Regardless of the strength of data’s encryption, more and more potential vulnerabilities surface in data security as more people are granted access to sensitive information. However, a relatively new encryption protocol poses a unique solution to these types of mounting privacy exposures.
Homomorphic encryption enables users to edit data without decrypting it, meaning the broader dataset is kept private even as it is being written. The technology may not be an ideal solution for everyone, but it does have significant promise for companies looking to protect huge troves of private data.
How Homomorphic Encryption Works
Homomorphic encryption was proposed in 2009 by a graduate student, who described his concept through an analogy of a jewelry store owner.
Alice, the owner, has a lockbox with expensive gems to which she alone has the key. When Alice wants new jewelry made from the gems, her employees wear special gloves that allow them to reach into the closed box and craft the jewelry using the gems without being able to pull them out of the box. When their work is done, Alice uses her key to open the box and withdraw the finished product.
In a conventional encryption model, data must be downloaded from its cloud location, decrypted, read or edited, re-encrypted, and then reuploaded. As files expand into the gigabyte or petabyte scale, these tasks can become increasingly burdensome, and they expose the greater dataset to wandering eyes.
By contrast, data that is encrypted homomorphically can have limited operations performed on it while it’s still on the server, no decryption necessary. Then, the final encrypted product is sent to the user, who uses their key to decrypt the message. This is similar to end-to-end encryption, only the receiver can access the decrypted message.
Also read: Data Security: Tokenization vs. Encryption
Use Cases for Homomorphic Encryption
AI-driven healthcare analytics have come a long way in recent years, with AI being able to predict disease and other health risks from large sets of medical data.
Today, services like 23 and Me allow customers to hand over sensitive medical information for genetic testing and ancestry information. But these companies have been hit with accusations of selling this personal information or providing it to third parties such as the government, without customer knowledge or consent.
If that data was protected through homomorphic encryption, the company would still be able to process the data and return its results to the customer, but at all times that information would be completely useless until it is decrypted by the customer, keeping his or her information entirely confidential.
In the case of Google, the company may be pursuing the technology as a means of complying with privacy regulations such as the European GDPR. With homomorphic encryption, Google could continue to build an ad profile, based on large volumes of personal data that it collects through various means, and compile it into an encrypted database with limited usage or applications that only the end user might experience.
For instance, a user may search Google for restaurants near them. The query would hit the homomorphic black box, privately process the user’s preferences and location, and return tailored results.
Types of Homomorphic Encryption
There are three common iterations of this technology, and one size does not fit all.
- Partially homomorphic encryption (PHE): Allows for very narrow interaction with data, limited to a single mathematical function at a time
- Somewhat homomorphic encryption (SHE): Perform up to two operations at a time
- Fully homomorphic encryption (FHE): Several types of operations can be performed simultaneously, and an unlimited number of times. While most desirable, FHE incurs significant hits to system performance.
The Limitations of Homomorphic Encryption
Homomorphic encryption has yet to see widespread adoption. However, it’s not uncommon for encryption protocols to spend a decade in development.
There are community standards that need to be established. Public confidence that the technology is safe, secure, solid, and not exploitable needs to be reached. APIs need to be implemented. And lastly, perhaps the biggest hurdle for homomorphic encryption is that the technology needs to perform well.
No one wants to adopt a more secure protocol only to discover that system performance has taken a massive hit. From an end-user standpoint, that will feel more like a massive setback than a step forward. While the protocol has become massively more efficient since its inception in 2009, it still lags behind today’s conventional encryption methods, particularly as users move from PHE to SHE to FHE.
While the computational overhead is too large for many businesses that don’t need the added security, homomorphic encryption may yet become the go-to standard for sensitive industries like finance and healthcare.
Read next: Best Encryption Software & Tools