We can use the relative simplicity of confidential computing and hardware to maintain confidentiality. Or we can try and do better with pure software. Hardware is hard and hard to update, so if we can avoid it, let’s try yea? Software-based cryptography will always have advantages of flexibility and lack of reliance on a hardware vendor. The evolution from special-purpose to programmable cryptography marks a paradigm shift in securing AI systems. This transition expands our cryptographic toolkit, enabling complex computations on encrypted data and revolutionizing collaborative AI development. Special-purpose cryptography refers to protocols designed for specific operations like Public-key encryption with RSA and digital signatures. Programmable cryptography, in contrast, allows for general-purpose computation within cryptographic protocols and includes advanced techniques like FHE, MPC, and ZKPs, Witness Encryption and Obfuscation. We wrote about this in more detail in our collaborative computer papers. A recent example would be DeepMind using federated learning with homomorphic encryption to train an AI model for breast cancer detection across multiple hospitals. These techniques will be combined in various combinations to meet the performance, latency, cost and security guarantees of specific applications.
Federated Learning (FL) is a machine learning approach that enables models to be trained across multiple decentralized devices or servers holding local data samples, without the need to exchange or centralize the raw data. This method allows distributed datasets to be utilized collaboratively while ensuring that sensitive information remains local, thus addressing privacy concerns and regulatory constraints. Federated Learning is especially relevant in industries where data is sensitive or fragmented, such as healthcare, finance, and telecommunications. Instead of collecting and centralizing vast amounts of data, FL aggregates model updates from individual devices or institutions, which are then combined into a global model. This technique has seen significant improvements, driven by innovations such as Google’s Federated Learning of Cohorts (FLoC) and OpenMined’s PySyft framework, which enhance both the efficiency and security of the federated learning process.
The benefits of Federated Learning are substantial, particularly when it comes to data privacy and solving issues related to data silos. In traditional machine learning, large datasets need to be aggregated and centralized, which can expose sensitive information to potential security risks. FL, however, enables collaborative model training without ever sharing raw data, which is crucial for organizations handling highly sensitive or regulated data. For example, in healthcare, FL allows multiple hospitals to jointly train AI diagnostic models on local patient data without having to exchange or disclose individual records. This provides a way for institutions to leverage the power of larger datasets without compromising privacy. Similarly, in finance, banks can train fraud detection models using data distributed across various branches or institutions, improving the models’ accuracy while ensuring compliance with privacy laws. Recent advancements in the PySyft framework have also introduced more secure protocols for federated learning, further improving its efficiency in terms of communication bandwidth and reducing the overall latency of model training.
Despite its promise, Federated Learning still faces significant challenges, particularly in managing communication overhead and ensuring security against advanced privacy attacks like model inversion or poisoning attacks. In federated environments, communicating model updates across distributed devices or servers can introduce significant network and computational overhead, which can be a bottleneck, especially for large-scale or real-time applications. Additionally, since the updates sent by devices might inadvertently leak information about the underlying data, protecting against attacks such as model inversion, where an adversary could reconstruct training data from the model updates, is a critical concern. Researchers are actively exploring a variety of methods to mitigate these risks. Secure aggregation techniques, for instance, allow multiple devices to submit model updates in an encrypted form, ensuring that the server can only see the aggregated results rather than individual contributions. Differential privacy is another key method being integrated into federated learning frameworks, which adds noise to model updates to further protect sensitive data. By combining these techniques, researchers and practitioners are working to find the right balance between performance, cost, and privacy guarantees, ultimately making federated learning more robust and scalable for widespread adoption.
Worth watching:
Fully Homomorphic Encryption (FHE) represents a cryptographic approach that allows computations to be performed on encrypted data without the need for decryption. This preserves data privacy throughout the entire computational process, even in untrusted environments, such as public cloud platforms. FHE is essential for applications in fields like healthcare, finance, and AI, where sensitive information must be processed securely without exposure to external service providers. Recent advancements in FHE libraries, including IBM’s HElibM, Microsoft’s SEAL, and Zama’s ConcreteML, have significantly enhanced the efficiency of FHE, making it more practical for real-world use cases. These improvements have made it possible to integrate FHE into AI-driven solutions, enabling privacy-preserving computations on encrypted datasets. The TFHE (Fast Fully Homomorphic Encryption) scheme has been a key development, offering a substantial speedup in encrypted operations, demonstrating that FHE can become a powerful tool in AI and machine learning.
The benefits of FHE for AI are profound, particularly in securely outsourcing computations to untrusted or public cloud environments without the risk of exposing sensitive data. FHE allows AI models to operate directly on encrypted data, ensuring that sensitive information such as financial or healthcare records remains private while computations are performed. TFHE, for example, has achieved ciphertext refresh rates of 1ms per gate, improving overall efficiency. These advances allow encrypted computations to be processed faster, making them more suitable for time-sensitive tasks. As a result, secure machine learning models and AI inference on encrypted data can be outsourced to cloud providers without compromising data security. Financial institutions can now run sensitive models on encrypted transaction data and receive only encrypted results, reducing the risk of data breaches. In addition, Zama's ConcreteML framework has been shown to reduce the computational cost of running encrypted AI models, providing a path toward more scalable privacy-preserving machine learning.
However, despite these advancements, FHE still faces limitations due to significant computational overhead, which remains a bottleneck for applications requiring high performance or low latency. The computational complexity of FHE can lead to performance degradation, especially when real-time processing is needed. For instance, a simple FHE operation can be orders of magnitude slower than its unencrypted counterpart. To address these challenges, there is a growing focus on hardware acceleration to make FHE more practical for large-scale, time-sensitive applications. Companies such as Optalysys, Cornami, and Belfort are developing dedicated hardware accelerators to enhance FHE performance. These hardware solutions aim to speed up key operations, such as bootstrapping and ciphertext refreshing, which are the most computationally expensive processes in FHE. Cornami’s scalable architecture, for instance, has shown potential in reducing FHE computation times by leveraging parallel processing, while Optalysys focuses on optical computing to accelerate FHE operations. Belfort’s approach involves ASIC-based optimizations specifically tailored to the demands of FHE, further reducing the latency and energy consumption. These hardware innovations, combined with algorithmic improvements, are critical for overcoming the current limitations of FHE, enabling its broader adoption in privacy-critical AI applications across industries.
Worth watching: