Legacy encryption degrades data usability. Practical Homomorphic Encryption holds great promise.
Encryption is the process of encoding a message or information in such a way that only authorised parties can access it and those who are not authorised cannot.
However, legacy encryption suffers from a terrible reputation problem and is rather poorly adopted. According to the site BreachlevelIndex, close to 10 billion records were stolen or breached since 2013. However, only 4% of breaches were “Secure Breaches” where encryption was used and the stolen data was rendered useless.
Legacy encryption techniques forces users to make a trade-off between usability, convenience, and security. No one likes trade-offs. You cannot perform any operations, computations on the encrypted data anymore. You have to decrypt each time you want to perform any operation. Standard Encryption makes the data you need to run your business every day highly inaccessible.
Like with all good technology which is not user friendly, people tend to switch it off. User friendliness is the most vital requirement for adoption of any kind of technology, including encryption.
The promise of Homomorphic Encryption:
What if we could develop encryption methods that allowed operations directly over the encrypted data without having to decrypt it first. This would be having protection and usability simultaneously. Something like this would be the holy grail of data security where nothing is exposed during the entire lifecycle of data — Data-at-rest, Data-in-transit and even Data-during-processing.
As a matter of fact, there exists a technique just like the one described above. It is called Homomorphic Encryption. “Homomorphic encryption is a form of encryption that allows computation directly on cipher-texts, generating an encrypted result which, when decrypted, matches the result of the operations as if they had been performed on the plaintext. The purpose of homomorphic encryption is to allow computation on encrypted data” — wiki definition.
This is very powerful because you can then delegate arbitrary processing of data to the cloud without giving away access to it. For e.g. you can store documents on the cloud and the cloud provider cannot snoop into the data while you retain all operations like “search by keyword”, regular expressions on your documents. You can develop application for privacy preserving, multiparty computations. For e.g. between a healthcare provider and a clinical trails or pharmaceutical company. A much more responsible way for enterprises to work with sensitive, private information that eventually belongs to an end user.
Fully Homomorphic Encryption was first suggested way back in 1978. However, for many years, it was not considered practically feasible owing to the immense computational overheads. It was in 2008 that Craig Gentry invented the first fully homomorphic encryption scheme. Craig Gentry is a member of the Cryptography Research Group in IBM’s Watson Research Center. Gentry also used a very powerful and easy to understand analogy to describe this new method of encryption.
Alice owns a jewellery store. She processes raw gold into gold jewellery. Alice wants her workers to assemble the raw gold into gold jewellery. However, she does not trust the workers and is constantly worried about theft. How can Alice get her workers to process raw gold to gold jewellery without giving the workers any access to the gold?
Alice decides to create a special box. The special box is transparent and has a pair of gloves attached to it. The box is secured by a key and only Alice has access to the key as shown in the figure 1. above. Alice opens the box with her key, deposits the raw gold in the box and locks it back like in figure 2. Her workers then insert their hands into the gloves and work the raw gold into gold jewellery as in figure 3. When the jewellery is assembled the workers remove their hands and they have no others means to access the jewellery except through the gloves. Alice then opens the box and takes her gold jewellery as in figure 5.
In this analogy, we can consider the special box as a third party, untrusted cloud. You can use the box for storage and for computations on the cloud. In effect, you are now empowered to delegate processing of data to the cloud without giving away access to the data.
Recent advances have definitively made homomorphic encryption practically viable. For example, IBM reported that it has rewritten its C++ based homomorphic encryption library and claims it now performs up to 75 times faster. These highly encouraging developments from both large well-known companies like IBM, Microsoft and niche deep-tech start-ups (like Ziroh Labs) will ensure that homomorphic encryption is more widely adopted.
Modern encryption techniques will continue to become more user friendly because the business demands it. While encryption is not a silver bullet, but making the reckless invasion of privacy significantly more difficult that it is today is a very worthwhile mission. Industry verticals like Healthcare, BFSI, Responsible Data Monetization, Cloud Security etc. would significantly benefit from homomorphic encryption.
Our Homomorphic Encryption based, “Zero Knowledge Security Stack” makes any un-trusted, third party cloud a completely private and secure cloud for the end user. Computations are executed directly on encrypted data without having to decrypt first. No cloud provider can profile any confidential enterprise data. This is the holy grail of security, protecting data At-Rest, In-Transit and even during Processing. Welcome to the “Always Encrypted” paradigm where information is never vulnerable.