IARPA director: New homomorphic crypto is ‘math magic’
The latest kind of advanced encryption could soon allow classified computing to be done on unclassified computer systems, a senior intelligence official said Thursday.
“That’s really one of the next places [we’re] likely to look — Can we use homomorphic encryption to do secure multiparty computation?” Jason Matheny, director of the Intelligence Advanced Research Projects Activity, told the Billington Cybersecurity Summit.
Matheny said that his agency had first started researching homomorphic encryption in 2011 to fix a gap in the way data was kept secure. The method allows mathematical operations using encrypted data without the need for decryption.
“We were good at protecting [data] at rest, we were good at protecting it in transit, but not while it was being processed,” Matheny said.
The problem: In order to perform any computational function, even as simple as a search, the data had to be decrypted, then processed.
And at that point an adversary who was lurking on the network could pounce and steal the data while it was unencrypted.
But that decryption “isn’t required by mathematics,” Matheny continued, touting IARPA’s Security and Privacy Assurance Research, or SPAR, program. “It turns out that there’s a very clever way of being able to compute on encrypted data without decrypting it first,” he explained.
The goal, he said, was technology to allow an agency like CIA to run a search of a TSA database. “The CIA doesn’t doesn’t to let anyone know whose name they’re running and the TSA doesn’t want to give up its database.”
With homomorphic encryption, both sides can get what they want. The query is encrypted so TSA can’t read it, and the CIA only gets a matching record, if there is one.
That ability for intelligence agencies to privily query large databases held by third parties led cryptographer Matthew Green to predict that the program “will almost certainly be used (someday) to search [telephone] metadata ‘held by providers'” — mocking one of the safeguards built into the USA Freedom Act against bulk government collection of telephone call records.
At first, the “computational penalty” involved with homomorphic encryption was “enormous,” Matheny said, “It would take trillions of times longer” to run the computing operations on the encrypted data.
But SPAR kept working, he said. “Thanks to a lot of clever crypto math in the past several years, that overhead has been brought down” and the capability he described was available to U.S. agencies.
“It works, it’s magic, it’s math magic,” he said to applause.
But now IARPA, which is housed with the Office of the Director of National Intelligence, was thinking about other applications for that “magic” — like allowing intelligence agencies to do very secret computing work on IT networks they don’t control, such as “very, very large cloud computing systems,” or the kind of “exquisitely performative” machines that next-generation computing will bring, he said.
“In principle you could start using homomorphic encryption cleverly to allow you to run classified computing on unclassified systems,” he said, adding that this would have a “phenomenal” impact.
“Think of the computing resources it would make available to those of you doing sensitive secure computing work,” he told the audience at the summit.
“Think about the [intellectual property] protection it offers” for the private sector — for instance doing cutting edge sensitive design or modeling work in a public cloud environment without fear of leaks.
Matheny joked that he had his family believing he worked at a place like the fictional “Q Branch” in the James Bond movie franchise — a basement laboratory where white-coated scientists designed firearms disguised as pens, exploding wristwatches and cars that transform into planes or submarines. But then, when IARPA held a family day, they saw where he really worked: “No robots or supercomputers. Just a bunch of office rooms filled with filing cabinets full of research contracts.
“They’ve never been back,” he laughed.