Homomorphic Encryption As A Privacy Enhancing Computation Strategy
If you work in an industry like banking or healthcare where private data is handled and in which data computation offers the ability to spot trends or opportunities, understanding the landscape of options for sensitive data processing is critical.
One such method is homomorphic encryption. This practice is included in the category known as privacy-enhancing technology, or PET, and has been referred to as the “holy grail” of data security because it allows users to perform calculations on data without the need to decrypt it first.
Since decryption isn’t necessary, sensitive data should theoretically remain safe from data breaches during computation. But how, exactly, does homomorphic encryption function, and should you consider using it at your organization?
How Homomorphic Encryption Works
When you hear homomorphic encryption described as the “gold standard” of privacy-enabled computing, it’s likely the reference applies to only one type, but this technology comes in three main varieties. Before we jump into what those are, it’s important to understand homomorphism. This is a mathematical term that refers to an architecture that preserves the structure between two similar algebraic systems.
In general, without getting too deep into the math, homomorphism allows us confidence about the validity of the computations being performed on the ciphertext, albeit to different degrees depending on which type of homomorphic encryption is being used. The user running the homomorphic encryption has a public key — a key anyone can use. However, only an individual with the matching private decryption key can see the unencrypted data once computations have been made on the data.
A good way to think about homomorphic encryption is as a container full of blocks. You can put your hands in the container and manipulate the blocks, but you can’t take the blocks out. Only the person with a private key can access what’s inside.
Types of Homomorphic Encryption
What makes different kinds of homomorphic encryption schemes unique from one another is the kind of “circuits” they can evaluate. A circuit is a type of directed acyclic graph — a sort of mathematical diagram that does not create a closed loop. For our purposes, there are two properties of circuits we care about: depth and size.
The first concept, depth, refers to the longest distance between the output and every input. The second, size, refers to the number of gates — or inputs — the circuit has. The more circuits that an encryption type can evaluate and the more depth and size those circuits can have, the more secure the encryption generally is.
Now, let’s cover the three main types of homomorphic encryption available today:
- Fully Homomorphic Encryption (FHE): This kind of homomorphic encryption, which is also the most secure, or “gold standard” of this computational security method, enables users to perform fully homomorphic operations using both addition and multiplication gates, and can handle an unlimited circuit depth, so the information always remains encrypted and accessible, barring hacking, of course. This makes FHE the best of the homomorphic encryption options for machine learning. However, the “fully” in FHE is somewhat misleading, because while FHE can support more than one operation, it still faces several challenges to practically support a wide range of functions, such as division.
- Partially Homomorphic Encryption (PHE): PHE can process circuits with only one type of gate, addition or multiplication. The size or depth of the circuit remains unrestricted, however, making this a suitable option for situations where the same kind of computation needs to be made multiple times.
- Somewhat Homomorphic Encryption (SHE): This kind of encryption allows for computations that require both addition and multiplication, and computations can be performed an unlimited number of times, but it restricts the depth of circuits, so it is not suitable for very complex data structures.
Real-World Implications and Limitations
Homomorphic encryption has been around for more than 50 years now, but unfortunately, remains impractical. It was first envisioned in the late 1970s and then developed by Craig Gentry. Understandably, there was a lot of excitement about this technology’s potential uses.
The implications of a computational security method that doesn’t require decryption are far-ranging. Homomorphic encryption holds promise for everything from improving secure banking operations to keeping cloud-based data safe. In the public sector, it holds promise in areas where raw data must be processed while remaining protected from potential malicious actors, as is the case with voting machine data. In the public sector, it could help enable analytics on data collected in heavily regulated industries, like banking and healthcare.
However, it’s important to not get caught up in the potential of homomorphic encryption, because there are various factors that continue serve as obstacles to practical implementation:
- It’s not entirely tamper-proof. Since homomorphic encryption still involves the creation of a decryption key, the existence of this key creates a security risk.
- It does not provide regulatory privacy. The European Union’s General Data Protection Regulations (GDPR) and data regulators across the world have concluded that homomorphic encryption is presently suitable only for computational privacy — where multiple parties share physical access to the same machines — not regulatory privacy for cross-border data sharing.
- It’s prohibitively slow. IBM field trials found that a machine learning prediction task took up to 50 times longer to compute and used up to 20 times more RAM when using homomorphically-encrypted data, compared to unencrypted data. The long compute times make homomorphic encryption unsuitable for any application that is time-sensitive, as may be the case with medical data. Despite some of the largest tech firms allocating extensive resources to optimizing homomorphic encryption performance, it remains impractical and challenging to scale.
- It only allows for simple operations. Because FHE only supports addition, subtraction, and multiplication, more complex operations are not possible at the moment.
- It doesn’t offer digital rights management. When dealing with data that must remain secure, digital rights management is absolutely essential, but this is not yet possible with any type of homomorphic encryption. What’s more, once data is encrypted homomorphically, it can be used for any purpose, without requiring the consent of all parties or providing data usage audit trails to them.
A Better Alternative: Privacy Enhancing Computation
Blind Compute, TripleBlind’s proprietary computational privacy and security system, provides one-way, irreversible encryption that allows for completely safe processing of encrypted data. This makes TripleBlind’s breakthrough technology compliant with the world’s most stringent regulatory bodies and regulations. That’s just where the advantages begin:
- TripleBlind offers fast computational speeds. In fact, it’s many times faster than homomorphic encryption. At most, it adds just 15 percent in computational overhead to resource-heavy applications.
- TripleBlind supports any type of operation on any type of data. That includes artificial intelligence algorithms using images, voice, text, and video, such as health-specific data like electrocardiograms, X-rays, and genomic data.
- TripleBlind offers quantum computing safety. By contrast, homomorphic encryption has not been proven to be quantum-safe. For general consumer computing, this may seem irrelevant, but the fact is that quantum computing is emerging, and TripleBlind’s formal mathematical proof of quantum resistance means that even with access to the best computers in the world, a malicious user’s odds of reconstructing original data would be about as good as taking a completely random stab in the dark.
- TripleBlind’s scheme is unconditionally secure. One of the reasons TripleBlind can claim quantum-safety is that even perfect knowledge of the methods used would not allow a bad actor to compromise the data. This type of security is known as ”unconditional security,” and represents the highest possible standard in computing security.
- TripleBlind facilitates auditable digital rights on how data may be used by a counterparty. This ensures that data is only used in authorized ways. In contrast, homomorphic encryption is unable to enforce rules or restrictions regarding how operations are performed on encrypted data.
This software-only API can solve for a broad range of use cases by improving on well-understood principles like federated learning and multi-party computing, to unlock the commercialization of data while preserving privacy and enforcing regulatory compliance — in other words, facilitating responsible innovation.
Ready for a demo of the most complete and scalable solution for privacy-enhancing computation, Blind Compute? Reach out today to see first-hand how TripleBlind can help you revolutionize how your organization handles data security.
Book A Demo
TripleBlind’s innovations build on well understood principles of data protection. Our innovations radically improve the practical use of privacy preserving technologies, by adding true scalability and faster processing, with support for all data and algorithm types. We support all cloud platforms and unlock the intellectual property value of data, while preserving privacy and enforcing compliance with HIPAA and GDPR.