November 2022

Columns

Digital Technologies: The benefits of homomorphic encryption: A technological enabler for digital services to operations

Among the cryptographic technologies under development in various industries, homomorphic encryption (HE) possesses the attractive feature of allowing computation within the encrypted domain. Encrypted data cannot only be transferred and stored, but also used in the secure encrypted state.

Rey, F., Sanchez, M., Technip Energies; Boudguiga, A., Université Paris-Saclay, CEA-List

Among the cryptographic technologies under development in various industries, homomorphic encryption (HE) possesses the attractive feature of allowing computation within the encrypted domain. Encrypted data cannot only be transferred and stored, but also used in the secure encrypted state. This state-of-the-art technology has evolved rapidly over the past decade with new breakthroughs every year since the first functional implementation in 2009. The technology has already been proposed for face recognition and in other domains where a high level of privacy is mandatory.

This article presents the main principles of HE, as well as the benefits that can be leveraged from this technology for the energy industry. It also provides information on the specific challenges faced in its implementation in our industry.

With the advent of Industry 4.0, a company’s digital transformation embeds the exploitation of all available plant data to enhance monitoring, planning and optimization of operating parameters, maximizing the production rate at minimal cost. As an example, predictive maintenance solutions analyze performance and operating data from rotating equipment to detect any potential failure as early as possible using tools that combine machine-learning and artificial intelligence (AI) methods.

Often overlooked or underused, plant operating data constitutes an important and full-fledged asset that should be properly valued and secured internally or by third-party expertise.

In cases where data cannot be used internally and must be transmitted to an external service provider, data owners can be reluctant to share such confidential information in plain text with a third party for various reasons. This data can include protected intellectual property on the company’s facilities, financial statements and results, and sensitive information with national security implications.

How can we guarantee a company’s confidential data can be outsourced safely by certifying the content will not be “readable” by a third party in charge of its processing?

There are many competing technologies for data encryption. Among the main technologies, symmetric cryptography, such as advanced encryption standard (AES), and asymmetric cryptography, such as RSA or El Gamal, are widely used when navigating the web and for online payment. These cryptography algorithms are recognized for their fast computation time while providing an important level of security for data at transit and data at rest. However, data must be deciphered to be of any use in computation. As such, these algorithms are not fit for the use of confidential data by a third party.

Therefore, other algorithms are proposed for more advanced applications. As an example, multiparty computation (MPC) is adopted in digital asset protection and cryptocurrency. Though MPC allows the performance of mathematical operations on encrypted data, the result of the computation can be available to all parties. One of the specifics of the MPC scheme is that it also requires an elevated level of cooperation between parties, as the computation algorithm must be shared.

When compared to these technologies (i.e., classical cryptographic algorithms AES or RSA), HE adds computation confidentiality to data confidentiality at transit and at rest ensured by AES or RSA. It also alleviates the communication overheads introduced when using MPC.

Enabling safe and secure computations

HE is a form of encryption that allows computation on encrypted data, generating an encrypted result that, when decrypted, matches the result of the operations as if it had been performed on plain text. This means encrypted data can be securely and safely outsourced for computation by third parties.

In a real case example, “Alice” will encrypt and transmit her sensitive data to “Bob,” who is in charge of data analysis and computation. The homomorphic property of the encryption algorithm allows Bob to perform these calculations directly on the encrypted data and obtain an encrypted result. The latter is an encrypted version of the result that would be recovered if Bob’s computation were done directly on Alice’s plain texts.

As shown in FIG. 1, Alice receives from Bob the encrypted results of the operation. Alice uses the decryption key to recover the results and then exploit them. Only Alice, owner of the private key used for decryption, will be able to read and understand the results of the calculation performed by Bob.

FIG. 1. Principle of homomorphic encryption.

Bob, in charge of the data computation, will never have access to the data in plain text, neither input nor calculation results. On the other side, the details of calculation algorithms remain Bob’s intellectual property and are not disclosed to Alice.

HE can be symmetric or asymmetric. In the first case, the encryption and decryption keys will be the same secret key. Meanwhile, in the second case, the encryption and decryption keys will be different but related. The encryption key is also called the public key and is shared with any party. The decryption key must remain private and serves only for data decryption. The owner of the private key is the only entity capable of decrypting the data encrypted with its corresponding public key.

