Homomorphic encryption in iOS 18

Original Article ↗ Hacker News Discussion ↗

Scope of Apple’s Homomorphic Encryption Use

  • iOS 18 uses somewhat homomorphic encryption (SHE/FHE-style) for:
    • Live Caller ID Lookup: encrypted phone number queries to a server; replies stay encrypted until on-device decryption.
    • Landmark recognition in Photos: embeddings computed on-device; nearest-neighbor / dot-product-like lookup done with HE against a large server-side vector database.
  • Only specific tasks (not full neural networks) appear to run under HE; core image embedding runs locally.

FHE vs SHE, Noise, and Practicality

  • SHE doesn’t weaken security; it limits how many operations are possible before noise breaks correctness.
  • FHE = SHE + “bootstrapping” to reset noise and allow unbounded computation; bootstrapping is the main cost.
  • Performance and noise budgets are highly algorithm-dependent; many use cases still too slow or shallow for general-purpose computing, but ML tasks with low depth (e.g., some neural nets, vector search) are more viable.
  • Some discussion over whether bootstrapping is universal in practice; consensus in thread: all practical FHE relies on it.

Privacy, Consent, and Trust

  • Many welcome “privacy by design” and HE as a concrete, large-scale deployment of advanced crypto.
  • A strong subthread criticizes:
    • Feature being effectively opt-in by default, starting to scan photos on install before explicit consent.
    • Normalizing constant “phoning home,” making later exfiltration harder to detect.
    • Closed-source implementation and difficulty verifying end-to-end behavior, even with Private Cloud Compute and attestation claims.
  • Others argue:
    • If you distrust Apple at that level, the OS itself is the bigger problem.
    • Homomorphic encryption ensures Apple cannot read the query contents, even if data leaves the device.

Comparisons and Alternatives

  • Extensive comparison with Google/Android:
    • Android/Google Photos generally framed as more cloud-centric and dark-pattern-prone, though nominally “opt-in.”
    • Some praise Apple for more on-device processing overall but still fault them for not offering a clean “no-cloud/no-scanning” mode.
  • Mentions of fully local photo search apps and self-hosted or FOSS gallery solutions as preferable for some.

Licensing and Crypto Details

  • Debate over Zama’s “BSD-3-Clause-Clear + patent license” model vs. fully free alternatives like OpenFHE.
  • HE schemes used are lattice-based and considered post-quantum; discussion notes relationship to ring-LWE/Kyber and extra “circular security” assumptions.