The Security Podcast of Silicon Valley

Episodes

About

Blog

Subscribe

The Security Podcast of Silicon Valley

The Security Podcast of Silicon Valley

Episodes

About

Blog

Subscribe

The Security Podcast of Silicon Valley

Episodes

About

Blog

Subscribe

44. Benoit Chevallier-Mames, VP Privacy Preserving Cloud and ML at Zama, Unlocking the Potential of Privacy with Fully Homomorphic Encryption

Hello everyone, and welcome to another episode of the security podcast in Silicon Valley, a Y security production. I am your host, John McLaughlin, and I'm joined today by a very special guest, Benoit Chevalier. How are you, John? I'm doing very well.

Thanks, Benoit. Thanks for joining. It's good to see you again. Yes, thanks.

So yes, you're right. We already had one episode like one year and a half ago, and that's great to be back and to give you some dates about what we are doing. Yeah, I'm super excited to hear. For all of our listeners, Benoit is the VP of Privacy Preserving Cloud and Machine Learning at a company, a really cool company named Zama, that is right there on the cusp of changing the world.

As we all know, AI is making huge leaps and bounds. And what the folks over at Zama do, well, maybe I'll let you give the pitch, Benoit, if you'd like to. Yes, of course. So Zama, so it's a French startup.

So today we are about people, I would say, and we work on what is called a fully homomorphic encryption, so FE. So I'm going to explain what FHE is, but firstly, the idea is that we make open source tools for developers to help them to embed FHE in their application and provide privacy in their application. That's so cool. It's so important because we're all of this data is just being uploaded, uploaded into all of these models.

And as soon as your data is up there, you know, there's nothing really that protects it, except this possibility for our fully homomorphic encryption to be able to encrypt that data. So you can upload it encrypted and then process it through our ML inferences and maybe do some training with that fully encrypted. Really incredible stuff. So for a very long time, it has been a dream for cryptographs, an impossible tool to build.

Only recently, like 10 or 15 years ago, that they made it possible and now they are making it practical. So yes, as you said, now it's possible to make computation on the server with the company where you don't need to have any trust in them. So there is no way for them to see your data in the clear. They will just be able to process the equity data, but never they will have the private key.

So never they will see this data in the clear. Beautiful. I asked music to my ears from a security perspective and a consumer perspective and just an investor perspective. You know, just to back up a little bit for all of our listeners out there, Ben Juan and I, we go way back.

So we worked together back in Apple. I joined Apple in 2000. You were already there. You were on the cryptography team in iTunes, underneath iTunes.

And we worked together for what, five or six years. And I was on the compiler team. I was on the obfuscating compiler team. So we would take your hard work, Ben Juan, drop it into I through some compiler.

Funny business. Let's just leave it. Spectacular time together. Yes, it was.

I mean, when I think about these years, I really loved it. It was amazing what we were doing in terms of white box cryptographed application. And so without revealing too many secrets, because we are not authorized to do it. So we had fight against some people trying to break the RFM, so digital rights management.

So the goal was to more or less protect some priorities, which were in the program, by doing some crazy implementation and by doing some of what you did in your product. Yeah, in the compiler. It was a lot of fun. We worked on iTunes back in the day where that was the cool place to get your music, your movies, your books, all of that stuff.

And it all arrived on your iPhone and your Apple TV and your devices and your tablets and all of that stuff encrypted. And we were the team that helped decrypt that so that everyone could enjoy their stuff that they bought. Yeah. Incredible time.

You stayed there a lot longer than I did. Yeah, I think 12 years. Yeah. Then it was, I mean, I could have stayed there longer, but I had this opportunity in Paris where there was this startup just starting.

So I was really in one of the first employees there. I knew the CTO, Pascal Pallier, who is a famous cryptographer for 20 years. It was in cryptography in France. And I knew that at some point I had to try the startup experience.

So it was like now or never. So I, yeah, I took the risk. I went there and I don't regret it at all. It is a very funny experience to see the, I mean, the startup from almost the beginning.

