Homomorphic Encryption: A Scalable Solution for Privacy, Security and Compliance On-Chain

by Daniel Nayrouz

One of the most common misconceptions about blockchain technology among newcomers is that its features of decentralisation, peer-to-peer transactions that eliminate the need for a trusted intermediary, and the use of anonymous wallet addresses, render blockchains ‘private’ by design.

But as the veterans will know, blockchain is in fact far more transparent than the institutions that facilitate transactions in traditional finance. Since all participants in a blockchain need to reach consensus on the current state of the system’s data and transactions, these computations need to be published, making them a matter of public record.

In other words, every transaction that has ever been enacted on the Ethereum and Bitcoin blockchain networks, is viewable by anybody at any time on block explorers such as Etherscan and BTCScan.

And the smooth functioning of blockchain is not the only reason for this unadulterated visibility of on-chain transactions; it is also due to the criticality of regulatory compliance. Regardless of the sector, region or scale of operation, regulations require organisations to maintain detailed records of their financial transactions and activities. A comprehensive and immutable ledger of transactions naturally enables regulatory compliance at minimal operational cost, as auditors can scour through it to verify transactions, track funds and ensure full compliance with anti-money laundering (AML) and know your customer (KYC) requirements, as well as tax reporting requirements and market integrity.

But this does not mean that privacy is not desirable or desired for developers and users of blockchain alike — far from it! Lack of privacy on blockchain as its stands is leading to an array of concerns including the prospect of theft of user funds, extraction of value from users to miners and validators on the network, as well as mass surveillance. And it has indeed led to the development of numerous technologies implemented within blockchain in an attempt to bolster privacy, most notably zero-knowledge proofs (ZKPs).

ZKPs are a type of blockchain scalability solution that bundle hundreds of transactions into one single transaction with the aim of reducing the data that needs storing and verifying on the blockchain while also hiding specific details about those transactions. Whilst the technology has made significant inroads in the space, becoming a core feature of privacy-enhancing cryptocurrencies such as Zcash, it is costly and does not allow for the transfer of encrypted data specifically for the purposes of data analysis and computation. Moreover, many apps using ZKPs require third parties with much stronger computational power to actually generate proofs, which ultimately exposes user data to such entities that users need to just ‘trust’. This might include transaction metadata, user identifiers, or other information that forms the basis of the proof. Once the data is with the third party for the purposes of proof generation or analysis and computation, the way they store and handle this data might entail inadequate security measures, potential vulnerabilities, or internal malpractices that could lead to unintended data exposure.

A more robust solution to this quandary is potentially on the horizon in the form of homomorphic encryption (HE). HE allows for computations to be performed on encrypted data, without ever needing to decrypt it. If integrated into blockchain technology, this would allow for the verification of transactions and processing of sensitive data without revealing details about it to any third parties or publicly accessible block explorers. This in turn means that blockchain users, whether retail or institutional, can achieve the regulatory compliance they need while enjoying a new level of privacy previously unseen in blockchain, as their transactions would be auditable in their encrypted form without the details of such transactions actually being exposed.

In short, HE represents a beacon of hope for the seemingly improbable reconciliation of arguably the three most hotly requested pillarstones of a blockchain: privacy, security and regulatory compliance.

A brief history of homomorphic encryption

HE is the process of transforming data into a secure, encrypted format (ciphertext) while still allowing it to be manipulated and analysed as if it were in its original, unencrypted form (plaintext). Unlike traditional encryption, where data is stored in its original form and protected behind an encrypted barrier, HE allows for complex mathematical computations to be directly performed on the encrypted data.

This approach maintains data security without hindering its usability for analysis and processing. In such a system, the data structure is maintained, ensuring that identical mathematical operations yield the same results even if they are performed on permanently encrypted data.

At present, the scope of HE operations is categorised into three types:

1. Partially Homomorphic Encryption (PHE): This allows for an infinite number of a specific type of operation to be performed on encrypted data. This type is typically limited to either addition or multiplication, but not both. It is useful in scenarios where only one type of operation is needed, which limits its applicability to more complex computations that require multiple types of operations.
2. Somewhat Homomorphic Encryption (SHE): SHE extends the capabilities of PHE by supporting a limited number of both addition and multiplication operations. However, it does not support an unlimited number of operations.
3. Fully Homomorphic Encryption (FHE): FHE is the most advanced form of HE, allowing for an unlimited number of both additions and multiplications. This means it can theoretically support any computable function. FHE has wide-ranging applications, from secure cloud computing and secure data analysis to private information retrieval and secure voting systems. It can be used in any scenario where data privacy is paramount, and complex computations are required.