The HE idea was introduced in 1978 by Rivest, et al.,1 but no true fully HE scheme was developed for years. However, research and improvement have increased in the last decade. In 2009, Gentry2 made a breakthrough by specifying the first fully HE scheme allowing summing and multiplying ciphertexts. Many encryption schemes were then specified and regularly optimized with the recognized 4th generation of the FHE schemes (CKKS scheme in 2016). With these improvements, it has been calculated that the speed of HE execution was increasing by eight times every year between 2011 and 2021.3 This fast-track improvement of the technology has made it applicable to daily life use in recent years.

Examples of already implemented HE include:

  • Critical infrastructure monitoring, such as electrical network load and balance
  • Health data, including sharing private medical records for statistical studies
  • “Pay as you drive” insurance with an attached analytical device that gauges driving style
  • Passport face recognition at the airport.

In its current state, HE supports the basic mathematical operations of summation and multiplication. This opens a wide variety of applications, as these two operations are sufficient to define a large spectrum of algebra.

However, HE requires significant computational resources to perform operations within the encrypted space. The computation time of a single simple equation may take a few seconds to perform—this is the cost for the high privacy proposed by HE.

Due to these limitations, the use of HE must be carefully investigated to ensure selecting the most adequate HE algorithm for a given application. In the energy industry, this technology is of particular interest in the use of production data, which are usually considered as extremely sensitive information as their disclosure may impact companies’ share or product prices. This sensitivity of production data is a real showstopper for the implementation of digital services to operations, as all inputs to these services must remain within the company’s operating information management ecosystem. Therefore, subcontracting specialized computation to vendors or contractors is not considered an option by operating companies.

A three-party scheme

Using HE, it becomes possible to utilize a scheme that includes up to three different parties in a straightforward way. The first party is the industrial site/owner of the production data. This first party is interested in using external expertise resources but does not wish to disclose the production data. The second party is a vendor or contractor that has developed internal expertise and is willing to provide results in a near real-time manner to the first party; however, the second party wishes to retain its intellectual property on the knowledge. Lastly, the third party possesses huge processing capabilities and is willing to host the near real-time service. This overall scheme is outlined in FIG. 2, which illustrates how energy industry benefits can be leveraged from the HE to run near real-time online processes and operations analysis without disclosing production data.

FIG. 2. Three-party confidentiality scheme.

The protocol can be declined in several two-party schemes, considering that two of the three mentioned parties are the same. Each of these two-party schemes would serve different purposes, such as confidentiality during cloud computing or confidentiality of algorithms and data.

The capacity to treat production data in near real time while maintaining the privacy of the production data is quite appealing to the energy industry, and enables the development of digital services based on data reconciliation and analysis. However, even if the technology is answering some of the key questions for this kind of service, it must still prove effective in the context of the energy industry.

Partnership in development project

The authors’ companies partnered in a development project to evaluate the application of HE to a realistic problem in the energy industry. A case study was selected regarding the monitoring and production tracking of a debutanizer column. A process dynamic simulation model of the asset was developed providing the data from the industrial site. In addition, some computation to be applied through the homomorphically encrypted program was defined.

At the early stage of the project, two key issues were soon highlighted. The first issue is that results from the homomorphic calculations must be contextualized in time for a good understanding of the results. The second issue deals with the kind of data that is generated in our industry.

For contextualization, the issue was easily overcome by adding a time stamping on the data. Therefore, even during a steady operation of the plant that would generate two identical sets of process conditions otherwise, the external observer would not witness status quo information.

In the energy industry, engineers and operators are familiar with working with a broad range of real values to characterize plant behavior. The common feature for all already developed applications is that the encrypted input data are minimal in terms of digital space. They are mostly coded over short integer data when they are not binary. With HE, the computation time will be related to the number of bits required to represent the information. An initial assessment resulted in several minutes for a sum product calculation when encrypting bits separately using a binary plain text space. Further development with encryption schemes supporting modular arithmetic with large plain texts brought a sharp decrease in calculation time (from several minutes to a few seconds) without loss of significance.

One of the functions assessed during the research was an economic evaluation of the debutanizer performance. This evaluation was made from “customer” encrypted production data and from clear parameters on product prices that can be set from market prices.4,5

The encrypted inputs are:

  • Feed mass flow: F1
  • Fuel gas mass flow: F2
  • Liquefied petroleum gas (LPG) mass flow: F3
  • Stabilized naphtha mass flow: F4
  • Hot oil mass flow: F5
  • Hot oil inlet temperature: T1
  • Hot oil outlet temperature: T2.

