How can users trust that the open-source libraries they are using work as expected? How do we know that these libraries are safe? In this blog post we’ll explore standardization and peer review as answers to these questions in the lens of an emerging technology, Fully Homomorphic Encryption.
Homomorphic Encryption (HE) is a relatively new form of encryption that permits users to do limited computations on encrypted data without decrypting it first. Fully Homomorphic Encryption (FHE), which supports arbitrary computations on encrypted data was proposed in 2009, and thus is at an early stage compared to other cryptographic systems. Prior to FHE, Homomorphic Encryption constructions were very limited in functionality, but Full Homomorphic Encryption introduced a truly powerful and useful technology, giving motivation for commercialization. For a new technology to be widely accepted, it must be trusted by the general public. This surfaces the question of how do we know if a new technology is trustworthy? Three main aspects must be considered: standardization, peer review, and availability of open-source libraries.
Standardization in Full Homomorphic Encryption
Standardization is an extremely important aspect of ensuring a new technology can be trusted as it helps enforce consistency across different systems. Because Full Homomorphic Encryption is so new, standardization efforts began relatively recently, and Duality leaders have played a significant role in establishing these standards. Beginning in 2017, multiple workshops were held where leaders in cryptography met to establish security standards. During these workshops, an online consortium called homomorphicencryption.org was formed to advance secure computation to continue the standardization process. The proposed security standard describes the encryption scheme, along with well-known attacks, and was written by leading experts in the security field. It has been well received by the public and is now implemented in HE libraries like PALISADE and Microsoft SEAL. Recently, the International Association for Standardization (ISO) has put a standardization process in place furthering this process.
Peer Review and Open-Source Software
Standardization alone doesn’t guarantee the safety and security of a Full Homomorphic Encryption library, we must also put the library through rigorous peer review, similar to academic review of papers proposing new cryptographic protocols and publish the library as open-source. During peer review, cryptographic protocols are reviewed by colleagues to ensure that they are secure and to evaluate the quality of the library. Publishing the library open-source takes this one step further, and allows the general public to validate that the protocol works correctly. This is very different from proprietary libraries where the user is forced to blindly trust that the algorithms work as the documentation says. Open-source libraries provide an extra validation that algorithms are implemented correctly because users can try to attack the implementation and aid in exposing any possible vulnerabilities.
Duality’s Open-Source FHE Libraries
PALISADE is the open-source cryptographic library that Duality was involved in creating. The creation involved collaboration with the authors of many other libraries and leading HE experts. On July 19th, the preview release of OpenFHE, an updated HE library, was launched. Duality played a major role in developing this open-source Homomorphic Encryption library along with MIT and companies like Intel and Samsung. We compiled lessons learned in the development of PALISADE and applied past experience to the development of this new and innovative library. OpenFHE is similar to OpenSSL except it is specifically to be used for Homomorphic Encryption, and it implements many different protocols that can be verified by any cryptographer.
At this point, the standard for a Homomorphic Encryption library has been set and Duality played a very important role in facilitating this effort. Select Duality customers have already made use of Fully Homomorphic Encryption, proving that the technology works and that having safe, trusted, open-source FHE libraries available is essential. With the release of OpenFHE, we anticipate the use of this exciting technology to continue to grow. Thanks to the standardization efforts, peer review, and the availability of open-source documentation, we can trust that our technology meets the demands of the market.
