PDA

View Full Version : Fully Homomorphic Encryption (FHE)



eashley
21-Dec-2020, 06:32 PM
Hi folks,

I'm doing a bit of idle research into FHE (https://homomorphicencryption.org/introduction/). The point of FHE is to allow you to have another party perform operations on your encrypted data and they never have the unencrypted values, even of the calculations they are performing.

IBM has a library that runs on Windows or Linux that can do addition on encrypted data and save it back so that only the owner can decrypt the result. This library could be utilized for batch processing of monthly/quarterly/yearly reporting that you need more horsepower to process than you normally have available, in order to complete the processing on schedule without impacting normal operations.

Microsoft lets you run statistical operations (think business intelligence) on an Azure server. This would be for a DataFlex AI process. The data is never going to be exact. Again outsourcing some statistical processing that requires more high-performance computing (HPC) than you have online for your daily processing.

By offloading these HPC processes, you'll save on your cloud billing, because purchasing the time to run a periodic process will almost always be significantly less that provisioning your main server(s) to be able to execute these processes in a timely fashion while still running your standard daily operations. It uses the standard statistical trick of deleting the absolute minimum and maximum values, then giving you statistical min, max or mean of the values. Good for a dashboard of how a widget is selling, but not a true report of the exact amount.

The process would go something like this:


You may or may not have your online database encrypted. Your encryption key never leaves your office except for an offsite backup.

If already encrypted, simply make a copy of the data required for the processing
If not already encrypted, generate the encrypted data set for the processing.


Transfer the encrypted data to the HPC service.
Run the process(es) on the service
Transfer the results back and use your secret key to incorporate the result set into your onliine data, as appropriate.


I've not looked at DataFlex AI, but I'm guessing it is generally like all the other business intelligence systems out there. Churn through the data and display connections that you might not notice from your regular reporting. What's moving well, what is costing too much to produce, etc.

The questions that I start with are these:

Which method has more value to you at this time: offsite batch processing of sales/accounting type data or offsite processing of AI data?
Do you see any potential future value in the other option?


Just some navel gazing questions for you to contemplate.

Best regards,
Eric

Bob Cergol
22-Dec-2020, 11:30 AM
Hello Eric,
I'm responding primarily to your use of the term Dataflex AI. You won't find any such term anywhere in DataFlex's documentation. I think you might have in mind Dynamic AI (https://support.dataaccess.com/Forums/forumdisplay.php?52-Dynamic-AI) which is an entirely web-based business intelligence and reporting platform that requires an SQL data source, i.e. any data source accessible via SQL. While this could be as simple as an Excel sheet, even a CSV file, since ODBC drivers are available for such, obviously the expectation is use with a real SQL database such as MS-SQL Server, Oracle, DB2, MySQL, etc. As such I have to admit I don't grasp the requirement. The user who is consuming the output from a dynamic report only sees the output, not the processing logic that was executed on the SQL server to generate the results -- unless the developer wants to make that visible to the user. The user has no direct access to the underlying data sources unless the developer chooses to make those available. The output travels from the server to the user over the cloud using SSL -- and/or inside a VPN -- so who cares if the database on the server is encrypted? I must be missing the real-world use-case here -- unless it is that the needed processing is expected to occur on the client. That's not how Dynamic AI works.
Regards,
Bob

eashley
23-Dec-2020, 03:05 PM
Hi Bob,

I know what your are referring to. We're talking about differnt realms. I'm not referring to a single application, but a business's complete environment. Any regulated industry will have specific requirements for how data is stored, handled and shared within the company, and with 3rd party partners. Financial is probably the most regulated, but healthcare industries are also heavily regulated. Given GDPR in the EU, some of that regulation comes down on anyone who collects data.

My question is specifically to those who have Enterprise scale environments, hence a regular stream of auditors coming through asking about the policies on when Customer A's credit card details are available to be seen.

I know several of the credit card companies are building AI systems that detect credit card fraud. With FHE, the AI engine will never see the raw credit card transaction data, but will still reliably detect fraud based only on the encryted data.

Best regards,
Eric

Bob Cergol
23-Dec-2020, 03:56 PM
AH! Now I understand. Thanks for that instructive reply.
Dynamic AI can only work with the actual unencrypted data stream from the SQL engine.
Bob