Although practical implementations of HE only started succeeding in recent years, the concept actually dates all the way back to 1978, when a team of cryptographers at MIT proposed “privacy homomorphisms” as a means of allowing computations to be performing on sensitive data without decrypting it. Unfortunately, the early iterations of the technology they developed often required decryption and re-encryption as part of the process, which compromises data privacy and limits the practical use cases of this embryonic form of HE.

Finally in 2009, however, a PhD researcher interning at IBM proposed the first “fully homomorphic encryption” (FHE) scheme to perform similar computations on encrypted data without revealing the plaintext, which entailed several crucial breakthroughs for the usability of the technology, including:

• Secure data sharing and analysis: In many industries including healthcare, finance and government, sensitive information must be shared between institutions and made sense of without being revealed, as is enabled by FHE.
• Private machine learning: FHE facilitates the training and evaluation of machine learning models on encrypted data, which for organisations translates to harnessing the potential of machine learning without compromising data privacy, even when sharing data with third-party providers or collaborators.
• Privacy-preserving research: Thanks to FHE, the aforementioned data sharing between different parties opens up opportunities to perform research and analysis on data that remains encrypted at all times.

Let’s think a little more about what this means in practice: imagine you’re a biomedical researcher in need of more patient data to analyse so you can measure the efficacy of a new type of cancer treatment. The current obstacle you face is that patients and their carers can (with good reason) be reluctant to share their data, as useful as it may be, for fear of privacy breaches.

But, if their data is homomorphically encrypted, patients would be afforded the peace of mind that their personal details cannot be exposed whilst their medical records are put to good use by scientists. This would in turn allow researchers to analyse information regarding their treatment and responses for the purposes of clinical research, without ever having access to the patient’s identity or any other irrelevant parts of their medical record.

Figure 1, Source: https://link.springer.com/article/10.1007/s40747-022-00756-z

This could lead to a surge in the availability of volunteered data as patients and their carers become more secure in the knowledge that patient confidentiality is not being compromised should they choose to make this data available to researchers.

And we’re not the only ones who see the merits of the technology: In March 2021, Microsoft, Intel, and DARPA initiated the Data Protection in Virtual Environments (DPRIVE) program to advance the development of FHE. This collaboration aimed to create computing solutions capable of handling the intensive computational demands of FHE and to establish guidelines for its proper implementation.

Furthermore, there has been an explosion in availability of Software Development Kits (SDKs) and open-source libraries, enabling developers to more easily work with and build upon FHE technologies. These include:

Microsoft Seal: Microsoft has released an open-source library called Microsoft Seal, which provides tools for developers to implement HE on data sets. This library democratises access to end-to-end encryption and computation services, allowing a wider range of developers to engage with FHE. It includes examples of homomorphically encrypted programs and detailed commentary to assist developers in correct and secure implementation.

Intel’s Homomorphic Encryption Toolkit: Intel has introduced its Homomorphic Encryption Toolkit, designed to speed up HE processes in cloud environments. This toolkit is versatile and compatible with the latest data processing and computing advancements. It features functions specific to lattice cryptography, integration capabilities with Microsoft Seal, and provides examples and technical guides for users.

Google’s Private Join and Compute: Google has developed an open-source library named Private Join and Compute, which offers tools for multi-party computation (MPC). This method allows multiple parties to analyse combined data sets without compromising the privacy of the raw data. The library combines FHE techniques with Private Set Intersection (PSI), another cryptographic method, to enhance data confidentiality. Google’s focus extends beyond FHE, aiming to advance the broader field of MPC by integrating FHE with other significant data privacy practices.

Now to shift our attention back to the intersection between blockchain and HE, we know how important it is for blockchain data to be available for the purposes of computation, analysis and regulatory compliance. And we also know how important it is for that data to remain private even while it’s made use of by the relevant entities. So, here are three pressing issues that we believe HE is about to solve in the blockchain space.

Eliminating Maximal Extractable Value (MEV) attacks

Maximal Extractable Value (MEV) has for several years been a significant pain point for decentralised finance (DeFi). For those of you who are unfamiliar with it, MEV refers to the additional profit that can potentially be gained by miners or validators on a blockchain network by using their discredition to manipulate the order of transactions within a block.

It typically occurs via a process of front-running, which is when miners and validators identify pending transactions that are likely to be profitable for the trader (e.g., because they will result in a price change) and then executing those transactions before other miners or validators can see them.

