Career update: homomorphic encryption
I recently had my final week working in the data center planning side of Google. July would have marked five years of my focus on integer linear programming, modeling data center planning problems as such, and building supporting infrastructure to help explain and understand optimization models.
I've decided to transition to a more ambitious and challenging role in cryptography, still at Google. Specifically, I'll be joining Shruthi Gorantala and Cathie Yun (and a variety of community contributors) on a mission to bring Fully Homomorphic Encryption (FHE) to production systems. Last year Shruthi and her collaborators open-sourced a transpiler (associated paper) that accepts as input a subset of C++ programs and produces as output an equivalent program that operates on ciphertexts in the Torus-FHE scheme. The team has big ambitions, which I can't disclose yet, but my role will be closer to my mathematical expertise and passion than my current role.
Working on FHE will be something of a dream come true, and a once in a lifetime opportunity. FHE was discovered to be possible around the same time I discovered mathematics as a passion (2009). When I learned about it in the intervening years, it was still not considered efficient enough to be practical. Today, through the sweat and tears of incremental progress on multiple research avenues, it seems we (humanity) are on the cusp of being able to make FHE practical enough for useful applications, with the right combination of software ingenuity, hardware accelerators, and fine tuning. Combine that with Google's iteratively improving culture around privacy, and it's clear that now is the best time to get involved at the forefronts of privacy innovation. These formerly theoretical breakthroughs will soon be ready for production.
With so much of the cryptography ecosystem usurped by fraud, Ponzi schemes, and extremist politics, it's refreshing to immerse myself in a side of that field that feels unambiguously wholesome. In past newsletters I've hinted at the question that Jenny Odell posed in her book, How to do Nothing, namely, "What's it all for?" When I think about software reliability and "five 9's," the only realistic answer I can think of is, "Keep people shopping on Black Friday." Or when I think about social media, it nags me to think it's keeping your eyes glued to YouTube/Netflix, Twitter outrage, TikTok, or conspiracy theory Facebook groups, ultimately all for shallow engagement metrics and more ad clicks.
But the end game for FHE is simple: all computation is private by default. It's the "holy grail" of privacy technology. Of course, scaling efficiency poses the main obstacle. FHE seems to require large ciphertexts and keys, and even the fastest FHE schemes rely on large matrix multiplications.
According to a heuristic argument, to run a computer program without any knowledge of the data, you necessarily remove the ability to know which branch of an if statement the program takes, or how many iterations of a loop are executed. Otherwise, a program that terminates early when the input matches a fixed value would contradict the security of the scheme. So an FHE scheme must effectively simulate all possible program branches in its effort to hide the data.
It remains to be seen whether this obstacle can be mitigated enough to admit decent latency in general-purpose applications, as well as what the extra computational cost of perfect privacy shakes out to be. If the costs aren't prohibitively high, then the promise of perfect privacy can tip the balance in favor of FHE by default for all applications where privacy is a concern.
As wholesome as my new mission feels, switching teams is a bittersweet transition. It's largely because the last six months on my supply chain team have been the best. Due to some combination of old guard attrition, my nurturing a small, but productive team, and our consistent delivery of results, I had been suddenly given more engineering resources. People were listening to my ideas, and I made the time to demonstrate the impact and elegance of those ideas. It really hit home when my manager's last performance review feedback highlighted my efforts to foster both productivity and a positive culture in the team, resulting in a group of happy, well-rounded engineers that punched above their weight. In many ways that meant something to me in a way that getting to say I helped save Google $xxxM per year did not.
But in the end, I just couldn't watch this opportunity sail by without jumping aboard and rowing with gusto. So here's to cultivating a merry band of cryptographers and helping make privacy-centric computation a reality!