The clear market prices inputs are:

  • Unstabilized naphtha $/t (ton): K1
  • Fuel gas $/t: K2
  • LPG $/t: K3
  • Stabilized naphtha $/t: K4
  • Hot oil properties: K5.

The output O1 (in $) is expressed as (Eq. 1):

O1 = [F2 × K2 + F3 × K3 + F4 × K4F1 × K1F5 × K5 × K2 × (T1T2 )] × (Sample Interval / 3,600)                        (1)

The O1 computation time with the BFV encryption scheme from the Microsoft SEAL library was 0.033 sec when encrypting large plain texts (~32 bits long). Note: Two pre-analyses allowed the authors’ companies to fix the size of their plain texts and choose the suited HE algorithm for O1 computation (i.e., to choose the BFV encryption scheme from the Microsoft SEAL library). First, O1 was computed over clear real numbers to get the expected output values and their ranges. Then, it was computed over clear integers obtained by rescaling the clear real inputs. Computing O1 with rescaled integers introduced a loss of precision. The rescaled integers size was fixed to ensure obtaining a result with two significant digits. The companies ended up working with clear integers longer than 32 bits. Then, as O1 computation consists only in addition and multiplication of integers, the partnership chose to use an HE scheme supporting modular arithmetic with large inputs, such as BFV in the Microsoft SEAL library or BGV in IBM Helib. That is, the companies did not choose to use libraries working with binary plain texts by encrypting separately the bits of inputs (such as the TFHE library), as O1 computation in that case would take around 1 min.

However, with the Microsoft SEAL implementation of the BFV scheme used to reach this performance, it was not possible to perform comparison on real numbers that also were part of the evaluation. Therefore, the final demonstrator integrated two different implementations relying on two different HE schemes, one with a TFHE scheme and a binary plain text space and the other with the BFV scheme and covering large numbers to minimize computation time. The functions evaluated with TFHE enclosed an encrypted comparison. The functions computed with BFV required only additions and multiplications. The outcome of the work performed on the demonstration test case was that the 20 tested functions were evaluated every 10 sec without lag with a standard 4-core server.

Takeaways

The research work performed on the applicability of HE schemes in the energy industry proved successful thanks to the cooperation between the authors’ companies and their collective knowledge of industry and research. At the start of the project, the forecast of computation time was unsatisfactory and seemed to be a showstopper in the current state of the research. Creative solutions were found to overcome this initial assessment and ended in a workable demonstrator hosted in a standard virtual machine.

Online digital services in the energy industry can be made easier from a contractual standpoint with the use of HE. It secures actors in their respective confidential production data and intellectual properties for this kind of project.

HE extends a plant optimization program performed on selected historical data to a near real-time application. Algorithm crafted from the historical data in traditional ways can be converted into an online homomorphically encrypted application that continues providing operations information and advice. HP

LITERATURE CITED

  1. Rivest, R. L., L. Adleman and M. L. Dertouzos, “On data banks and privacy homomorphisms,” Foundations of secure computation, Massachusetts Institute of Technology, Cambridge, Massachusetts, 1978.
  2. Gentry, C., et al., “Fully homomorphic encryption using ideal lattices,” Stanford University and IBM Watson, STOC ‘09: 41st Annual ACM symposium on the theory of computing, May 2009.
  3. Gentry, C., “A decade (or so) of fully homomorphic encryption,” Eurocrypt 2021, online: https://eurocrypt.iacr.org/2021/slides/gentry.pdf
  4. Cheon, J. H., A. Kim, M. Kim and Y. Song, “Homomorphic encryption for arithmetic of approximate numbers,” Cryptology ePrint Archive, 2016, Report 2016/421, online: https://eprint.iacr.org/2016/421
  5. Boura, C., N. Gama, M. Georgieva and D. Jetchev, “Chimera: Combining ring-LWE-based fully homomorphic encryption schemes,” Cryptology ePrint Archive, 2018, Report 2018/758, online: https://eprint.iacr.org/2018/758

The Authors

Related Articles

From the Archive

Comments

Comments

{{ error }}
{{ comment.comment.Name }} • {{ comment.timeAgo }}
{{ comment.comment.Text }}