Skip to content

Search the site

Homomorphic encryption pioneer on Apple, DARPA and cracking the code for mainstream adoption

"Like all good stories, this starts in the 70s..."

Kurt Rohloff, CTO and co-founder of Duality
Kurt Rohloff, CTO and co-founder of Duality

Roughly 15 years ago, a quiet revolution began. Following the publication of a paper about homomorphic encryption (HE), DARPA began funding research into this potentially game-checking tech, which allows data within encrypted files to be "accessed" and compute on it to happen without requiring full decryption - a potential game-changer for cross-jurisdictional data collaboration, among other use cases.

Now Apple has written and open-sourced an HE application in its programming language Swift and introduced it to its mobile operating system iOS, where it powers a Live Caller ID Lookup for caller ID and spam blocking services. This lets Apple send an encrypted query to a server that can provide information about a phone number without the server needing to know/store the number. It's another big step towards the mainstream – and top-tier standards bodies are also getting serious about the tech.

At DARPA, it’s often argued that new encryption techniques take roughly 20 years to achieve adoption. Does this mean HE is about to have its moment in the sun?

Kurt Rohloff, Duality: "This starts in the 70s."

To find out, we spoke to Kurt Rohloff, who is now CTO and co-founder of Duality, but has been involved in the development of HE since 2010.

He spent nine years working at the defence giant Raytheon, where he was Principal Investigator on a multi-million dollar DARPA-funded R&D drive intended to reduce run-time of fully homomorphic encryption (FHE) and somewhat homomorphic encryption (SHE). Rohloff then went on to play a leading part in building one of the main open-source libraries in his space: OpenFHE.

See also: Welcome to the "truly portable" future of data architecture

"Like all good stories, this starts in the 70s," he tells The Stack. "One of the challenges was that when data was encrypted, you couldn’t do anything with it. Think of the word 'crypt'. It’s the grave. Yet there was always a vision of enabling collaboration on data or extracting knowledge from it without actually revealing the data itself.”

“You can see the very obvious implications of the ability to compute on data and collaborate on sensitive data on the cloud without fear of it leaking,” he adds. "I ran a team that was funded to provide the first prototypes of this technology and make it real.”

What are the capabilities of homomorphic encryption?

At its current stage of adoption, HE is a "CISO or Chief Data Officer domain" rather than a consumer-grade technology, Rohloff says. Apple might just help to change this.

His firm has deployed HE to enable secure collaboration and anonymised data-sharing across clinical institutions without the need for data-sharing agreements. Mastercard has also used its tech to exchange data across borders.

A major reason for the growing maturity of this form of encryption is the sheer increase in compute horsepower that has taken place over the past decade and a half, enabling Rohloff's team to achieve “Moore's Law-style performance improvements”.

“So, for example, the team that I've been running has been improving performance by an order of magnitude every six months,” he reveals.

“The underlying compute model of homomorphic encryption looks a lot like operations on very, very long vectors," he adds. "These are supported very well by highly parallel processors like GPUs or FPGAs.

"There's been a bunch of work in organisations including DARPA to design custom ASICs and the growth of modern compute from commercial, off-the-shelf technologies like GPUs, FPGAs and ASICs and things like that. This stuff is just getting a lot faster."

At the same time, the open-source community has reliably generated software that steadily improves upon previous generations.

“It's not all about the hardware,” Rohloff points out. “There have been tremendous improvements in the software. This is the value of open source in particular."

The road has also been smoothed by standards and regulatory acceptance of the technology. NIST has considered it as part of a project focused on privacy-enhancing cryptography. The UK Information Commissioner’s Office also included homomorphic encryption in its guidance around deploying privacy-enhancing tech (PET).

Encryption in the enterprise

For enterprises, the advantage of opening up encrypted data to safe, secure and resource-light collaboration extends beyond security.

"Like Apple, what we do as a company is deploy on legacy environments, which shows the real value-add of homomorphic encryption," the Duality co-founder adds. "It becomes efficient to deploy on what have traditionally been less secure environments, like commercial clouds, with a high degree of security - including post-quantum security and protection against nation-state level attacks. And this will run on the kind of Dell servers you could buy with your credit card and have shipped the next day.”

As a strong supporter of the open source ethos, Rohloff says that Apple is "pulling from the same well" as his firm but insists he "does not want to take any credit."

"When Apple is doing this work, it’s their thing. Several of the staff members over there have been collaborators with our open-source team before they went to Apple. The underlying protocol that Apple uses is one of the core protocols in our open source library, although it’s not the same implementation and Apple has its own library."

We conclude our conversation by asking about some of the lessons learned from working at DARPA - which is also famed for its open source work.

Rohloff offers an insight that “sounds a little tongue in cheek and pithy, but is also very sincere at the same time".

“If you want folks to use advanced tech, make it as boring as possible," he says. "Make it usable. Then, once the kind of technology is showing value, you can start adding features and capabilities. 

"If you want to get over that first hump – the valley of death – to get your tech from research into operational use, make it boring, get it into people’s hands and go from there."

READ MORE: RFC 9420 aka Messaging Layer Security (MLS) – An Overview

Latest