News AI
July 30th, 2024

Swift Homomorphic Encryption

Apple has released an open-source Swift package for homomorphic encryption, enabling secure computations on encrypted data. It enhances privacy for cloud services and supports applications like iOS 18's Live Caller ID Lookup.

Read original articleLink Icon
CuriositySkepticismEnthusiasm
Swift Homomorphic Encryption

Apple has announced the release of an open-source Swift package for homomorphic encryption, named swift-homomorphic-encryption. This cryptographic technique allows computations on encrypted data without revealing the underlying unencrypted data, enhancing privacy and security for cloud services. The package is designed to enable clients to send encrypted data to a server, which can process it without ever accessing the decryption key or the original data. A practical application of this technology is seen in iOS 18's Live Caller ID Lookup feature, which uses homomorphic encryption to provide caller ID and spam blocking services while maintaining user privacy.

The implementation utilizes the Brakerski-Fan-Vercauteren (BFV) homomorphic encryption scheme, which is quantum-resistant and offers strong security. The package also incorporates Private Information Retrieval (PIR), allowing clients to retrieve data from a server without disclosing their private keywords. This method is efficient for large databases with frequent updates, as it only requires syncing minimal metadata.

Apple encourages developers to explore this technology for various privacy-preserving applications, including secure aggregation and machine learning. The announcement includes a basic example of how to use the package, and Apple invites contributions and feedback from the community to enhance the functionality of the swift-homomorphic-encryption package.

Related

Apple admits its AirPods had a security problem

Apple admits its AirPods had a security problem

Apple addressed security vulnerabilities in AirPods and Beats Fit Pro headphones, preventing hackers from pairing devices with the wrong source. The company released updates to enhance customer protection, emphasizing privacy. Apple prioritizes privacy in its products, like Apple Intelligence, and declined AI collaborations with Meta over privacy concerns.

Apple Disables WebKit's JIT in Lockdown Mode

Apple Disables WebKit's JIT in Lockdown Mode

Apple disables WebKit's JIT in Lockdown Mode for security, affecting web browsing speed. BrowserEngineKit complies with EU's DMA, allowing third-party engines while ensuring security. Apple balances compliance, security, and performance.

Reverse Engineering the Verification QR Code on My Diploma

Reverse Engineering the Verification QR Code on My Diploma

The author attempts to reverse engineer a QR code on their diploma encrypted with RSA encryption. Challenges arise due to encryption complexities, Flutter app disassembly, and RSA key limitations, making decryption unfeasible.

iOS 18 could 'sherlock' $400M in app revenue

iOS 18 could 'sherlock' $400M in app revenue

iOS 18 may reduce app revenue by incorporating popular features into its system, potentially affecting apps generating $393 million and 58 million downloads annually. Concerns about fair competition and data usage arise. Various categories like trail apps, grammar helpers, math solvers, and password managers could be impacted, with trail apps leading in revenue at $307 million yearly. Developers may need to innovate to stand out amidst Apple's changes.

Apple Intelligence Now Available in New iOS 18.1, iPadOS 18.1, Sequoia Dev Betas

Apple Intelligence Now Available in New iOS 18.1, iPadOS 18.1, Sequoia Dev Betas

Apple has released developer betas for iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1, featuring Apple Intelligence tools. Compatibility requires specific devices, with additional features expected later this fall.

