For online applications involving confidential information, homomorphic encryption (HE) opens up new possibilities by allowing computer calculations on encrypted information without decrypting it. HE can enable applications to operate in a more secure and private way, while delivering more insightful results. The open source HE-Transformer for the Intel nGraph Deep Learning Compiler is just one example of Intel hardware-based software tools and libraries that combine AI and security innovations to help developers deliver better solutions.
The ability for applications to operate on encrypted data without decrypting it opens up new business opportunities for solutions across many industries and sectors, and this blog focuses on that. However, HE also holds promise for numerous societal benefits ranging from medical research to fraud reduction and countless others. In all these cases, “the answer” is in the data—datasets holding a discovery, a perpetrator, a clue, a breakthrough—if algorithms could only gain access to work on the data. Most datasets are proprietary or carry significant access restrictions for privacy. HE has the ability to change all that, uncovering new businesses, new cures, new criminal prosecutions—a new world of answers.
Solution developers can use HE-Transformer for nGraph, an open source project sponsored by Intel, as an HE backend to the Intel nGraph Deep Learning Compiler for AI neural networks. The tool frees AI models to run on encrypted data—sensitive information can be used as a dataset to feed AI models, allowing valuable insights to be gleaned without compromising the underlying personal information.
Intel announced HE-Transformer shortly after Microsoft Research said it was open-sourcing its Simple Encrypted Arithmetic Library (SEAL) encryption library on GitHub under an MIT license. HE-Transformer uses SEAL to implement underlying cryptography functions. It provides a set of encryption libraries that allow computations to be performed directly on encrypted data, so software engineers can build end-to-end encrypted data storage and computation services where the customer never needs to share their key with the service.
Hardware advancement, software improvement, and ecosystem engagement reinforce each other as the industry delivers new types of solutions in business analytics, medical diagnostics, industry automation, and other critical areas. With AI emerging as a driving force, security and privacy become even higher priorities as the industry seeks to build more trust among businesses and consumers in these game-changing, new solution areas.
In the context of AI, security includes two main elements: Security for AI to help protect algorithms, parameters and data; and AI for Security to use AI to help detect advanced attacks, even before an attack surface or technique is generally known.
IP protections are paramount. Securing algorithms, parameters, and data is a requirement for the creators of AI solutions to create them, and the users of AI solutions to use them. If the IP of the innovators can be stolen or corrupted, then what is the point of innovating? If the users of AI don’t feel like their privacy or user data is safe, then why would they engage?
Intel works with customers and partners to better understand the threats posed today for AI solutions and systems. Surprisingly, the most concerning attack target is the IP embodied in the machine learning model. If you think about it, you can bring the data to the algorithm, or you can bring the algorithm to the data. When trying to bring the data to the algorithm, the data sets could be so enormous as to make it impractical. When bringing the algorithm to the data, the operation may be more practical, but it is also riskier if the IP in the algorithm can be stolen or tampered with in the distributed environment.
The HE technique mentioned earlier is a promising approach that allows computers to perform calculations on encrypted information without decrypting it first. As importantly, HE also will help protect the IP represented by AI algorithms, so developers can transport the algorithms to large data sets and let them operate while helping to protect the IP in the process.
In addition to HE, Intel is engaged with industry experts to accelerate innovation around advanced AI and machine learning detection capabilities, to deliver high compute efficiency and improved protections through the application of silicon-based trusted execution environments (TEEs). TEEs like Intel® Software Guard Extensions (Intel® SGX) enable more secure uses of private data, and they go one step further to provide capabilities that can only allow authorized code to access this very valuable data. If the code is altered or tampered, the operations are denied, and the environment is disabled.
In another area of intersection, AI technology can help security solutions detect advanced persistent threats (APTs), although this is still in the early stages.As an industry, we must manage expectations carefully so that the application of AI for security matches the articulated goals. In this area, the good news is also the bad news: an indication that AI can be used for detection is the fact that hackers are using AI to attack. A future with attackers leveraging AI almost dictates that AI must be used to defend.
Intel is committed to delivering security innovation for AI by improving the integrity of the compute infrastructure, the data, and the algorithms, wherever these elements come together to create and deliver value.Intel will continue to innovate across security for AI and AI for security, and as always, we will collaborate with industry partners so that the very best innovations are brought to market, delivering on the promise of technology to change the world for the better.
Intel, Microsoft Push Homomorphic Encryption with Open-Source Moves—the Intel open-sourced HE-Transformer tool frees AI models to run on encrypted data and pioneers new territory for learning and analysis.
Microsoft SEAL—powered by open-source homomorphic encryption technology—provides a set of encryption libraries that allow computations to be performed directly on encrypted data.
Intel® Software Guard Extensions Introductory Overview—Intel® SGX enables applications to execute code and protect secrets inside their own Trusted Execution Environment, giving developers direct control over their application security.
James C. Gordon is the Intel Platform Security Division’s General Manager of Ecosystem Strategy & Business Development. He leads strategy, product and business development to build integrated hardware and software cyber-security and privacy solutions for PC and data center computing, including secure online payments, enterprise multi-factor identity management, hardware-assisted data protection, and advanced cyber-threat detection. He is also an appointed member of the Intel Inclusive Leaders program for diversity, and he serves as the Platform Security Division's diversity champion. Follow Jim on Twitter at @JimCGordon and his organization’s latest developments at @IntelSecurity.
Intel provides these materials as-is, with no express or implied warranties.
All products, dates, and figures specified are preliminary, based on current expectations, and are subject to change without notice.
Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.
Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No component or product can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.
Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.
Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries. Other names and brands may be claimed as the property of others.
Copyright © Intel Corporation
Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.
Notice revision #20110804