And so I, when I joined, we were like eight or nine. And today I told you we are like 80. We start to have customers. We start to make some money.

We have a. . . Oh, you have some signed customers, huh?

Yeah. Oh, congratulations. That's huge. That's a huge success for any startup.

Yes. And we have had a lot of money from investors. So 70 million, which is a lot, which is also a sign that these investors see in FHG a huge opportunity for the business. Did you say 70 million?

Yes, 70. Wow. That's an incredible number. 70.

70 million. And in France, you know, in France, it's not like in the US. Usually the money that you get from investors is much smaller. Yes.

70 is a lot. It's an incredible number for anywhere, but especially for France, where it's maybe a little bit harder to get those things, to close those sorts of deals. Well, congratulations. Yeah, but I would say money is not the goal.

We have the opportunity to make these products. So as we have some money, we have the time to build the right products. So really, we try to, I told you, make them open source so that anyone can try them and see if it fits. It's free for our researchers or students, even for companies when they want to make some prototype.

And it also lets us sometimes to wait. For example, hardware accelerators, which are going to come, but it's a bit longer. You know, the hardware process. Or on GPUs.

Yes, I mean, GPUs and the FPGAs and ASICs. So there are a lot of either very small companies or very large companies like Intel working on hardware accelerators to make FHC faster. Because speed is one of the current challenges of FHC. Yeah, that's really interesting.

So I know we were, we originally started off talking a little bit about fully homomorphic encryption. And then we did our backstory. Do you want to continue? What is fully homomorphic encryption?

And why do people, especially in AI, why should we care? So we should care because AI is doing a lot of things for us. And in particular, in health or in finance markets, AI is taking some data which are very personal to you. I don't know.

So for example, if you do some DNA tests, maybe you've seen that a 23andMe story. There's a lot of records of DNA which are everywhere now. It's very bad. With AFG, what you can do, you can provide the same kind of services, but over encrypted data.

So that this kind of security breaches are no more possible. On the servers of this company, things will always be encrypted. Nothing will be in the clear. So that even if there is some security breach, nothing can really leak.

Yeah, I love the idea of encrypting our data to protect against security breaches. But maybe also worthwhile to point out that there's a lot more like here. There are companies out there that I'm sure would love to get their hands on your DNA data and then charge you more for certain markers in the DNA. If you're predisposed to cancerous genes or certain types of diseases, you could be discriminated against, right?

If that information is just available. Or in other cases like law enforcement. So if they're processing a crime scene, do they have to get your DNA from you? Or could they just subpoena a company that contains your DNA data with high probability and look for it?

Sort of short circuiting some of the protections that we have, at least here in the States around personal. But I also think that Apache is going to help the market. So I would say, so me, for example, as a security guy, I certainly use the same. I would not send my DNA to some companies that I don't know.

But if ever I know that this information that I'm going to send them is encrypted, I don't need to really trust them. So maybe I'm going to pay for something that today I don't want to pay. Yeah, FHC is going to enable a few things like that. FHC is also going to help companies working together.

For example, banks, they have information about their different customers. But obviously, either for legal reasons or for concurrence, do you say concurrence, or competitive reasons, they would not want to share their data. So what they can do in FHC is that they can encrypt their individual data. They can make a computation together.

And at the end, just agree to decrypt the results. For example, they will use that in anti-money laundering to check if ever you, John, you have too many monies. That's a bit suspicious. Oh, I wish.

Yes, yes. But that's really interesting. So it could be used in anti-money laundering, privacy-preserving anti-money laundering system. That's really cool.

That's an example. I mean, collaborative companies is really one future big market. And FHC is going to make it possible in a privacy-preserving way. I'm super excited about all these bus buildings.

You know, it also helps with things like SOC 2, GDPR, CCPA, the privacy-preserving legislation that are coming up. You want to get your SOC 2 certification. You have to demonstrate that you're protecting your customers' data. So if you ever receive sensitive data, you have to have that encrypted.

You have to have that encrypted. But if you want to work on it, you have to have it decrypted. It sort of represents a catch-22, even for modern-day certifications. I can see it enabling a lot of new business and really raising our security maturity posture across the industry.

