For any company in the IT industry, it is virtually impossible to function unless a lot of personally identifiable information and confidential data flows through servers across deployments every single day. While working with this kind of data, companies need to be watchful about the state of its encryption. This information needs to be encrypted both when it is stored (data at rest) and when it is transmitted (data in transit). While modern encryption algorithms are virtually unbreakable, they also make it impossible to process data without first decrypting it.
For example, let’s take a simple search query and understand what happens to the stored data. While at rest, this data is encrypted, but as soon as the search button in a browser is pressed, the search algorithm has to be able to understand the stored data to perform a search function. For this, the data is decrypted while in use, the search function is performed, and you get the desired result, exposing the data to a viable attack.
A company dealing with high stakes is in no condition to deal with this in a casual manner. As such, regardless of whether you are working with data at rest (not to be confused with REST) or data in transit, traditional public key encryption requires data to be decrypted before it can be analyzed or manipulated. But what if we told you that there is a type of encryption that completely sidesteps the need to decrypt the data before you use it, meaning that data integrity and privacy are protected while you process data in use?
So there, we have your attention now!
Source: https://blog.openmined.org/what-is-homomorphic-encryption/
In a nutshell, homomorphic encryption (HE) is an encryption technique that allows any data to remain encrypted while it is being processed and manipulated. Another bonus of HE is that, unlike other encryption models in use today, it is less vulnerable to attacks by quantum computers. HE also allows complex mathematical operations to be performed on encrypted data without compromising the encryption.
How does it work?
HE schemes are based on a number of techniques, one of which is known as learning with errors (LWE), which we will be discussing in detail here. It involves the difficulty of finding the values which solve:
B = A × s + e, where you know A and B.
The value of s becomes the secret value (or the secret key), and A and B can become the public key. So, our plaintext is in common terms, hidden in the matrices A and B.
Every time a homomorphic operation is performed, additional noise is added to the ciphertexts. Ciphertexts are texts that are unreadable by a human or a computer. Plaintext is transformed into ciphertexts to heighten security. Noise is, in common terms, a small error (mentioned as e in LWE) that gets added to the encrypted result during every HE operation to make it difficult for an attacker to trace back to the original plaintext. At some point, if the noise gets too large, you won’t be able to decrypt the ciphertext successfully.
With HE, you can establish a higher standard of data security without breaking business processes or application functionality. It eliminates the trade-off between data security and usability. You can share sensitive business data with third parties without revealing the data or the results of the computation to them.
Possible use cases in the future
-
Searching through encrypted data: A user stores encrypted files on a remote file server and can later have the server retrieve only the files that (when decrypted by the file owner) satisfy some Boolean constraints, even though the server cannot decrypt the files on its own. More broadly, fully homomorphic encryption (FHE) improves the efficiency of secure multiparty computation.
-
Spam email detection: Email is a private medium of communication where the message is intended to be read only by the recipient. Due to the sensitive nature of the content, there might be personal, strategic, and legal constraints against sharing and releasing email data. With HE, you need not worry about the data being accessible to hackers because there is no decryption involved at all!
Current limitations
-
When HE is implemented, it is still sluggish and has a large computational overhead and large memory requirements. It’s not yet practical to use for many applications due to its complexity.
-
Only a few, limited operations can be performed in a ciphertext as both computational and communication costs increase exponentially with bigger parameters. This leads to the need for extra optimization and depth reduction techniques.
-
HE is not yet able to support multiple users. The security of a database depends on the security of the encrypted database because if someone can access the encrypted database then they can also ascertain the decrypted plaintext result of any computation since they would have access to the secret key. One way to solve this issue is to have a separate database for every user. However, if the number of users is vast, then maintaining a separate database for all of them is impractical. That’s why some researchers are working on multi-key FHE crypto systems. But until those systems are developed, this is a significant limitation of HE.
As both awareness of HE and the performance capacity of HE continue to accelerate over time, the breadth of commercial use cases will similarly increase. This horizontally transformational technology will become increasingly pervasive in applications built around ensuring privacy and security when using sensitive data, completely changing the paradigm of how and where we can leverage these data assets.
To conclude, HE is a technology that has just entered this sphere of secure computing, and it will take a long time for it to secure its position in this arena. It is definitely a contender to watch out for in this space. By enabling computations on encrypted data without needing decryption, HE opens up vast possibilities in areas like cloud computing, healthcare, and finance, where data privacy is paramount.
