21 comments

[ 3.1 ms ] story [ 47.9 ms ] thread
Everything about this in my head screams "bad idea".

If you need to trust the encryption and trust the hardware itself, it may not be suitable for your environment/ threat model.

> Heracles, which sped up FHE computing tasks as much as 5,000-fold compared to a top-of the-line Intel server CPU.

That is nice speed-up compared to generic hardware but everyone probably wants to know how much slower it is than performing same operations on plain text data? I am sure 50% penalty is acceptable, 95% is probably not.

Perhaps it's a cynical way to look at it, but in the days of the war on general purpose computing, and locked-down devices, I have to consider the news in terms of how it could be used against the users and device owners. I don't know enough to provide useful analysis so I won't try, but instead pose as questions to the much smarter people who might have some interesting thoughts to share.

There are two, non-exclusive paths I'm thinking at the moment:

1. DRM: Might this enable a next level of DRM?

2. Hardware attestation: Might this enable a deeper level of hardware attestation?

You’re right it’s a cynical take. I don’t get cynicism for the sake of it, detached from technical reality.

No, this does nothing for DRM or HW attestation. The interesting thought is: not everything is a conspiracy. Yes, that’s just what a conspirator would say. But it’s also true.

(comment deleted)
Someone explain how you'd create a vector embedding using homomorphically encrypted data, without decrypting it. Seems like a catch 22. You don't get to know the semantic meaning, but need the semantic meaning to position it in high dimensional space. I guess the point I'm making is that sure, you can sell compute for FHE, but you quickly run up against a hard limit on any value added SaaS you can provide the customer. This feels like a solution that's being shoehorned in because cloud providers really really really want to have a customer use their data center, when in truth the best solution would be a secure facility for the customer so that applications can actually understand the data they're working with.
FHE is the future of AI. I predict local models with encrypted weights will become the norm. Both privacy preserving (insofar as anything on our devices can be) and locked down to prevent misuse. It may not be pretty but I think this is where we will end up.
In science fiction maybe. We're hitting real limits on compute while AI is still far from a level where it would harmful, and FHE is orders of magnitude less efficient than direct calculation.
One thing I'm curious about is whether this could change how cloud providers handle sensitive workloads.

If computation can happen directly on encrypted data, does that reduce the need for trusted environments like SGX/TEE, or does it mostly complement them?

If they can get this shrunk down and efficient enough in a future scenario I think Apple could move back to Intel for this with their stance on encryption and things it being a pillar of their image.
This is incredible work.. And makes the technology absolutely viable.

However... In a world where privacy is constantly being eroded intentionally by governments and private companies, I think this will NEVER, ever reach any consumer grade hardware. My cynic could envision the technology export ban worldwide in the vein of RSA [0] .

Why would any company offer the customers real out of the box e2e encryption possibilities built into their devices.

DRM was mentioned by another user. This will not be used to enable privacy for the masses.

https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

This is a huge win for cybersecurity and data privacy.
First and foremost, grateful for the ability to take and give to this HN community for what HN has done for me. With that stated I am reminded near daily when reading posts on HN of my experience, my age, and some of my now lost hair color.

After nearly 3 decades of critical technology systems architecture and management involving ongoing industry audits my experience and age knows why my hair has lost some of its color. Much of that lost color comes from security management of third party systems, yes the old dreaded dependencies. Elimination of those third parties is key for one's cyber sanity and hair color yet with technology still in its infancy some cannot distinguish the forest from the trees.

Nothing remains the same as progress moves forward correcting for past mistakes while learning what works and does not along that journey, technology platforms are no exception. Analogously early automobiles lacked safety features as well such as windshield wipers and seatbelts so has the passage of time proved their addition to be valued? Few people today truly understand how things work as nearly all just want the instant fix "pill" to alleviate their issues however this approach cannot work with security. True security is designed in from the foundation and such secure platforms go unseen yet we have an endless list of victims from those insecure systems which have "bolted on" security after the fact. This security change and more is coming to system designs as the entire world is now fully aware of cyber security, or in this case, the lack of it.

Time, the young fail to consider it up until a single moment in their life, while the old reflect on where theirs went. After the reflection of one's time however change becomes obvious.

FHE is great, if we can get this to work at scale and if this can be baked into the GPU complex, we don’t need the confidential compute pipeline. Of course we will still need to manage the user keys, so the current confidential pipeline will just be replaced with something else, but hopefully managing large amounts of data will become simpler. Not sure where the tech is but it could be a game changer for security. It still doesn’t eliminate the bad corporation issue though. We still rely on code they run on the servers inside the FHE.
> homomorphic encryption chip speeds operations 5,000-fold

5000 * 0 is still 0.

I joke, but i think relative numbers like this are very misleading as FHE is starting from such an absurdly slow place.

Still, this is pretty cool and there are probably niche applications that become possible with this, but i think this is a small enough speed up that it is still very niche.

I find it petty for Intel to describe more software-based solutions to fully homomorphic encryption (FHM) as "software cheats". This is especially since their competition, Duality Technologies, specializes more on the software side and they are certainly much smaller in size.

When you have giant corporations like Intel being able to label their smaller competition's technology as "software cheats", then it becomes an incredibly toxic environment. If anyone were to do it to Intel, they would be sued for libel and slander and other anti-competitive tactics.

However, I shouldn't be surprised. The industry normalizes this type of discourse. At the same time, the same giant corporations will preach about AI safety and claim you can only trust them with it.

That being said, this is a great innovation by Intel. I was impressed at their technology and the thorough discussion about how this type of computing is related to GPU's and CPU's. It's especially interesting given the emergence of computational memory applications.

Is this whole concept essentially a fundamental misunderstanding of the difference between "encryption" and "encoding"? I don't mean to be pedantic and don't want to make assumptions due to my respect for the source, but I don't understand how you can meaningfully manipulate the data that has been _actually_ encrypted? Doesn't the ability to accurately manipulate it imply that you have some understanding of its underlying meaning? The article is light on algorithmic details:

> "...a mathematical transformation, sort of like the Fourier transform. It encrypts data using a quantum-computer-proof algorithm..."

I am assuming there is some deep learning at play here i.e. it is manipulating the data within the latent space. If this is true, then would the embedding process really be considered "encryption"? You could argue it is security through obscurity (in the sense that the latent space basis is arbitrary/learned), but it feels like two different things to me.

(Disclaimer: I am not a cryptographer and this is a heavily simplified explanation). Homomorphic encryption is built on the foundation of 'hard problems' (e.g. the Learning with Errors Problem) - loosely, computational problems that are thought to be impossible to reverse without being in the possession of a secret key.

The crux of HE is that it provides a _homomorphism_: you map from the space of plaintext to the space of cipher texts, but the mapping preserves arithmetic properties such as addition and multiplication. To be clear - this means that the server can add and multiply the cipher texts, but the plaintext result of that operation is still irreversible without the private key. To the server, it looks like random noise.

I don't think it's helpful to think about this as connected to deep learning or embedding spaces. An excellent resource I'd recommend is Jeremy Kun's guide: https://www.jeremykun.com/2024/05/04/fhe-overview/