That's how big this is, because this is going to affect everything. Because AI is going to end up everywhere. It's just a bit of time. So, you know, we are thinking about AI.

There is another very nice company that I admire in France, which is the Hugging Face. So, you know, this is a company where they do a lot of open-source machine learning stuff. And so, when we wanted to show what AFHE can be in practice, especially for machine learning, we have been there and we have available demos on AFHE over machine learning models, which are today on the internet. So, if you look for a Zama AFHE webpage on the Hugging Face, you will see, I think, today we have four demos.

So, for example, you can apply a filter on an encrypted image. You can check if, I mean, classify the disease that you have, health diagnosis, and a few other demos like that. And it's really a nice way to show to people, and especially to our future customers, what AFHE can bring to them. Yeah, that's really cutting-edge stuff.

So, that's incredible. And we'll put the links to those demos in our description. Great. So, with all of this great stuff on the table, like, what are the challenges, really, that FH faces or that Zama is facing?

Yeah. Before answering the challenge, I mean, the remaining challenge, I would like to say what we have been able to solve. Oh, I would love to hear this. Yeah.

Yes. Because, I mean, before Zama or five years ago, it was very complicated to use AFHE. So, more or less, you had to be a specialist, like a cryptographer. You had to write things in C++ or very complicated stuff.

So, what we have tried to do, and I hope that we have achieved to do it, is we have tried to simplify the use of AFHE, such that today you can use AFHE in a pure Python. You can be a data scientist without really knowing what cryptography is about, and still you can make it. So, already, as we've said that we are ex-employees of Apple, where we made things simple. So, I am very happy that we have made the use of AFHE very simple for data science.

And now, about the remaining challenges, really today things are about speed. So, we are able to handle the cases of machine learning with scikit-learn models. So, linear models, tree-based models. And it can already go to production.

When it's about deep learning, so more complicated models. You said a magic word for everybody. You said it could go into production. Yes.

Do we have. . . I'm really serious.

Serious. Oh, I believe now. I want to showcase this machine's success because this is like Cornerstone. This is a signal that this is really mature now.

Yes, and when I mentioned the Hugging Face demos, they are live. And even the servers on the Hugging Face are not that powerful. I mean, they are not specialized in CPU servers. But still, you can make things in AFHE.

It's only when you speak about deep learning where you have millions of neurons that things are a bit complicated. So, things are certainly too slow to go to production. Or at least, we are very far from being real-time. So, here, we are waiting a bit.

And we are working with hardware companies who are making those hardware accelerators. That's awesome. So, is there. .

. There's components of your stack at Zama that is going to dip down into GPUs and FPUs and the other one, what was it? Asterix? Yes.

So, I will not be able to detail it too much because I'm not a specialist. But yes, there are teams at Zama working on GPUs and FPGA. And we are also working with external companies to integrate their future hardware accelerators. Oh, incredible.

Things that are not even released yet. And we expect like 10x, 100x, or even more factor-prosper improvements thanks to this hardware. Do you think that those improvements will help make the more complex models' production viable? Yes.

So, what we expect is that by 2025-2026, we see the first generation of these hardware accelerators. And then we will have several generations. And to give you an example, next year, in May, we are going to RSA. You know, this is a big security conference.

And there, we will explain, we will describe our experiments about NNM in FHC, so large language models. And we will say that we have been able to show that it's doable. I mean, in terms of accuracy, it works. It's just too slow.

So, what we expect is that certainly not with the first, but second or third generation of hardware accelerators, we will be able to make NNM in FHC. And this will be awesome. I mean, instead of sending your queries in the clear, you will send the queries encrypted. That's incredible.

That's going to be spectacular. Yeah. RSA, just a small security conference that happens down the street here in San Francisco. Yeah, smaller, smaller.

No, it's the largest conference. It's the largest security conference in the world, isn't it? I don't know. I wouldn't be surprised.

It's huge. It's huge. And yes, it's an awesome company. You spoke there last year too, didn't you?

