Security Experts:

IBM Releases Open Source Toolkits for Processing Data While Encrypted

IBM this week announced the availability of open source toolkits that allow for data to be processed while it’s still encrypted.

The toolkits implement fully homomorphic encryption (FHE), which enables the processing of encrypted data without providing access to the actual data. The toolkits are currently available for macOS and iOS, but IBM is also working on versions for Android and Linux.

Applications are typically designed to encrypt data while it’s at rest or in transit, but malicious actors could still gain access to it while it’s being processed since at this stage the data is decrypted. FHE addresses this problem by enabling authorized parties to work with data while it remains encrypted.

IBM invented FHE in 2009, but until recently its use was impractical as it was too slow.

“In recent years, thanks to algorithmic advancements, Fully Homomorphic Encryption has reached an inflection point where its performance is becoming practical. This has revolutionized security and data privacy and how we outsource computation to untrusted clouds,” IBM says on a page dedicated to FHE.

The tech giant says the use of FHE is ideal for sensitive applications such as the ones used in the financial and healthcare sectors, allowing associated data to be shared without exposing it during processing.

The open source toolkits released this week by IBM make it easier for developers to implement FHE.

One practical use case suggested by IBM is for apps that allow users to search for certain types of products or services (e.g. restaurant apps). The use of FHE would allow the developer to implement what IBM describes as “privacy-preserving search,” enabling the user to obtain the information they are looking for without exposing the search query to the cloud provider.

Another use case is for machine learning. Developers of machine learning systems could train their model using encrypted data provided by others analyzing the same type of problem, but without the actual data being made available.

“For example, what if all the health care providers on the planet could pool fully encrypted patient records to allow analytics on patient data without divulging anything about the individuals involved. Think of the progress that could be made with regards to treating certain kinds of diseases!” IBM’s Eli Dow explained in a blog post.

Dow added, “As you might appreciate, the concept generalizes to analytics and cloud storage for regulated industries in general. Basically most scenarios where information-sharing collides with the paradox of ‘need-to-know’ vs. ‘need to share’ would benefit from FHE.”

The FHE toolkits are available on GitHub for macOS and iOS.

Related: Microsoft Introduces Free Source Code Analyzer

Related: CISA Announces Open Source Post-Election Auditing Tool

Related: Google Releases Open Source Tool for Finding File Access Vulnerabilities

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.