Intel Demos Chip to Compute with Encrypted Data

Original Article ↗ Hacker News Discussion ↗

What FHE Hardware Actually Does

  • Many comments clarify that this is fully homomorphic encryption (FHE), not SGX-style “trusted execution.”
  • Data is encrypted client-side; the accelerator performs math on ciphertext without ever seeing keys or plaintext.
  • Example given: encrypted phonebook search where the server processes the whole database and only the matching rows decrypt correctly client-side.
  • Emphasis that the hardware never needs decryption keys; at worst it can return incorrect results.

Trust, Backdoors, and Intel

  • Some remain deeply suspicious of Intel due to past features like ME and worry about hardware backdoors, especially for “very sensitive” workloads (health data, crypto, smart contracts).
  • Others argue FHE explicitly minimizes trust in hardware: since keys stay with the user, backdooring the accelerator is much harder than backdooring conventional at-rest encryption.

Performance and Practicality

  • Current software FHE is cited as ~10,000–100,000× slower than plaintext.
  • Intel’s reported ~5,000× speedup is seen as a big step, but there’s disagreement whether that still leaves 2–10× or 20–100× overhead vs. normal compute.
  • Consensus: still unsuitable for latency-sensitive tasks, but potentially viable for batch jobs (aggregations, simple ML inference on private data).
  • Some say FHE remains “impractical” or niche; others see this as the first time it’s realistically usable at all.

Applications Discussed

  • Cloud compute on sensitive data (medical, PII, regulated datasets).
  • “Confidential smart contracts” and securing crypto L1/L2.
  • E-government and voting, where volume is moderate but privacy expectations are high.
  • Possible reduction or replacement of TEEs/confidential-compute stacks if performance ever approaches normal chips.

DRM, Attestation, and Abuse Concerns

  • Several fear this could power more invasive DRM or hardware attestation in a broader “war on general-purpose computing.”
  • Counterargument: DRM still needs plaintext at the user’s eyes/ears; FHE doesn’t inherently help more than generic crypto accelerators.
  • Some note any secure construct can serve both user-protecting and user-hostile purposes; the root problem is political, not mathematical.

AI and Private Inference

  • Some predict encrypted-weight models and “private AI” as a major FHE use case; others say current compute limits make this speculative.
  • Alternative approach highlighted: running models in GPU-based secure enclaves, where data is decrypted only inside an attested, hardware-protected environment.

Other Notes

  • Concerns that governments might restrict or backdoor strong FHE; others think it’s mainly a cloud/datacenter tool, not consumer-facing.
  • Interest in open hardware and RISC-V arises as a response to growing distrust of large chip vendors.
  • Intel’s open-source encrypted-computing SDK is mentioned positively.