Yes, exactly. So, I mean, it starts to be an habit. So, I've been there as a speaker in 2022, 2023. And here, it will be the third time in a row.

I really love to be there. I love the US, obviously. And, you know, last year, we had this amazing experience with, I mean, by being a speaker, but also the company was in the startup contest. And also, it was the occasion for us to meet a few companies in the Valley.

And. . . You.

. . Yeah, sorry. Oh, no, go ahead.

Go ahead. Yeah, so a few companies. And even we have had the opportunity to make a talk at Stanford where, I mean, in the exact department of research where FHC, I mean, practical FHC was invented. So, I mean, I remember this week of presentation.

It was really awesome. I remember I was on the Zoom call because I couldn't show up in person for your talk, but I appreciated the invite. It was incredible to. .

. Yes, I remember that. That's history. Yeah, that's history unfolding.

You know, because you guys are really on the cutting edge just on the invention side, but making it. . . You're productionizing the whole thing.

Yeah, it's one thing to make a paper. And, I mean, obviously, a lot of respect to them. Absolutely. But one thing to make the paper, and it's another thing to make a product with the support to the users, with the company, with, I mean, with finding the customers and making market and so on.

It's different. You know, when we worked together at Apple, I always knew you were going to do great things because the stuff that we were doing at Apple, you were doing exactly the same thing at Apple. So, you took the things that were theory and you turned them into actual code and products that worked and worked well, and it stopped the attacks inside iTunes. And Apple owes you that debt of gratitude for it.

But now that you're doing it with FHE over at ZAMI, this is just incredible. And I always knew you had it in Europe. I mean, so thanks a lot for this world. But really, it was the thing that I would keep from Apple to make things simple, to make things that work, that are natural.

I mean, it's embedded in me today. So it's very natural to me to make our products like that. And I would say it's my main proudness to make that data scientist. To give back.

Oh yeah, but to make that data scientist can use it, can use this amazing technology, but which is quite complicated and under the hood. They can use it almost easily. Yep. So how many paying customers do you guys have over there at ZAMI now?

So I will not be able to say things which are not public. So still, we have learned to keep a secret. We are good at secret, sorry. Yes.

But what I can say is that, so we have more or less two divisions at ZAMI. So we have the ML division, the machine learning division that I take off and that we have spoken a lot about and we have the blockchain division where they're making a product which is called AFHC VM. We choose them to make smart contracts, but where some of the data in the blockchain can be encrypted. And so yeah, about money, about customers, AFHC VM is where we have the, I mean, most of our customers today.

So you will see in the news that we have signed a few contracts with some blockchains and. Oh, that's really cool. So with blockchains, did you get traction? Is that Ethereum?

Or maybe you can't. So not for now. I will not enter into the details because I don't want to say. Don't want it.

Yeah. I don't want to say secrets. I can keep secrets. It's just, I would like to avoid that.

I'm not a speaker. So look in the, in the news about Zama. You will see that some companies have signed things with them. Excellent.

Appreciate that. And that's a big deal too. So if I'm a data scientist and I'm starting to get curious now about all of this fully homomorphic encryption and we've got some demos and we've got, we've got some people that are already like early adopters working with you guys to get those kinks and the bugs and that developer experience nice and crisp. And I'm curious, I'm a curious data scientist.

What would you invite me? Well, if you are curious, so I would recommend you to go to our GitHub. So AI GitHub. So same thing.

I guess we will add the link with the podcast. So they can go there and they can have a look to how it works. And maybe they will start by reproducing some of the examples that we have. And then after that, they can build their own examples.

And I hope that it could be quite easy for them. Deal with the speed constraints. So maybe start with the machine learning. Don't go for LLMs for now.

It's going to be too long. And then if ever they have issues, they can, we offer us three support. So we have a Discord. Discord.

fhc. org where they can ask their question and we will help them to fix their bugs or fix their misunderstanding. And then if they are happy with what they are. There is even a program that I would like to speak about, which is our Bounty and Grant program.

