Apple's Use of Homomorphic Encryption Revealed
A technical presentation details Apple's real-world deployment of homomorphic encryption (HE) at scale. The technology allows Apple's servers to perform computations on user data while it remains encrypted, preventing the company from seeing the raw content. This approach is a cornerstone of its privacy-preserving analytics and personalization features, moving a theoretical privacy concept into large-scale production.
Apple's specific implementation is the Brakerski-Fan-Vercauteren (BFV) homomorphic encryption scheme. This choice is tailored for computations on embedding vectors, such as dot products and cosine similarity, which are common in machine learning workflows. The BFV scheme is also considered resistant to potential future attacks from quantum computers. To manage the significant computational demands of homomorphic encryption at scale, Apple employs several optimization techniques. For the Enhanced Visual Search feature in Photos, image embeddings are quantized to 8-bit precision before encryption to reduce the size of the request and the server's computational load. Additionally, the server-side database is divided into smaller, more manageable shards, allowing computations to be focused on relevant data subsets. This privacy-preserving architecture is a key component of features like the Enhanced Visual Search for Photos and the upcoming Live Caller ID Lookup in iOS 18. In the case of photo analysis, a user's device encrypts visual features and sends them to Apple's servers, which can then match them against a database of landmarks without ever accessing the unencrypted image content. For Live Caller ID, an encrypted query about a phone number can be sent to a server to check for spam information without revealing the actual number to the server. The adoption of homomorphic encryption aligns with the principles of regulations like the GDPR, which emphasize "privacy by design." By processing user data in an encrypted state, companies can perform analytics and offer personalized services while minimizing the exposure of raw personal information, a core tenet of such data protection laws. This approach allows for data analysis without infringing on user privacy. While not a direct compliance tool, this privacy-first technology strategy becomes increasingly relevant in the context of the Digital Markets Act (DMA). As the DMA pushes for greater interoperability and access to data, employing advanced privacy-enhancing technologies like homomorphic encryption allows for the potential to meet regulatory requirements without compromising on core privacy and security commitments to users. Other major tech companies are also heavily invested in this area. Microsoft has developed its own open-source library called SEAL (Simple Encrypted Arithmetic Library), and IBM has created HElib. Apple's contribution to this space is its recently open-sourced `swift-homomorphic-encryption` library, making the technology more accessible to developers within its ecosystem.
