What if I tell you that there is a technology that can end all your worries related to data security and privacy. Even if your data is stored in the cloud, on-premise, or with a third party, it will be safe. No privileged user or threat actors will ever be able to steal or abuse the information ever. Yes, there is a silver bullet to all your worries, and it’s called Homomorphic Encryption (aka HE).
Homomorphic Encryption is a unique encryption technology that allows computation to be performed over encrypted data. In other words, you will be able to share encrypted data with third parties for processing, and they will be able to process it and share the result, without ever decrypting that information.
HE is also Quantum secure, which means that even if there were a quantum computer, which can easily break encryptions like RSA. It wouldn’t be able to break Homomorphic encryption.
The Cybersecurity Industry is product-driven, and has produced amazing solutions, and came a long way in the last two decades. Yet, some of the challenges are still hard to address. Like your concern about the security of data shared with a partner for processing, or stored in a private Cloud.
A solution like DLP, CASB or MDM, can not guarantee the safety of your data. Don’t take me otherwise, of course, they are great solutions, and will help you to reduce the risk of data loss. But, they can not guarantee absolution protection.
What about someone taking photos from his mobile, doing screen recording, or How about a privileged user or insider threat?
When you google for a coffee shop nearby, imagine how much of your data is collected and stored by Google. Of course, you may be ok with that, and take it as a small cost to pay, but how about we can get this information without sharing any of the details at all. Yet, google will be able to show us ads without capturing our information.
HE can address all these challenges and some more.
When was Homomorphic Encryption Invented?
While the concept was envisioned by Rivest, Adleman, and Dertouzos around four decades back, in 1978. The first algorithm of a HE Cryptosystem was developed in 2009 by Craig Gentry of IBM. Gentry, using lattice-based cryptography showed the first fully HE scheme as announced by IBM on June 25, 2009.
The challenge with it was, that it would take a trillion times longer to perform simple operations on encrypted data compared to the same operation on unencrypted data. This made the system inefficient at its first generation. But, HE Cryptosystems are in their fourth generation now, and can successfully be implemented in many applications.
Full Homomorphic Encryption (FHE) reconciles privacy with Internet
What is Bootstrapping?
One of the biggest challenges in HE Cryptosystems is noise. As the number of operations to be performed on the encrypted data goes high, the noise also goes up and it can make the results inaccurate. To address this issue, the concept of Bootstrapping was given by Craig Gentry.
Bootstrapping Theorem says that “If a scheme is homomorphic enough to evaluate its own decryption circuit, then it can be turned into a fully homomorphic encryption that can evaluate any function.”
The problem with Bootstrapping is that it can make Homomorphic Encryption slow.
Types (aka Schemes) of Homomorphic Encryption
Based on how Homomorphic Encryption Cryptosystems manages noise, We can devide them into the following three categories:
1. Partially Homomorphic Encryption (PHE)
PHE Cryptosystems allow either addition (XOR) or multiplication (AND) operation to be performed on the encrypted data unlimited times.
2. Somewhat Homomorphic Encryption (SHE)
SHE Cryptosystems allow addition(XOR) and multiplication(AND) operations to be performed on the encrypted data a limited number of times.
3. Fully Homomorphic Encryption (PHE)
FHE Cryptosystems allow addition(XOR) and multiplication (AND) operations to be performed on the encrypted data an unlimited number of times.
Is Homomorphic Encryption practical?
Homomorphic Encryption is practical now, however the answer could have been different a few years back. In the last few years, a lot of good work has been done on the technology by various researchers. This includes the work by industry giants IBM and Microsoft by creating HELib and SEAL respectively.
FHE performance has improved to a level that is adequate for certain applications. It will improve further with algorithmic advancements and future hardware accelerators.
We actually have some interesting adoptions of this technology at this very moment.
What is HElib?
HElib (Homomorphic Encryption library) is a free and open-source cross-platform software developed by IBM. It implements various forms of homomorphic encryption.
It supports the BGV scheme with bootstrapping and the Approximate Number CKKS scheme. HElib also includes optimisations for efficient homomorphic evaluation, focusing on the effective use of cipher-text packing techniques and on the Gentry-Halevi-Smart optimisations.
The Github Repository for HElib can be accessed here.
What is Microsoft SEAL?
Microsoft released open-source encryption libraries Microsoft SEAL in 2015. The goal was to provide a simple and convenient API with state-of-the-art performance under MIT license. This was further enhanced, and in February 2019 SEAL version 3.2.0 with full .NET Standard wrappers for the public API released. That simplified the work of .NET developers writing homomorphic encryption applications.
Microsoft SEAL comes with several detailed and thoroughly commented examples, demonstrating how the library can be used correctly and securely. It also explains any necessary background material. It can be used on Windows, Linux, and Mac OS development.
This is the Github Link for Microsoft SEAL
A comprehensive list of Homomorphic Encryption Libraries, Softwares, and resources can be accessed at this Github Link.
Practical Examples for Homomorphic Encryption
Following are some interesting example of the use of Homomorphic Encryption:
Microsoft ElectionGuard
Microsoft ElectionGuard is an interesting application of Homomorphic Encryption. It provides a free, open-source software toolkit, which can be used in new and existing election systems. It will allow the voters to verify that their votes have been accurately counted.
Voters can also check for themselves if their votes have been correctly recorded. Also anyone including voters, candidates, media, or even casual observers, can verify that the recorded votes have been accurately tallied while ensuring privacy and security.
This is the Github Link to Microsoft Electionguard
IBM FHE Toolkit for MACOS, IOS, Linux, and Android
IBM has published FHE toolkits for MacOS, iOS, Linux and Android in GitHub. Each of these toolkits is based on HELib encryption library created by IBM, and includes sample programs that make it easier to write FHE-based code.
Each toolkit also includes a demonstration of a privacy-preserving search against an encrypted database.
Advantages of Homomorphic Encryption
- A third party can perform operations on encrypted data which is revolutionary and can radically transform the internet
- HE ensures data privacy since you need not share it in plain text. Even if a hacker steals this information, he will be looking at a pile of encrypted data which can not be decrypted.
Disadvantages of Homomorphic Encryption
- Computationally expensive, as it introduces significant overheads compared to performing the operations on non-encrypted data.
- Fully Homomorphic Encryption is really slow, and SHE and PHE are only suitable for specific applications.
Practical Applications of Homomorphic Encryption
Following are some of the practical applications for Homomorphic encryption for real world:
- Securely storing and computing sensitive or regulated data in Cloud
- Electronic Voting Systems (E.g. Microsoft ElectionGuard)
- Overcoming Data Residency requirements like GDPR
- Making Financial Institutions secure and fraud-proof
- Making the internet more secure
We hope you liked this information. Please share your feedbacks in the comment box.
One comment
Pingback: Types of Encryption: Defined, Explained & Explored | SecurityFocal