Keeping AI private: Homomorphic encryption and federated learning can underpin more private, secure AI has been saved
The authors would like to thank Lukas Kruger for his contributions to this chapter.
Cover image by: Jaime Austin
Canada
France
United States
Homomorphic encryption (HE) and federated learning (FL) are two different but related technologies that aim to solve the same problem: How can AI tasks such as machine learning be performed more privately and securely? Deloitte Global predicts that, driven by the increasing urgency of this issue, the combined market for HE and FL will grow at double-digit rates in 2022 to more than US$250 million. By 2025, we expect this market to top US$500 million.1
HE and FL, part of a group of technologies known as privacy-enhancing technologies (PETs),2 are tools to make AI more private and secure. HE allows machine learning to use data while it is encrypted; all other machine learning needs to decrypt the data first, making it vulnerable. FL distributes machine learning to local or edge devices rather than keeping all the data in the same place where one hack could expose it all, which is the case with centralized machine learning. They are not mutually exclusive: HE and FL can be used at the same time.
The major driver for growth in the HE/FL market is the burgeoning demand for more private and secure approaches to AI. Everybody knows that AI is a key technology in many industries, but multiple players are now focusing on privacy and security as never before. Companies that were using AI are looking at HE and FL as a way to reduce future risk. This is particularly true of cloud companies using AI, since data needs to be transmitted to and from the cloud and processed off-premise, both of which introduce potential privacy and security issues. Regulators are regulating AI in new ways,3 and HE and FL may allow companies to better comply with those regulations. Very large markets, especially health care and public safety, are highly sensitive to AI’s implications for privacy and security, and they are beginning to investigate HE and FL to address these concerns.
Both HE and FL are relatively new technologies, and both are more complex than traditional AI solutions. Each, though effective, comes with drawbacks. Computing with HE is slower than computing with unencrypted data; FL requires more powerful processors on edge devices as well as fast, highly reliable connectivity between the core hardware in data centers, where the main AI software resides, and the edge, where the learning happens. (“Edge” in this case could refer to a device such as a smartphone or an appliance sitting a few hundred meters from the robots in a factory, for example).
The barriers are lower now than they were a few years ago, however. For one thing, Wi-Fi 6 and 5G wireless technologies, with their increased speed and reliability, are becoming more widely available, which makes relying on edge devices more practical. Some providers are also making HE and FL easier to use by releasing open-source tools to make the process more accessible to non-experts.4 But the real gains in practicality are coming from improvements in processor cost/performance. While HE used to be a trillion times slower than unencrypted computing, it is now, in some cases, only 20% slower as a result of new specialized processors.5 Similarly, the edge processors needed to power FL are becoming more powerful as well as cheaper and more widely deployed. Full HE is currently processor-intensive, and significant advances in HE-optimized processors could dramatically decrease its time and cost.6
We normally don’t bother with predictions about technologies that are as small in dollar terms as HE and FL. Why are we making an exception? Part of it is that the two technologies are sitting at a crossroads. Regulators globally are beginning to craft AI-specific rules, and although GDPR has been around since 2016, it was not the final word in privacy regulation: New rules on the topic come out monthly, and GDPR enforcement may be ratcheting up to a new level. Because of these regulations, both vendors and users are likely to see that using AI will get more difficult in a growing number of jurisdictions and industries. And HE and FL could help companies meet those regulatory requirements, significantly expanding their opportunities to use AI.
The other major reason we’re talking about HE and FL now is who is using them. According to a recent repository of PETs, there are 19 publicly announced pilots, products, and proofs of concept for homomorphic encryption and federated analytics (another term for federated learning) combined. That doesn’t seem like a lot … but the companies offering them include Apple,7 Google, Microsoft, Nvidia, IBM, and the National Health Service in the United Kingdom, and users and investors include DARPA, Intel, Oracle, Mastercard, and Scotiabank. Also, the industries involved in these early projects are among the largest. Use cases are led by health and social care and finance, with their use in digital and crime and justice also nontrivial (figure 1).8