Another way that MEV can be enacted is via reorging, which involves reordering transactions within a block after that block has been published, ultimately manipulating the outcome of trades or arbitrage opportunities. Finally, it may also occur via fee sniping, which is a process of strategically submitting transactions with higher gas bids than necessary, in order to incentivize miners or validators to include them in a block at the expense of other people’s transactions.

Imagine a scenario where a miner or validator sees two pending transactions on Ethereum’s largest exchange, Uniswap:

Transaction A: A user wants to swap 100 ETH for USDT.

Transaction B: A user wants to swap 1,000 USDT for ETH.

If the validator includes Transaction A in the block before Transaction B rather than treating them as transactions in separate blocks, they can profit from the price difference between the two pending transactions. So, they proceed to execute Transaction A themselves, which causes the price of ETH to increase. Then, they move Transaction B into that same block, which would allow them to sell this newly acquired ETH for a much higher price than the user intended to buy it for.

MEV attacks are causing significant detriment to the adoption and reputation of DeFi, earning it in its early years a reputation as a ‘Wild West’ wherein privileged actors can induce higher transaction fees and unfair price movements at the expense of smaller fish. It is estimated that around 60% of Ethereum blocks currently contain MEV, which translates to losses of hundreds of millions of dollars on the part of traders on the network. Early adopters of DeFi rightly have an unwavering belief in the merits of decentralised, peer-to-peer transactions on blockchain-based exchanges that do not rely on physical market makers to determine prices, and are not at liberty to arbitrarily halt users’ trades in the same way that, say, brokerages like Robinhood were during the GameStop scandal. The current tragedy therefore is that they often cite MEV attacks as the reason for reluctantly moving their trading back onto centralised exchanges.

Thankfully, HE on blockchain has the potential to effectively eliminate MEV attacks by allowing for encrypted smart contracts wherein on-chain transactions can be processed and validated without being broadcast publically to the ledger. This means that miners or validators would not know key details about the transaction, such as its value or the assets being exchanged. They would only know that the transaction exists and offers the opportunity for them to earn the standard fee for validating it. This way, it would be impossible for them to extract MEV at the expense of the blockchain’s users as they would not know how to manipulate the order in which transactions are processed.

Keeping hackers and thieves in the dark

As we know, block explorers such as Etherscan contain information on the value of every single wallet on the Ethereum network and everything that has ever been done in that wallet to accrue the value it has. This includes where your funds initially came from, what you traded on decentralised exchanges, where you parked your assets for passive yield, or which permissions you’ve granted for activity on your wallet while you’re ‘AFK’. It’s rather like walking around downtown and seeing everybody’s bank balances and transaction history tattooed onto their foreheads — the only difference being that you might not necessarily know whose transactions belong to who on-chain.

In some rare but non-negligible cases, owners of certain wallets have been identified and pursued by criminal gangsters in real life by way of threats and violence, to hand over their private keys. But even being unable to figure out who owns a big wallet doesn’t stop increasingly sophisticated hackers from wanting to exploit that wallet for all that it has. What’s more is that the transaction history, as well as just the value of the wallet, can serve to facilitate their efforts to trick the user into losing their funds to the attacker.

One such example of how that’s achieved is via the ‘wallet poisoning’ method, a direct byproduct of blockchain’s sheer transparency in its current form. Since 2022, address poisoning, also known as address spoofing, has been performed by attackers to trick victims into transferring their assets to a custom-made address that looks very similar to another trusted wallet on your Etherscan transaction history:

Figure 2, Source: Trireme Trading

This method relies on bots monitoring big wallets they wish to target, waiting for its owner to deposit any token to it (let’s say LINK), and then depositing a fake, valueless token masquerading as the same token with the same ticker, from a ‘spoofed’ address they’ve created to resemble the real address, as soon as that occurs. The problem this creates is that next time the user checks their Etherscan history in search of the wallet address that they sent themselves the LINK from, they might accidentally select the spoofed address that sent them the same amount of fake LINK just moments after they had made the real transaction, and then send new funds there instead.

Of course, as you’ve guessed it: this would no longer be an attack vector in the event that on-chain transactions are homomorphically encrypted, as transaction sources, destinations and values would not be visible to others; the transactions would simply ‘exist’ for the purposes of node consensus and validation, thus upholding the security and reliability of the technology underlying the network without telling the user’s entire on-chain life story to the prying eye of hackers and thieves.