AI: What people are saying
The comments on Apple's release of the Swift package for homomorphic encryption reveal a mix of skepticism and intrigue regarding its practical applications and security implications.
  • Some commenters question the effectiveness of homomorphic encryption for specific use cases, like phone number lookups, citing potential vulnerabilities.
  • There is a fascination with the concept of homomorphic encryption and its potential to enhance privacy, particularly in AI and PII-related applications.
  • Concerns are raised about the security standards of fully homomorphic encryption (FHE) and the trade-offs involved in its implementation.
  • Commenters discuss the engineering challenges and organizational motivations required to adopt FHE in real-world applications.
  • There is a call for better understanding and resources regarding the mathematical foundations of homomorphic encryption.
Link Icon 19 comments
By @tedunangst - 6 months
I feel like phone number lookup is the textbook example of homomorphic encryption not actually working because there's so few keys you can simply enumerate them.
By @golol - 6 months
I find homomorphic encryption fascinating as it can in some sense move a simulation into an inaccessible parallel universe.
By @tpurves - 6 months
Anyone interested in FHE should also be checking out https://www.zama.ai they've made a ton of progress recently in making FHE practical.
By @bluedevilzn - 6 months
This must be the first real world use case of HE. It has generally been considered too slow to do anything useful but this is an excellent use case.
By @tiffanyh - 6 months
This is hugely significant (long-term), that won't be felt immediately.

This is a massive announcement for AI and use cases related to PII.

By @oulipo - 6 months
How does it compare to the FHE from https://zama.ai ?
By @gumby - 6 months
The name is hilarious because HME is anything but speedy -- by many orders of magnitude.

I think the real fix is secure enclaves, and those have proven to be difficult as well.

By @ReptileMan - 6 months
What is the processing that the server does on the encrypted phone number? I am not sure I understand. I always thought that this type of encryption was (roughly and imprecisely) - you send some encrypted blob to the server, it does some side effect free number crunching on the blob and returns the output blob. You decrypt the blob and everyone is happy.

But to return information if some number is spam it has to be either plaintext or hashed condition somewhere outside of the phone?

By @yalogin - 6 months
FHE is cool but I wonder how many use cases it actually fits. Don’t get me wrong, it gives better security guarantees for the end user but do they really care if the organization makes a promise about a secure execution environment in the cloud?

Also from an engineering point of view, using FHE requires a refactoring of flows and an inflexible commitment to all processing downstream. Without laws mandating it, do organizations have enough motivation to do that?

By @nmadden - 6 months
The thing that I always want to know with FHE: the gold standard of modern encryption is IND-CCA security. FHE by definition cannot meet that standard (being able to change a ciphertext to have predictable effects on the plaintext is the definition of a chosen ciphertext attack). So how close do modern FHE schemes get? ie how much security am I sacrificing to get the FHE goodness?
By @menkalinan - 6 months
I don't quite understand how the server can match the ciphertext with a value without knowing the key. How does the server determine that the ciphertext corresponds to the specific value? If the server constructs this ciphertext-value database, how does it know what algorithm to use to create ciphertext from a value and store on its side?
By @motohagiography - 6 months
great to see this becoming part of mainstream tools. the question I have is, when a weakness is published in FHE, is it more like a hash function you can do some transformations on, but there is no 'decryption' to recover plaintext again- or is it more like a symmetric cipher, where all your old ciphertexts can be cracked, but now your FHE data sets are no longer considered secure or private and need to be re-generated from their plaintexts with the updated version?

what is the failure mode of FHE and how does it recover?

By @lsh123 - 6 months
If we assume that server is “evil” then the server can store both PIR encrypted and plain text phone number in the same row in the database and when this row is read, simply log plain text phone number. What do I miss here? We can send PIR request and trust server not to do the above; or we can send plain text phone number and trust server not to log it — what’s the difference?
By @attilakun - 6 months
Is there a good primer that explains the math basis of this?
By @tombert - 6 months
I wrote some basic homomorphic encryption code for a hackathon like 8 years ago. When I interviewed for a BigTechCo [1] about a year later, the topic came up, and when I tried explaining what homomorphic encryption was to one of the interviewers, he told me that I misunderstood, because it was "impossible" to update encrypted data without decrypting it. I politely tried saying "actually no, that's what makes homomorphic encryption super cool", and we went back and forth; eventually I kind of gave up because I was trying to make a good impression.

I did actually get that job, but I found out that that interviewer actually said "no", I believe because he thought I was wrong about that.

[1] My usual disclaimer: It's not hard to find my work history, I don't hide it, but I politely ask that you do not post it here directly.