So Bounty. Every quarter we create, I mean, competition. So for example, last quarter, the competition for machine learning was create a Shazam, you know, to recognize the music, but over-and-the-date data. And then all the people can use Zamas products, make their application.

And we have a jury and we decide with the winner. And the winner gets some money, $10, 000 or something like that. $10, 000 also. I think.

To check the numbers, but I think it was this one. And it repeats every quarter. So that's Bounty. And that's a way to mix son and money.

Yeah. And then there is a grant program. So here, if they want to build a company over ConcreteML or Concrete or any Zamas product, actually, they can apply for grants. They can say, I'm going to build this company with privacy first.

And they will, if ever they are accepted by the company, they are going to get some money to help them to bootstrap. Very nice. And so it's a grant and not an investment. Yes.

Today, it's a grant. That's music. I mean, I can't tell you that it's not going to change or maybe it will depend. So at least for now, it's a grant.

If ever we see an amazing opportunity, maybe some of our investors or some friends would want also to invest in the company. But that's a different subject. That's a totally different subject. But that's music to founders and entrepreneurs' ears.

Because a grant is non-dilutive capital. Yeah. It's all. I mean, money.

Just the expectation is that you have to use Zama products. And also, I think, to check, depending on the cases. But I think the condition is also to make your application open source. So you have to show how you use the products.

If ever you make something close source, it's that great for us and for the customers to understand how you have been using it. We are a community and we are trying to bootstrap this and stand on each other's shoulders so that no one has to repeat, you know, that same pain point that you have solved or you have tackled yourself. I get that. I understand.

The business model behind that often is like open source the core product, sell a SaaS service that deploys it so you don't have to manage like their operational overhead. Another business model that I've seen is sell the support for the open source on-prem deployments. That's another business model for that. And I think there's one more.

Whereas now, I think there's a great way. So at least we have a different way, which is the license. Oh, the licensing. Yes.

Oh, that's right. So you open source. We have open source for research and free for researchers, for students or for companies when they want to prototype things. But when someone starts to make money with our product, like certainly a company, they will have to change the license to take a business license, let's say.

And then we are going to charge them depending on the use they make of the product. So often it's per usage. I mean, we price a certain number of dollars per call per year. And if ever you are Google, of course, you are a better user.

So you are going to use products a lot. So you are going to pay more than a small company with just a single. Perfect. Now, that sounds like a very nice approach to monetize as well.

Apple and ZAM, both amazing companies. You've spent a good chunk of time now at both of them. Yes. And when you compare them, how would you think about that?

Would you pick one that's better than the other? Or? No, I would not say that one is better than the other. And I would say that so often, you know, people working in staff have that image of the big companies.

And I tell them, you can also be very happy to work on very interesting things. At least we together. We did. Absolutely.

We did. So I have a good image of these two kinds of companies. In Apple, what was great is that we were able to have billions of users. So what we did was used by billions of users.

So that's amazing. I mean, the impact you can have. We started with ZAMR. And especially as we are very open source and very open to outside.

The great thing is that you can discuss with other companies. You can build with other companies. You have a bit more flexibility, opportunities. So that's, I would say, the plus, at least for me, that I signed in ZAMR.

So in ZAMR, I've been able to, you know, I started as an individual contributor. And then I built a few teams within S. So already, that's, I mean, several teams, several products. And now I'm responsible of the divisions.

More or less, I can try to find the customers. It's a, it's really things that you, I would not have been able to do at Apple. Because Apple, it's such, so large. And so that everyone is specialized in one thing.

You remember at Apple, there was one guy responsible of the plastic for the watch charger, something like that. It's very specialized, very different. Yep. Yep.

Very, very focused in a big company. Yeah. But in a small company, a lot of opportunity, a lot of breath, maybe a little bit less opportunity to go deep in a technology, but a startup with strong focus, you will have an opportunity to go deep. Just like you're doing this.

But what I love that Apple was the attention. He turns, really the specialist of the plastic. He was really obsessed by it. And he would make the best plastic in the world for this case.