Eliminating Unwarranted Mass Surveillance of Users

The transparency of blockchain has also catalysed concern that it is susceptible to mass surveillance by governments and corporate entities. Governments, in particular, are increasingly interested in leveraging blockchain data for surveillance purposes, including tracking individuals’ financial movements, identifying patterns in their spending habits, and even assessing their political affiliations. This is best exemplified by the proposals of several countries to introduce Central Bank Digital Currencies (CBDCs), which could be distributed to citizens on-chain to facilitate the monitoring of transactions.

Corporations, too, have expressed willingness to tap into blockchain data for targeted advertising and marketing campaigns. By analysing user transactions and identifying their purchasing patterns, companies can gain a deeper understanding of their preferences and tailor their marketing strategies accordingly. Once again, this practice raises concerns about data privacy and the potential for manipulation.

HE would once again provide the solution to these privacy concerns. By enabling the encryption of blockchain transactions while maintaining their integrity and auditability, HE renders the sensitive details of transactions opaque to unauthorised parties.

In addition to addressing these concerns, HE would also pave the way for a multitude of novel applications on blockchain, including:

1. Blind NFT auctions, fostering greater fairness by eliminating bidding wars and artificially inflated prices by malevolent actors, all the while preserving the user’s privacy as nobody knows how much they bid
2. Truly competitive GameFi: NFT-based strategy games would become fairer competition as nobody can see which ‘cards’ you own prior to entering into a duel with you.
3. KYC-compliant DeFi: DeFi protocols will no longer need to rely on centralised intermediaries to determine the eligibility and compliance of the user, who would now be able to share their relevant details without them actually being revealed to anybody. This will naturally enable DeFi to continue its meteoric growth as it overcomes the bottleneck of challenges in ensuring regulatory compliance on-chain.
4. Private DAO voting: Users can vote on proposals in the governance of DeFi protocols without exposing their voting power or the decision they actually took, thus reducing the scope for bribing and sabotage of the currently maligned governance process.
5. Private Machine Learning: Cryptocurrency projects typically incorporate machine learning into their operations in order to analyse vast amounts of data and make informed decisions. DCommerce, for instance, Without a solution such as HE, users exhibit privacy concerns and are often hesitant to share their sensitive information on a public network. This lack of privacy is hindering the adoption of blockchain-based applications that require access to sensitive data, such as financial transactions.

Let’s finally take a look at some of the first projects in the space to embrace HE.

Fhenix: The first FHE-enabled Layer 1 blockchain

Fhenix defines itself as “the first blockchain powered by Fully Homomorphic Encryption (FHE) to bring computation over encrypted data to EVM smart contracts”. As a fully EVM-compatible chain, it will provide a set of EVM extensions called fhEVM to enable developers to seamlessly integrate FHE into their workflows and create encrypted smart contracts using Solidity. fvEVM, meanwhile, was initially developed by Zama, a leading crypto firm building open-source FHE solutions for blockchain and AI. Fhenix’s planned use cases include:

• Confidential transactions
• Confidential voting
• Confidential auctions
• Confidential gaming
• Decentralised Identities (DID)
• MEV Protection
• Privacy-Preserving AI

In September 2023, Fhenix raised $7m in a seed round led by Multicoin Capital and Collider Ventures, alongside contributions from Node Capital, Bankless, HackVC, TaneLabs, Metaplanet, and Robot Ventures. The capital raised in this round is earmarked for launching the Fhenix Network’s public testnet in the early part of next year and will also aid in the development of applications within its ecosystem. Its full roadmap is as follows:

• Q1 2024: Testnet launch
• Q3 2024: Cross-Chain Compatibility
• Q1 2025: Testnet Optimisation
• Q2 2025: Mainnet launch

Privasea

The Privasea AI Network will be a cutting-edge new tool that aims to proritise data privacy and security throughout the AI computation process. Specifically, it leverages FHE to perform computations on encrypted data, generating results indistinguishable from those obtained on unencrypted data without ever exposing it in its original form, facilitating seamless AI collaboration among multiple parties

Necessity being the mother of invention that it is, the project was in part conceived out of a need to strictly adhere to increasingly encompassing data protection regulations, including the EU’s General Data Protection Regulation (GDPR), which impose stringent requirements on the collection, processing, and storage of personal data.

But Privasea’s aims go even further than that: they are aiming to overcome the age-old challenge of protecting sensitive data from unauthorised access and intrusions. By implementing privacy-preserving techniques to safeguard personal data during machine learning, they hope to encourage individuals to willingly share vital data upon which computations can greatly enable breakthroughs in machine learning, without fear of privacy violations.

