Home 零对冲(ZeroHedge)每日HackerNews

Swift 同态加密
Swift Homomorphic Encryption

原始链接: https://www.swift.org/blog/announcing-swift-homomorphic-encryption/

2024 年 7 月 30 日,宣布了一个名为“swift-homomorphic-encryption”的新开源 Swift 包。 该包为用户提供了一种计算加密数据的方法,而无需在操作期间将未加密的数据暴露给服务器。 该技术被称为同态加密 (HE),它为云服务提供了好处,因为它可以保护用户的数据隐私。 Apple 在他们的项目中使用 HE,因此他们决定将这个 Swift 实现提供给更广泛的开发者社区。 iOS 18 中新的“实时来电显示查找”功能提供了 swift 同态加密的使用示例,该功能通过同态加密提供来电显示和垃圾邮件拦截服务。 通过向服务器发送加密查询,实时来电显示查找功能可以检索呼叫信息,而无需透露所请求的特定电话号码。 为了说明此功能,Apple 发布了“live-caller-id-lookup-example”,提供了一个实际示例后端,用于使用同态加密测试实时来电显示查找功能。 此外,此 Swift 实现还使用 Swift on Server、Hummingbird HTTP 框架、跨平台支持和 Benchmark 库等功能来轻松进行性能评估。 此实现所使用的面向隐私的机制采用私有信息检索 (PIR),这是一种私有键值数据库查找,允许客户端从服务器获取信息而无需泄露其搜索词。 与传统的实现不同,由于数据库元数据的频繁更改,我们的 PIR 方法需要与客户端进行最少的数据库同步。 简而言之,同态加密的功能是允许对加密数据进行计算,而无需解密或了解解密密钥。 用户可以加密他们的敏感数据,将其发送到服务器进行计算,接收返回的加密响应,然后自行解密结果。 此特定实现使用具有抗量子性的 Brakerski-Fan-Vercauteren (BFV) 同态加密方案。 为了获得最佳保护,实时来电显示查找功能需要后量子 128 位安全 BFV 参数。 开发人员预计同态加密将在 Apple 生态系统内外的各种独立的隐私意识任务中得到广泛应用,包括私有集交互等活动。

同态加密允许对加密数据进行数学运算,而不会泄露原始数据。 例如,在使用 7 位字符和模 128 的加法的简单示例中,数字加密在传输前加 1,在解密时减 1。 这种类型的加密可以通过加法或减法进行数据操作,同时保持隐私。 然而,这种特定方法缺乏实用性,因为它没有隐藏输入数字或结果。 为了说明其潜在好处,请考虑一个示例,其中一个人想要计算两个未知数的总和,但不知道各个值或最终结果。 人们可以将每个数字乘以第三个未知数字(“钥匙”)。 然后,接收者将结果相加,并返回预乘的总和。 然后,用户除以初始“密钥”即可得出所需的总和。 通过利用加法和乘法之间的分布和对称性等属性(称为分配属性),数学可以在某些“域”内运算,从而能够创建有用的同态加密方法。 其中包括“有限域”,它由一组遵循特定原则的数字组成,允许进一步的数学运算。 由于保留了许多关键身份,密码学经常使用有限域。 在另一种情况下,私人信息检索 (PIR) 也采用类似的概念。 通过对查询进行编码,客户端可以将请求发送到包含大型数据库的服务器,而无需公开其各自的搜索。 收到这些编码的查询后,服务器执行必要的计算,返回加密的响应,同时在整个交换过程中保持机密性。
相关文章
原文

We’re excited to announce a new open source Swift package for homomorphic encryption in Swift: swift-homomorphic-encryption.

Homomorphic encryption (HE) is a cryptographic technique that enables computation on encrypted data without revealing the underlying unencrypted data to the operating process. It provides a means for clients to send encrypted data to a server, which operates on that encrypted data and returns a result that the client can decrypt. During the execution of the request, the server itself never decrypts the original data or even has access to the decryption key. Such an approach presents new opportunities for cloud services to operate while protecting the privacy and security of a user’s data, which is obviously highly attractive for many scenarios.

At Apple, we’re using homomorphic encryption in our own work; we’re therefore delighted to share this Swift implementation in the community for others to use and contribute to.

