search

microsoft / SEAL

Microsoft SEAL is an easy-to-use and powerful homomorphic encryption library.
https://www.microsoft.com/en-us/research/group/cryptography-research/
MIT License
3.52k stars 703 forks source link

Confusing (misleading?) statement about FHE in README #607

Open tmmlaarhoven opened 1 year ago

tmmlaarhoven commented 1 year ago

The README of the SEAL library mentions:

Homomorphic encryption is not a generic technology: only some computations on encrypted data are possible.

Perhaps within a certain scope/context this statement makes sense, but one of the leading FHE libraries making such a blanket negative statement about FHE is dangerous, as people who are not familiar with all the technical details may use such a statement to dismiss FHE as a privacy solution, and opt for another (inferior) privacy-enhancing technology instead. (I have already seen this specific phrase being quoted externally as a reason to dismiss FHE.)

Could one of the SEAL authors explain why this statement is there? And either rephrase it to clarify the context of this statement, or remove it altogether?

kimlaine commented 1 year ago

How is this sentence negative though? Is it not accurate? This was added to counter unrealistic expectations and hype surrounding FHE. Overpromising and underdelivering is bad strategy and my gut feeling is that FHE being dismissed in some situations because of such a simple quote might just have protected the community from unmet expectations and customer disappointment.

Of course, if the sentence is no longer accurate, then there is a problem that should be fixed. IIRC we already amended it once in collaboration with some others in the industry, but maybe it does need to be refreshed. How would you approach this?

tmmlaarhoven commented 1 year ago

Hi Kim, thanks for the quick reply!

Regarding the quote, I think that "only some computations on encrypted data are possible" is rather negative/restrictive of the potential of FHE, and in my understanding it is not accurate. Sure, FHE does not magically allow you to break RSA or solve the Collatz conjecture, but is there anything we can do with computers that cannot theoretically be done under encryption?

Perhaps more importantly: is there anything that cannot be done under FHE but can be done with other privacy-enhancing technologies, like secret sharing-based multiparty computation?

And conceptually, if it weren't for (current) computational drawbacks, wouldn't it be fair to say that, at least in some contexts, FHE is a generic technology, which can theoretically be used to e.g. turn any outsourced cloud computation to a secure one, given enough time and memory?

Adding a caveat like "(...) only some computations on encrypted data are possible to do efficiently with current FHE implementations" would achieve the same purpose of warning people about expecting too much about the technology at the moment, but also makes it clear that these are not fundamental drawbacks of FHE, and may be addressed in the future.

If I am misunderstanding the meaning of the quote, or if there is an important limitation of FHE I am not considering, feel free to correct me.