In an age where data is bought and sold as a commodity, true privacy is rare. But homomorphic encryption can protect your data completely, so no one, not even the servers used to process it, can read your information.
Here’s how it works: A device encrypts data, sends it out for processing, computations are done on the encrypted data, and then the data is decrypted upon return. A mathematically complex process ensures that your processed data can be decrypted at the end without anyone being able to decode it in the middle.
However, the computational power required for the underlying mathematics that enable homomorphic encryption are too much for the Internet of Things as it currently is.
A team of engineers at Peking University, in Beijing, China aim to change that. Their new device, created using arrays of ferroelectric field effect transistors (FeFET), is optimized to carry out the encryption and decryption processes with high accuracy and low computational load. The engineers unveiled the array today at the 2024 IEEE International Electron Devices Meeting.
“By implementing novel semiconductor devices, we can have our commercial electronics like cell phones utilize the computing power of the cloud [while] also keeping the safety of our data,” says Kechao Tang, assistant professor of integrated circuits at Peking University and one of the researchers who developed the new system.
Math Inside a Transistor
To carry out the homomorphic encryption process, a computer must be able to generate a random key, which will be used to encrypt and then later to “unlock” the data. It then uses that key to carry out polynomial multiplication and addition that puts the data in an encrypted form for processing.
To create a key for encryption, the transistor array uses fluctuations in current through the FeFETs. FeFETs can be engineered to have a much higher degree of fluctuation than a regular MOSFET transistor, so the random number generated by the device is less predictable than what you’d get from an ordinary silicon chip, making the encryption harder to crack.
For the encryption process, the key helps convert the user’s data into a vector consisting of the coefficients of polynomials. That vector is then multiplied by a matrix of numbers and then by another vector. So encryption usually takes two steps, but in the FeFET array, it can be done in just one.
That’s possible because of the nature of FeFETs. In the part of the transistor that controls the flow of current through the device, the gate, they have a layer of ferroelectric—a material that holds an electric polarization without needing to be in an electric field. The ferroelectric layer can store data as the magnitude of this polarization. Like other transistors, FeFETs have three terminals: the drain, the source, and the gate. Counting the stored state in the ferroelectric material, this means three signals can be combined in an FeFET: the drain input, gate input, and the stored state. (The source provides the output current.) So one FeFET can be made to compute a three-input multiplication.
When many FeFETs are combined into an array, the array can now take in the three sets of data needed for encryption: a vector of the data to be encrypted and the encryption matrix and vector. The matrix is stored in the FeFET array’s ferroelectric layer, the vector of original data is inputted to the gate of each FeFET, and the second vector is input to the drains of the FeFET array. In one step, the FeFET array combines the signals of the vector, matrix, and vector together, then outputs the final encrypted data as current.
“We can do more efficient computing with less area overhead and also with less power consumption,” says Tang.
Researchers are also trying to use RRAM to accomplish the matrix multiplication required for homomorphic encryption, because it also has the ability to store a state in memory. However, ferroelectric devices should produce less noise in the decryption process than RRAM would, according to Tang. Because the ferroelectric devices have a greater difference between their on and off states than RRAM, “you are less likely to have mistakes when you do the encoding and decoding,” says Tang, “because you can easily tell whether it is one or zero.” Previous RRAM solutions had accuracies between 97.1 and 98.8 percent, while this device had an accuracy of 99.6 percent.
In the future, Tang hopes to see this technology in our smartphones. “If we can apply our device into the cellphone, it means that our cellphone will have the ability to encode the data to be uploaded to the cloud and then get it back and then decode it,” he says.