You can try out a demo of their Secure Face ID verification here: https://securekyc.privasea.ai/

Penumbra

Penumbra is a secure, cross-chain network in development designed for anonymous transactions, staking, swapping, or market making. It integrates with Inter Blockchain Communication (IBC) to protect the privacy of cryptoassets from any IBC-compatible chain. This makes Penumbra a confidential hub for the entire Cosmos ecosystem and potentially more. Additionally, Penumbra addresses are equipped with a viewing feature, allowing users to selectively share their transaction details with approved third parties for compliance or other purposes.

The fundamental mechanism of the flow encryption system is based on a partially homomorphic encryption scheme. This setup enables users to execute transactions with encrypted values. Subsequently, these encrypted values are collectively processed, or ‘aggregated’, by validators utilizing the principles of homomorphism. Following this aggregation, the combined total, referred to as the “batched flow,” is decrypted through a threshold decryption scheme.

Moreover, Penumbra offers a private trading feature through ZSwap, its shielded automated market maker model based on frequent batch auctions. This system ensures that individual swap requests remain confidential upon submission. They are then aggregated in an encrypted format and processed collectively at a uniform clearing price. This approach safeguards against front-running and improves the quality of trade executions. The privacy of individual traders is maintained as only the aggregate totals of each batch are disclosed, preserving the long-term confidentiality of each trader’s history.

zkHoldem

zkHoldem is the world’s first decentralised online Texas Hold’em game that uses HE to ensure that your cards are revealed only to you, without even the project team being able to see them. It allows users to play against each other using cryptocurrency-based payment settlement in real-time.

Across the burgeoning GameFi sector, HE can help foster a fairer and more competitive gaming landscape by preventing users from gaining an unfair advantage by tracking the in-game asset ownership of other players as represented by their on-chain NFT holdings.

This actually helps to overcome a crucial pain point for GameFi: whilst moving games on-chain has afforded gamers the undeniable benefit of knowing that their rewards are distributed fairly and in perfect accordance with the game’s achievements without the need for a trustworthy third party to ensure it, competition on any blockchain-based strategy game, for instance, is currently greatly undermined by the fact that you can see all of your competitors’ in-game assets in the form of NFTs on their wallet, and adjust your strategy accordingly.

To recap

Blockchain’s meteoric growth in recent years has up until now brought us to a crossroads where the available exits cannot take us to a destination where blockchain is private, compliant, secure and scalable all at once. The prospect of integrating HE offers not just enhanced privacy and security in a similar way to ZKPs, but also significant financial implications and areas of growth by virtue of its scalability. The application of HE in blockchain is particularly crucial in sectors where data security and privacy are paramount, yet the need for computation on encrypted data is inevitable. This includes finance, healthcare, and government sectors, where blockchain can transform data handling and processing while ensuring compliance with stringent regulations.

The financial value proposition of HE lies not in its ability to offer privacy and security per se, but to do this in a way that’s highly scalable and versatile in its applications. Unlike ZKPs, which effectively address issues like MEV and offer a degree of privacy, HE takes things a step further by enabling the actual computation of encrypted data, offering a robust solution for blockchain applications that need to handle sensitive consumer information for the purposes of analysis and knowledge creation, rather than just transaction. This capability will be critical to the widespread adoption of blockchain in consumer-facing applications, where data protection is of paramount importance.

The scalability of HE is a game-changer for blockchain. It enables blockchain networks to handle larger volumes of transactions and complex computations without compromising privacy. This is of immense benefit to blockchain applications that require intensive data processing, such as complex financial models, large-scale supply chain management, and comprehensive health data analysis. Never before have sectors handling large volumes of sensitive data had access to such a scalable and affordable solution to their needs within the realm of blockchain.

But the financial benefits of adopting HE in blockchain extend beyond just operational efficiency. HE can also increase user trust and adoption, thereby opening new revenue streams and market opportunities for blockchain-based solutions. As more industries recognize the potential of blockchain technology enhanced by HE, we can expect an influx of investment and innovation in this space.

This analysis is not intended as a ‘hit piece’ on ZKP technology in any way — ZKPs continue to offer a valuable solution to many blockchain privacy and security issues, and merits to its implementation in certain blockchain subdomains remain clear to see. HE simply presents a more comprehensive and scalable approach; its ability to perform computations on encrypted data while maintaining privacy and security positions it as a key technology for the future growth of blockchain.

As we move forward with the implementation of HE on-chain, we may just no longer have to choose between securing our blockchains and keeping them private, and being able to scale up complex analysis of encrypted data ina cost-effective, computationally efficient way.