Apple has open-sourced the homomorphic encryption (HE) library it uses in its own deployments – making it available under an Apache 2.0 licence.
It shared details of its own implementation and a small handful of associated applications as a set of Swift libraries and executables.
(Swift is a programming language for all Apple platforms.)
Homowhat?
Homomorphic encryption lets users run queries/compute on encrypted data without revealing the unencrypted data to the operating process.
As a privacy enhancing technology it has scope across many applications.
Early implementations were clunky and often computationally prohibitive but that has changed in recent years and HE, a fascination of researchers for decades, is increasingly production ready. Examples of real-world applications have always been a little thinner on the ground, however.
Apple’s example of how it uses it in iOS 18 is welcome as a result.
Apple is using HE for Live Caller ID Lookup, for caller ID and spam blocking services, it said, announcing the library release. This lets Apple send an encrypted query to a server that can provide information about a phone number without the server needing to know/store the number.
A typical workflow for homomorphic encryption, said Apple, may be:
- The client encrypts its sensitive data and sends the result to the server.
- The server performs computation on the ciphertext (perhaps incorporating its own plaintext inputs), without learning what any ciphertext decrypts to.
- The server sends the resulting ciphertext response to the client.
- The client decrypts the resulting response.
The Swift implementation houses the Brakerski-Fan-Vercauteren (BFV) Homomorphic Encryption scheme, which is also quantum resistant.
See the GitHub repository here for details.
Other notable HE libraries include Microsoft SEAL, and IBM’s HElib.
Both are open-source and written in C++. (As homomorphic encryption expert Ellison Anne, CEO of Enveil, earlier told The Stack: “As any security practitioner would tell you, proprietary crypto is fundamentally a bad idea and if anyone is trying to sell it to you, run in the other direction.”)
One to watch: Homomorphic encryption specialist Enveil
HElib is not being actively developed anymore however, with numerous issues left open and is only in “maintenance mode” now for security bugs – and Microsoft has not updated its release news on SEAL since 2018, even if there are periodically pockets of activity in its GitHub repository.)
As an industry itself however numerous companies continue to work closely both on the research and application delivery side here.
One of them is Enveil CEO Ellison Anne Williams.
She told The Stack: “It’s fantastic to see Apple’s recognition of the transformative power of homomorphic encryption… As a foundational pillar of the Privacy Enhancing Technology family, HE’s unique ability to protect data while it’s being utilized has the potential to shift the way we use data on a broad scale by expanding the field of usable data sources.
“Organizations that can securely leverage data across jurisdictions as well as organizational and security boundaries in ways that were previously not possible will gain advantage in a data-driven market when every input matters. Business leaders who want to be ahead of the privacy and security curve need to pay close attention…” she added by email.
“Over the last year, we’ve seen global leaders including the White House, CISA, and NCSC release action-oriented directives aimed at recognizing and mitigating AI risk. Many of these guiding documents pointed toward adopting technology-powered solutions such as Privacy Enhancing Technologies (PETs) for their unique ability to provide model-centric security and protection. When used for encrypted model training and evaluation, the Secure AI capabilities enabled by PETs allows users to unlock value from cross-silo data sources without increasing organizational risk, compromising sensitive data, or sacrificing our values.”
Williams was keen to emphasise that there is a “significant difference between an HE library and an HE-powered solution… Homomorphic encryption libraries provide the basic cryptographic components for enabling the capabilities, but it takes a lot of work including software engineering, innovative algorithms, and enterprise integration features to get to a usable, commercial grade product,” she told The Stack.