Performing operations on encrypted data using homomorphic encryption
For a great project we are doing for a client of WonderBit, we are experimenting with homomorphic encryption (HE).
In short, HE is a cryptographic method where potentially sensitive information is encrypted in such a way that users are allowed to perform mathematical operations on the encrypted data without the need of decrypting it first. This means that data remains confidential while processing, which can be very useful for sensitive data shared with untrusted parties, such as a commercial cloud service provider.
Background
Fully homomorphic encryption (FHE) schemas are algorithms that support both addition and multiplication operations on encrypted data. Modern systems nowadays support many more operations, such as exclusive or.
This revolutionary type of cryptography was proposed as early as 1978, but it wasn’t until 2009 that Craig Gentry at IBM invented the first fully homomorphic encryption (FHE) algorithm. From there, several generations of FHE emerged.
In a video on YouTube Gentry uses the analogy of a glovebox where anyone can use the gloves to pick up and manipulate objects inside it, but are unable to remove anything from the box.
While the benefits are apparent, FHE implementations are still inefficient and slow on current hardware, so not yet usable for large-scale computations on big datasets.
Examples
As an example, consider the fictional exchange of medical data between an medical researcher and a hospital. The researcher requests data about a certain group of patients at the hospital, but the hospital — aware of privacy concerns — cannot share this sensitive information about their patients. The hospital decides to homomorphically encrypt the data so the medical researcher can still perform computations on it without actually accessing the medical records.
You can also think of an online voting system where casted votes are encrypted and remain verifiable by the individual voters. In this system the total votes per candidates can be calculated without decrypting the individual votes, protecting the integrity of the data and privacy of the voters.
An actual example closer to home is the password checking feature in Google Chrome and Microsoft Edge. Both browsers use homomorphic encryption to verify whether locally stored passwords exist in huge databases containing breached passwords, without sending the passwords in clear text over the line.
Open-source libraries
Without the need to understand the complex but genius math behind homomorphic encryption (it’s witchcraft to me), you are able to experiment with several great open-source libraries are available, such as IBM’s FHE Toolkit for Linux, Microsoft’s SEAL (also see PySeal, a wrapper for Python) and Google’s FHE implementation.
At WonderBit we have applied FHE successfully in a proof of concept demonstration project using IBM’s excellent FHE Toolkit.
Conclusion
I can think of several other interesting use cases where FHE can be implemented in a meaningful way. It is definitely a technology we will hear more from in the near future. Let me know what you think!
