"Confidential Computing Provides Revolutionary Data Encryption, UC Berkeley Professor Says"
Confidential computing focuses on potentially game-changing technology regarding data security. Data remains encrypted in confidential computing not only at rest and in transit, but also in use, thus enabling analytics and Machine Learning (ML) to be performed on the data while maintaining its confidentiality. The ability to encrypt data in use opens up a vast array of real-world scenarios, with significant implications and potential benefits for data security in the future. VentureBeat (VB) spoke to Raluca Ada Popa about her work in developing practical solutions for confidential computing. Popa is a co-founder and president of Opaque Systems, as well as an associate professor at the University of California, Berkeley. Opaque Systems offers software for the MC2 open-source confidential computing project to help companies interested in using this technology but lacking the technical expertise to work at the hardware level. Popa discussed the history of confidential computing, its mechanics, and its applications. The problems that confidential computing is intended to address have existed for decades, with various people working to solve them. She explained that Rivest et al. recognized the privacy, confidentiality, and functionality benefits of being able to compute on encrypted data as early as 1978, though they did not develop a practical solution at the time. Craig Gentry created the first practical construction, an entirely cryptographic solution known as Fully Homomorphic Encryption (FHE), in 2009. In FHE, the data is still encrypted, and computation is performed on the encrypted data. However, according to Popa, FHE was orders of magnitude too slow to enable analytics and ML, and while the technology has since been refined, its speed remains suboptimal. Popa's research combines a recent advancement in hardware, known as hardware enclaves, with cryptography to create a practical solution. Hardware enclaves create a Trusted Execution Environment (TEE) in which data is isolated from software and the operating system. Popa considers the hybrid approach of combining hardware enclaves and cryptography the "best of both worlds." The data is decrypted inside the TEE, and computation is performed on it. Using hardware enclaves in conjunction with cryptographic computation allows for faster analytics and ML, and Popa stated that, for the first time, there is a truly practical solution for analytics and ML on confidential data. This article continues to discuss the concept of confidential computing as well as Popa's research and work in developing practical solutions for confidential computing.