the series "The Road to Privacy".
Part 3: Solving the holy grail of “Encryption in Use”
As the quest for full digital privacy enhances, several solutions have emerged to address the challenges associated with Encryption in Use, and depending on the use case, we have a few options.
1. Fully Homomorphic Encryption (FHE)
This cutting-edge technology allows us to do computations on encrypted data directly, eliminating the need to decrypt the data or access it in its original form (cleartext data). In many ways, this is the dream. For a long time though, it has been just that - a dream that worked in theory, but not in practice. However, with the latest generations of Fully Homomorphic Encryption, led by researchers and organizations like OpenFHE and Zama, big steps have been taken toward practical implementations that can be used today. Over the last few years, performance has increased 20x.
Pros / Cons of Fully Homomorphic Encryption
➕ No need to decrypt data
➖ Performance is still (several) orders of magnitude behind
Explain it like I’m five: Fully Homomorphic Encryption
Imagine you have a box of crayons, and you want to keep them safe, so you put a lock on the box. Now, let’s say your friend wants to help you organize the colors inside the box without seeing them. Fully Homomorphic Encryption (FHE) is like a magic trick that lets your friend rearrange the crayons into groups of warm and cool colors even though the box stays locked the whole time. Your friend can help make things neat inside without ever seeing your crayons, and your crayons stay safe and private!
2. Local/On-Device processing
Imagine we can run all the computations necessary locally, on your own device, next to your data. In this case, you wouldn’t have to trust anyone else with your data (except your device), and you wouldn’t have to deal with encrypted data in transit or in use. This is actually a fairly good option, and many popular desktop apps have taken this local-first approach (Obsidian, Linear, LogSeq). It’s even possible to add a centralized sync server to keep multiple clients (eg. desktop and mobile) in sync while preserving end-to-end encryption.
Pros / Cons of Local/On-Device Processing
➕ Data doesn’t have to leave your device
➖ Computations can only happen when you have your application open. That means no background processing or asynchronous jobs
➖ All types of computing must be able to run on the device, which restricts you. Eg. you can’t run a large LLM on a device (yet) or do other heavy computations.
3. Secure Multi-Party Computation (MPC)
Multi-party computation (MPC), also known as “privacy-preserving computation”, is a subfield of cryptography that enables multiple parties to jointly compute a function over their inputs while keeping those inputs private. Essentially, participants can collaboratively derive an output (like the sum or average of their inputs) without revealing their individual inputs to each other. It’s a powerful tool for privacy-preserving computation, but due to it’s distributed nature, it has limitations.
Pros / Cons of Multi-Party Computation
➕ No participating party in the computation has access to the original input data
➖ Requires additional setup of a trusted network of participants
➖ Communication between parties introduces latency and network complexity
4. Confidential Computing
What if we could have the flexibility and performance of the cloud, but without having to trust the cloud or service provider with our unencrypted data? That is the promise of the Confidential Cloud. Leveraging Trusted Execution Environments (TEE) built into modern CPUs (eg. Intel SGX) or custom chips like AWS Nitro Enclaves. They essentially bring 3 important properties:
An isolated environment where code can be executed on data, where the host has no access to the memory or runtime.
A private key is built into the chip from manufacturing, that can only be used from within the Trusted Execution Environment itself. This key can be leveraged to send encrypted data into the TEE, which we know will only be decrypted if it reaches the TEE.
Attestations - a way to cryptographically prove the integrity of the execution stack, from hardware to the software being executed.
The combination of these three properties gives us a robust and secure execution environment.
Pros / Cons of Confidential Computing
➕ Data protection, secure code execution, and isolation
➕ Minimal performance overhead (on recent generations)
➖ Added complexity in development and deployment (although DevEx has improved significantly lately)
➖ Trust in hardware (manufacturer)
5. Zero-Knowledge Proofs (ZKPs)
Zero-knowledge proofs are a cryptographic wonder that enables one party (the prover) to assure another party (the verifier) that a certain statement is true, without revealing any specific information about the statement itself. It’s a brilliant technology for sharing information in a privacy-preserving way, for example powering Verifiable Credentials with selective disclosure, which means you can verify information without exposing sensitive data. The computations are represented as “circuits” that, depending on the type of ZKP (zk-SNARKS, zk-STARKS, etc.), define the arithmetic and logical operations necessary to prove the fact. However, the challenge lies in the complexity of these circuits and the computational resources required to generate and verify the proofs. If the data changes, the ZKP needs to be generated again, which means it’s primarily useful for small bits of data that rarely change.
Pros / Cons of Zero-Knowledge Proofs
➕ Preserves privacy, keeps sensitive information concealed
➕ Verifiable
➖ Significant computational overhead, making only simple computations viable
➖ High complexity & knowledge of cryptography needed
What about GPUs?
A Graphics Processing Unit (GPU) is a specialized electronic circuit known for its speed in processing large blocks of data simultaneously. While initially designed for rendering images and videos, GPUs have evolved to become a cornerstone in the fields of computation, deep learning, and artificial intelligence (AI).
To build a personal AI, we need to leverage Large Language Models (LLMs). While some smaller models can be run on-device, and the devices will become more powerful and models more compact, there’s still no getting around the fact that heavy GPUs are needed to run the best LLMs.
And to access large GPUs in a scalable manner, we need the cloud. This brings us back to Confidential Clouds and Trusted Execution Environments (TEE).
Up to now, TEEs have been a CPU thing. This means we’re out of luck if we want to run workloads on GPUs because then we are leaving the isolated environment of the CPU TEE.
However, things are changing. With Nvidia’s H100, they introduced Trusted Execution Environments for GPUs to the world.
 | A guest post by
|
 | A guest post by
|