Homomorphic Encryption Use Cases
The way we communicate is changing with the fifth generation (5G) of telecommunications. With growing numbers of mobile users, cloud computing, and more, data privacy is more important than ever.
Enter homomorphic encryption, a cryptographic scheme that allows data processing without decryption. A homomorphic encryption scheme (PDF, 3 MB) can be applied to various sets of data so only pieces are shared with those authorized to see them, increasing data privacy and security. From business to health care applications and beyond, the development of this technology suggests many future homomorphic encryption use cases.
Why You Need Homomorphic Encryption
Homomorphic encryption is emerging as a privacy-enhancing technology. Through this encryption method, computations are done to the encrypted ciphertext. The data is only returned to plaintext through decryption when the user unlocks it with their secret key.
How Homomorphic Encryption Is Changing Data Privacy
A 2021 Statista survey found that 64 percent of respondents were most concerned about data loss/leakage when it came to cloud privacy concerns. And 62 percent of those surveyed also said that data privacy/confidentiality was a major cloud security concern.
Currently, the most widely used encryption methods allow for data encryption while it’s in storage but not while that data is being actively used. When the data is decrypted, it poses a security risk, particularly if the cloud provider or network isn’t secure. Through homomorphic encryption, however, data remains encrypted through computation.
Consider the process of accessing money in a safe. In order to get the money, you’d have to open the lock, leaving a window of time for someone else to steal it. Through homomorphic encryption, it’s possible to essentially access the contents of the safe without opening it at all.
Homomorphic encryption has many implications for future use. Namely, organizations can anticipate collaborating and sharing information while keeping users’ data private.
Homomorphic Encryption and Cloud Computing
Through cloud computing, data is stored and managed on servers over the internet instead of a local server or personal computer. While convenient, this carries privacy and security risks. Users must trust that the cloud service stores and manages data securely. A lack of transparency or insufficient contract regulation can result in services selling user data to third parties.
Cloud computing is also vulnerable to data breaches. Moreover, cloud servers face challenges regarding regulatory compliances, like keeping health care patients’ personal information private, in line with the Health Insurance Portability and Accountability Act (HIPAA).
With homomorphic encryption, organizations like medical institutions would be able to carry out certain procedures while following regulations. For example, medical institutions could conduct long-term health monitoring or contact tracing in the midst of a pandemic. This would keep them in line with HIPAA regulations while expanding the possibilities of health care.
Advantages of Homomorphic Encryption
Through homomorphic encryption, organizations will be able to establish a higher standard of data security. In addition, this technology will allow them to analyze data without infringing on users’ privacy.
Homomorphic encryption is especially important in light of the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR). These laws set guidelines for the protection and collection of personal data, and those who violate regulations can pay thousands—or even millions—of dollars or euros in fines.
Industries That Can Benefit from Homomorphic Encryption
Regulated industries, like finance, retail, information tech, and health care, will all be able to benefit from homomorphic encryption. As the technology advances, it will be possible for these industries to perform computations on large data sets through techniques like machine learning, all while keeping sensitive data secure.
For example, IBM researchers have used homomorphic encryption to apply machine learning on fully encrypted banking data. The fully homomorphic encryption scheme they used made predictions that were as accurate as the model based on unencrypted data.
Research shows that it’s possible for machine learning to make predictions based on the client’s underlying data while avoiding potential data risks. For institutions like banks, homomorphic encryption could prevent both external breaches and internal weaknesses involved when employees can access sensitive data with no strict regulations.
Preserving Confidentiality through Homomorphic Encryption
Homomorphic encryption is based on lattices, which hide data in a repeating collection of points. It’s difficult for both a quantum computer and a traditional computer to break lattice-based encryption, adding to its security.
Data sets are encrypted while retaining the same structure and mathematical operations. A block of ciphertext that is computed on is structurally the same as its plaintext counterpart.
For example, say a user wants to upload data to a cloud-based server. They would be able to encrypt it, turning it into ciphertext, and upload it. The server would then process that data without decrypting it, and then the user would get it back. Only then would the user decrypt it with their secret key.
How the Internet of Things Affects Security and Privacy
The Internet of Things (IoT) refers to a network of physical devices embedded with software. This software allows them to exchange data over a network, typically the internet. For example, consider “smart home” technology, which can be controlled by smart devices, or Fitbits, which collect personal health data.
IoT is a growing field that faces increased security and privacy risks. Data is often collected and transmitted to IoT devices without encryption, allowing private information to leak. Moreover, IoT devices are connected to a network, and the network is connected to other systems, each of which could have security vulnerabilities.
The FTC estimates there will be over twenty billion IoT devices by 2025. With so much data being generated by both fixed and mobile users, there are numerous openings for data breaches. It is necessary to implement a more secure system that is resilient to data breaches. And homomorphic encryption will help enable such systems.
Applications of Homomorphic Encryption
In today’s digital security landscape, homomorphic encryption is still a burgeoning technology. Many sectors that are investing in homomorphic encryption currently use hardware security modules (HSM). An HSM is a protected piece of hardware that stores and manages cryptographic keys. HSMs generate output and accept user input, but users (or applications) can’t alter, remove, export, or extract the keys.
Another major form of security is traditional encryption, through which users can encrypt data for secure storage and communication. Once they want to access that data, however, encryption layers have to be removed. Through homomorphic encryption, cloud providers will never have access to the unencrypted data they store and compute on.
