Homomorphic Encryption and Privacy
Encryption is used to protect everything sensitive, including website accounts, emails, video conferencing, health records, and all sorts of data transmitted over the internet. We touched on some of the basics of encryption in a previous blog post. A message is encrypted when it has been scrambled into something that looks like gibberish, and it can only be decrypted (unscrambled) into the original message by using a secret cipher called a key. With symmetric cryptography, one secret key is shared with both the sender of the message and the recipient. With asymmetric cryptography, both the sender and the recipient each have a private key that only they know about and a public key that can be seen by everyone. One party’s public key can decrypt their own private key. When one party wants to send a message to another, they encrypt their message by using both their own secret key and the recipient’s public key. The recipient decrypts the message by using their own private key and the sender’s public key. This type of encryption—referred to as public key encryption—is used for Hypertext Transfer Protocol Secure (HTTPS), which protects the information exchanged between you and a secure website.
However, the problem with common forms of encryption is that in order for a recipient to do something interesting with encrypted sensitive information, they must be able to decrypt it and see everything. If sensitive information has been decrypted, it can be used by cybercriminals. Fortunately, a new form of encryption is on the rise: homomorphic encryption (HE). HE allows encrypted information to be analyzed and manipulated without being decrypted first, and the result of manipulating the encrypted information and then decrypting it is the same as decrypting the information first and then manipulating it. This form of encryption is strong enough to withstand brute-force decryption by quantum computers, which have processing capabilities beyond that of normal computers. Bernard Marr of Forbes notes that there are three main types of HE: partially homomorphic encryption, somewhat homomorphic encryption, and fully homomorphic encryption (FHE). FHE is considered to be the “gold standard” of HE. Jim Salter of Ars Technica explains that FHE “allows direct mathematical operations on the encrypted data.” For example, suppose you have a secret number and you encrypted it, then sent this encrypted number to a third party who multiplies things by 2. When the third party receives the encrypted number, they do not decrypt it, so they do not know the secret number. They multiply the encrypted number by 2, then give you the result. When you decrypt the result, you get your secret number multiplied by 2, which is the same as what you would get if the number had been decrypted by the third party. An IBM researcher going by the username “Ibmresearch” posted a comment on Salter’s article that explains the basics of FHE. Information is encrypted by “effectively sprinkling it across a very large polynomial,” so mathematical operations applied to the polynomial affect the hidden data too.
Homomorphic encryption has a wide variety of practical applications. The technology could be used by the private, financial, and government sectors. In Bernard Marr’s interview with Flavio Bergamaschi, Senior Research Scientist at IBM, Bergamaschi provides a basic use case for homomorphic encryption: internet searches that are completely private. According to Bergamaschi, homomorphic encryption could let you search for a nearby coffee shop and get an accurate result without revealing sensitive information—including your location, the time of the search, and the search query—to third parties. Bergamaschi also notes that homomorphic encryption could be used for healthcare, and that sensitive medical information could be analyzed to detect health-related issues without giving third parties access to the actual data. Dario Gil of Scientific American notes that FHE could be used for secure genome sequencing. With FHE, genome sequencing services could help people find ancestors and determine their likelihood of developing certain diseases without accessing their private information. Last year, a previous blog article mentioned that patient data was stolen from a laboratory testing company for ransom. FHE could allow laboratory companies to leave patient data in an encrypted state, and ransom attacks would be harder to accomplish because the data would need to be decrypted. Homomorphic encryption is also applicable to other types of private information. According to Jim Salter, IBM cooperated with two large banks to complete field trials that demonstrated how FHE can be used to analyze financial information in bulk without revealing individual records. Bernard Marr notes that homomorphic encryption could also be used for tallying votes with security and transparency. According to Marr, “votes could be added up while keeping the identities of the voters private.“ A previous blog post mentioned that some online voting systems use blockchain technology for security, but that this security is at odds with voter privacy, which is necessary condition for democratic elections. The use of homomorphic encryption for elections would be a game changer because it could provide both security and privacy. Overall, homomorphic encryption could be used to solve a wide variety of problems.
Homomorphic encryption is a cutting-edge technology useful to any organization that works with sensitive data. Both individuals and organizations benefit from the technology. The sensitive information of individuals can be kept secure, thus enabling organizations to analyze large datasets of sensitive information without jeopardizing the privacy of their customers.