They would make that opening the iPhone would be an amazing experience. And so that's one thing that I really appreciated there. And I really appreciate like people that go through that experience and they see the value in simplicity and this idea that less is more. And really focusing on the experience.

Not even the technology, not even like the user interface, but what is the experience? What's the feeling that you get when you interact with that technology? So I'm happy to hear that you brought that into FH. I'm very angry, but I, yeah, I mean, it's something that I love that Apple.

So obviously I'm going to try to copy it in the companies that I'm going to join. Amazing. Well, if you could go back in time, meet your younger self. I don't know.

Maybe when you're still in school and you could offer yourself like a piece of advice. Hey, would you do it? And B, what would that advice be? Would I?

What, sorry? If you could go back in time and meet young Benoit. Yes. And you're still in school and you could sit down and have a beer with yourself, your younger self.

Would you have any advice? I didn't know that I would go to the psychologist when I joined. That's not funny. No, no, no.

That's fine. But I mean, so I'm not going to answer this exact question, but I'm going to answer this one, which is also meet some young people and I love, I like to give them advices. Yes. Yeah.

Friendly. To me, it's a lot about excitation. Do something which is exciting to, so that you find pleasure in working and we are, I mean, machine learning, security or computer science, it's really somewhere where there is a lot of jobs and opportunities. So if ever you are somewhere and you feel a bit disappointed or disinterested by what you are doing, try to go as well.

Yeah. And so really, yeah, something like that, something like if ever, yeah. Okay. I meet the young Benoit and I tell him, start your own company.

You are 20. He starts your company. When I was young, it was not, at least in France, it was not what we were used to. I mean, no one started the company and if ever you did, you were a crazy guy.

Today, I see all these guys, they try, they try it. You don't care, you fail. But it looks very sunny, it looks very, it's something that you have to try and I will try it. So I will, I will try it as a 50-ish person, but still, I will.

You're going to just nail it. Yes, you're right. So instead of being young and, you know, afraid of a bounce risk, with risk, I will be richer. So a bit less, you know, financial pressure and I will have more experience.

And I think experience is also very useful there. You know what it is about to take care of the product, of the user, of testing things, of making good development code and so on. Absolutely. No, that's incredible.

Well, I will look forward to seeing which company you start here when you're 50. I don't know. We will decide together. Okay, deal.

I love it. No, I mean, we don't know what the future is going to be, but hey, you are in the US, I am in France. It might be. We will make a great team.

We will make a great team. But yeah, yeah. And yeah, so when we are speaking about funding companies, to me, it's really about trust. And it's really about who is, who are the other co-founders.

And it's, it's really about that. So when I'm listening to a few people who might work with me, I'm listening to people I have worked a long time with. I appreciate work. I respected the technical skills and so on.

So yeah, you might be one of them, but we are not going to, I mean, it's going to be updated for the listeners now. So we are going to stop that. But I appreciate that. That's most heartfelt and the feeling is mutual.

And I feel exactly the same way about trust. It's all about trust. Trust can, if you don't have trust, it makes it really difficult to do anything worthwhile. And sometimes that's why money plays an important role.

Like in a transactional relationship, you're transacting. That's where money shows up. But if there's trust as a foundation, you don't really have to worry about the money and the transactions because you know, you trust the person, trust the person. That's really great.

Well, Ben Bois, thank you so much for joining for another episode of the Security Podcast and Silicon Valley, which is a YSecurity. io production. I'm your host, John McLaughlin. Benoit, it's been an absolute pleasure.

So thanks a lot for your time. It was also a pleasure. I can't wait for the third episode of it. So thanks a lot.

It's whatever you would like it. It was really great to hear about all of the improvements and all of the successes and congratulations on the customers again. And thanks to all of our listeners for tuning in. Make sure to tune in for the next episode of the Security Podcast in Silicon Valley.

Thanks, everyone. Hey, great. We'll see you infeedroll.

‹ 45. Craig Goodwin, Co-Founder and CEO of Bleach Cyber: Imagine Cybersecurity, but not Complicated

43. Evan Driscoll & Dion Almaer Unleash Augment's Software Engineering Revolution with Secure AI ›