This will make homomorphic encryption ideal for securing data in the cloud. It could also help improve security and transparency in elections and other systems where sensitive data is shared.
For example, a homomorphically encrypted search engine could compare an encrypted search query with an encrypted index without storing or reading the plaintext. A bank could analyze its customers’ encrypted data to monitor for fraud or money laundering, without seeing integral bits of information that would infringe on customer’s privacy rights.
Kinds of Homomorphic Encryption
There are three kinds of homomorphic encryption: partially homomorphic encryption, somewhat homomorphic encryption, and fully homomorphic encryption.
Partially homomorphic encryption allows only one kind of mathematical operation to be performed on ciphertext—either addition or multiplication. Somewhat homomorphic encryption allows both addition and multiplication, but only a set number of times.
Fully homomorphic encryption allows both addition and multiplication any number of times. Though more expansive, it’s still an emerging technology. One of the major drawbacks of fully homomorphic encryption is that it’s inefficient. Fully homomorphic encryption schemes are slow and require huge amounts of memory.
Future Implementations of Homomorphic Encryption
Homomorphic encryption was first proposed in 1978, but it wasn’t until 2009 that computer scientist Craig Gentry published a dissertation proving fully homomorphic encryption was possible. Even then, however, fully homomorphic encryption was impractical, requiring a massive amount of time to compute.
Research continues, and open-source libraries like Microsoft’s SEAL lets users access software that implements homomorphic encryption. Already, efficiency has increased since Gentry’s original 2009 encryption scheme by a factor of about a billion. Within the next decade, homomorphic encryption will likely become more commonplace.
Regarding the global homomorphic encryption market research future, homomorphic encryption is predicted to reach US$268.92 million by 2027. North America, particularly the US and Canada, accounted for the largest share. The market is also expected to expand across Europe and Asia.
Fully Homomorphic Encryption in Real Life
Today, homomorphic encryption can be used for more secure elections. Microsoft’s ElectionGuard, for example, uses homomorphic encryption to ensure accurate voting results. Each vote is encrypted, and voters are given tracking codes. Voters can then check if their vote was counted properly. At the same time, nobody else can see how that person voted.
Through homomorphic encryption, it’s also possible to decrypt only the final tally, without seeing information about how individual voters cast their ballot.
Another use includes encrypting and decrypting video. For instance, organizations can use homomorphic encryption to study encrypted feeds of security footage from public locations. Using homomorphic encryption, footage can be decrypted except for a square around each person’s head, for which the organization doesn’t receive the key. This way, they can see what people are doing without revealing identities.
Homomorphic Encryption and Health Care
A white paper published through the organization HomomorphicEncryption.org explores potential homomorphic encryption use cases.
From a medical standpoint, fields like pharmacogenomics—which studies how an individual’s genes affect the effectiveness of a drug—and precision medicine both require the gathering of sensitive data. Under HIPAA, using this highly identifiable information could pose a breach of privacy. Homomorphic encryption could preserve patient privacy while allowing health care evaluation to take place.
In a similar vein, genomics would benefit from homomorphic encryption as well. Genomics carry sensitive information about disease risk, as well as family identity or national origin. Through homomorphic encryption, genomic data could be uploaded to the cloud while protecting patients’ privacy.
Homomorphic Encryption in Law Enforcement and Infrastructure
Other uses include law enforcement and first responder communications (PDF, 4 MB), infrastructure, and education.
Homomorphic encryption can help law enforcement use predictive analysis to detect crime through digital analysis. Law enforcement would only be able to access predictions of the model, rather than the whole data set, to protect citizens’ privacy.
In infrastructure, organizations or governments can gather information about critical infrastructure to study energy use and generation. Were that information to be tampered with, the energy grid could fail. By ensuring the data is encrypted, homomorphic encryption provides security against potential attacks.
Homomorphic Encryption in Education
Finally, in education, teachers and administrators can predict at-risk students and intervene while respecting students’ privacy. They can also gather data about why students drop out. This requires integrating data across different institutions (for example, collaborating with health care facilities if students drop out due to health issues). This ordinarily poses a problem regarding infringement on students’ privacy. Moreover, collecting this data could increase potential for discrimination.
Through homomorphic encryption, schools can check the dropout risk for students without leaking sensitive data. Meanwhile, the data can be compartmentalized so that no one institution has access to all of it.
Security and Privacy in the Future
Homomorphic encryption is a technology that has been in the making for decades. Now, it has emerged from academic theory to real-world applications and will continue to do so. While IoT devices become more commonplace and businesses continue to chafe against regulatory institutions, data privacy is more important than ever.
As companies like Microsoft, IBM, and Google continue to invest in the homomorphic encryption market, use of this data encryption technique will grow. The potential for expanded homomorphic encryption use cases could change the way we do business, monitor our health care, structure education, conduct elections, and more.
Interested in joining IEEE Digital Privacy? IEEE Digital Privacy is an IEEE-wide effort dedicated to champion the digital privacy needs of the individuals. This initiative strives to bring the voice of technologists to the digital privacy discussion and solutions, incorporating a holistic approach to address privacy that also includes economic, legal, and social perspectives. Join the IEEE Digital Privacy Community to stay involved with the initiative program activities and connect with others in the field.