One example of how we’re using this implementation in iOS 18, is the new Live Caller ID Lookup feature, which provides caller ID and spam blocking services. Live Caller ID Lookup uses homomorphic encryption to send an encrypted query to a server that can provide information about a phone number without the server knowing the specific phone number in the request. To demonstrate this, we are also sharing live-caller-id-lookup-example, which provides a functional example backend to test the Live Caller ID Lookup feature using homomorphic encryption.

These two packages take full advantage of features such as:

  • Swift on Server, including the Hummingbird HTTP framework and cross-platform support
  • easy benchmarking with the Benchmark library
  • performant low-level cryptography primitives in Swift Crypto.

Live Caller ID Lookup relies on Private Information Retrieval (PIR), a form of private key-value database lookup. In the PIR setting, a client has a private keyword (such as a phone number) and wants to retrieve the associated value from a server. Because the keyword is private, the client wants to perform this lookup without the server learning the keyword.

A trivial implementation of PIR is to have the server send the entire database to the client for local processing. While this does prevent the server from knowing what queries are being made, it is only feasible for small databases with infrequent updates.

In contrast, our PIR implementation, which relies on homomorphic encryption, only needs to sync a small amount of database metadata with the client. This metadata changes infrequently, which allows efficient handling of very large databases with a high volume of updates.

As mentioned above, homomorphic encryption enables computation on encrypted data without decryption or access to the decryption key.

A typical workflow for homomorphic encryption might be as follows:

  • The client encrypts its sensitive data and sends the result to the server.
  • The server performs computation on the ciphertext (perhaps incorporating its own plaintext inputs), without learning what any ciphertext decrypts to.
  • The server sends the resulting ciphertext response to the client.
  • The client decrypts the resulting response.

The Swift implementation of homomorphic encryption implements the Brakerski-Fan-Vercauteren (BFV) HE scheme (https://eprint.iacr.org/2012/078, https://eprint.iacr.org/2012/144). BFV is based on the ring learning with errors (RLWE) hardness problem, which is quantum resistant.

The Live Caller ID Lookup feature requires BFV parameters with post-quantum 128-bit security, to provide strong security against both classical and potential future quantum attacks, previously explained in https://security.apple.com/blog/imessage-pq3/.

We believe developers will find homomorphic encryption useful for a wide variety of standalone privacy-preserving applications both inside and outside the Apple ecosystem, including private set intersection, secure aggregation, and machine learning.

Below is a basic example for how to use Swift Homomorphic Encryption.

import HomomorphicEncryption

// We start by choosing some encryption parameters for the Bfv<UInt64> scheme.
// *These encryption parameters are insecure, suitable for testing only.*
let encryptParams =
    try EncryptionParameters<Bfv<UInt64>>(from: .insecure_n_8_logq_5x18_logt_5)
// Perform pre-computation for HE computation with these parameters.
let context = try Context(encryptionParameters: encryptParams)

// We encode N values using coefficient encoding.
let values: [UInt64] = [8, 5, 12, 12, 15, 0, 8, 5]
let plaintext: Bfv<UInt64>.CoeffPlaintext = try context.encode(
    values: values,
    format: .coefficient)

// We generate a secret key and use it to encrypt the plaintext.
let secretKey = try context.generateSecretKey()
let ciphertext = try plaintext.encrypt(using: secretKey)

// Decrypting the plaintext yields the original values.
let decrypted = try ciphertext.decrypt(using: secretKey)
let decoded: [UInt64] = try decrypted.decode(format: .coefficient)
precondition(decoded == values)

We look forward to working with others to enhance this package: you can read more about contributing at the repositories on GitHub. We also encourage you to file issues to swift-homomorphic-encryption and live-caller-id-lookup-examples if you encounter any problems or have suggestions for improvements.

We’re excited to see how homomorphic encryption can empower developers and researchers in the Swift community to enable new use cases!

Written by

Fabian Boemer is on the team at Apple working on Swift Homomorphic Encryption and other privacy-preserving technologies.

Karl Tarbe is on the team at Apple working on Swift Homomorphic Encryption and other privacy-preserving technologies.

Rehan Rishi is the engineering manager for the team at Apple working on Swift Homomorphic Encryption and other privacy-preserving technologies.

联系我们 contact @ memedata.com