# Types of Homomorphic Encryption

At its root, homomorphic encryption is a form of encryption that permits users to perform computations on encrypted data without decrypting it first. Essentially, homomorphic encryption turns a set of data into code to allow data analysis without sacrificing privacy. There are three types of homomorphic encryption, and they use variations or extensions of public key cryptography to encrypt and decrypt data.

In practice, homomorphic encryption allows you to subdivide encrypted data so you have one key to decrypt the entire data set and several other keys that only decrypt the subparts. This gives you the opportunity to have different pieces of encrypted data to be worked on or viewed by different people independently. The end result is more direct control of the privacy of the encrypted data.

## Partially Homomorphic Encryption

Partially homomorphic encryption refers to an encryption scheme that evaluates circuits consisting of only one type of mathematical gate. Examples of mathematical gates are addition and multiplication. While this limits the potential applications, partially homomorphic encryption schemes are relatively easy to design.

An example of an additive partially homomorphic cryptosystem is the use of the Paillier cryptosystem, which is a type of public key cryptography. Public key cryptography is a cryptographic system that uses pairs of keys for encryption and decryption. The public key may be known to others, but the private key is known only to the owner. In this system, any person can encrypt a message using the public key, but the encrypted message can be decrypted only with the private key.

**Security of Partially Homomorphic Encryption**

Protecting unencrypted data is more important as cloud computing becomes more prevalent. Unencrypted data on the cloud and in other untrusted environments can leave the data vulnerable. Further, with quantum computing having the potential to break current encryption systems, including those used by VPNs (virtual private networks), finding a future-proof encryption scheme is becoming more important.

Homomorphic encryption is a step in the right direction for attaining data security without obfuscating the information. Most homomorphic encryption schemes, even partially homomorphic schemes like the Rivest-Shamir-Adleman (RSA) scheme, are secure against traditional attacks. Although partially homomorphic encryption is the simplest form of homomorphic encryption, it can still provide secure sharing. Current partially homomorphic encryption is based on cryptosystems that are not secure against quantum computing, while the latest fully homomorphic encryption (FHE) is believed to be quantum safe..

**Supporting Power Operations**

Partially homomorphic encryption supports power operations as an extension of supporting multiplicative operations. For example, the RSA encryption algorithm is a multiplicatively homomorphic algorithm used by computers to encrypt and decrypt messages and is a form of public key cryptography. With RSA encryption, multiplying two ciphertexts encrypted with the same key is equivalent to raising the product of the plaintexts to the power of the secret key. The limiting mathematical factor of partially homomorphic encryption is not the complexity of the gate but the number of gate types.

## Somewhat Homomorphic Encryption

Somewhat homomorphic encryption refers to an encryption scheme that can evaluate two types of gates, but only for a subset of circuits. The limit on somewhat homomorphic encryption comes when a ciphertext generates too much noise in the data. When there’s more noise from a ciphertext, there’s more computational overhead and the somewhat homomorphic encryption scheme functions more slowly.

Another limit of a somewhat homomorphic encryption scheme is multiplicative depth. Multiplicative depth is the maximum number of multiplications a somewhat homomorphic encryption scheme was built to perform. Even with these limits, somewhat homomorphic encryption can still be effectively used in physics applications involving coherent states.

**Distinctions between Somewhat and Fully Homomorphic Encryption**

The original construction of fully homomorphic encryption started with a somewhat homomorphic encryption scheme as the major building block. While the mathematical foundations of the two encryption schemes are the same, their capabilities are quite different. The major difference between somewhat and fully homomorphic encryption is their capacity limits. Somewhat homomorphic encryption is limited to evaluating low-degree polynomials over encrypted data, due to the ciphertext noise buildup.

These different encryption schemes work in different scopes, sometimes in the same field. An example of this is the fixed and mobile nature of 5G networks. Somewhat homomorphic encryption would work well on fixed networks, which have more limited data circuits and fewer gates. For the mobile networks, fully homomorphic encryption would be used, as it does not have the same homomorphic operation limits. Fully homomorphic encryption can perform an unbounded number of operations, while somewhat homomorphic encryption cannot.

**Ring-Based Encryption Schemes**

Some of the best advances in the implementation of somewhat homomorphic encryption schemes have come in the context of ring-based schemes. The security and performance of practical homomorphic encryption schemes is based on the Ring-Learning with Errors (RLWE) problem. RLWE is a computational problem considered to be safe from quantum computers and is built on the arithmetic of polynomials. RLWE schemes are somewhat homomorphic because the depth of values cannot be infinite.

There are many somewhat homomorphic encryption schemes that are ring based because of the security such schemes provide. In a study (PDF, 557 KB) conducted at the University of Bristol, two ring-based schemes rose to the top of a pool of six somewhat homomorphic encryption schemes after rigorous limit testing. For small plaintext the Yet Another Somewhat Homomorphic Encryption (YASHE) scheme is most efficient. As the plaintext becomes larger, the Brakerski-Gentry-Vaikuntanathan (BGV) scheme quickly outperforms the other ring-based schemes being tested.

## Fully Homomorphic Encryption

Fully homomorphic encryption allows the evaluation of arbitrary circuits made up of multiple gate types of unbounded depth. In other words, fully homomorphic encryption is the most robust of the three types of homomorphic encryption. FHE can be used in more complicated data security situations and help overcome mobile network challenges.

**Practicality of Homomorphic Encryption**

There are a few important limiting factors for using a homomorphic encryption scheme. Any homomorphic cryptosystem is going to be computationally intensive at a mathematics level, which can be inefficient to run.

Additionally, many homomorphic algorithms are privately owned or proprietary, so access is limited. Stemming from the access issue, if multiple groups encrypt different pieces of a data set, different encryption schemes may be used. Evaluating circuits where one portion of the data has been encrypted with a different scheme (PDF, 557 KB) than the rest becomes complicated.

**Natural Language Processing**

Natural language processing (NLP) is a branch of computer science related to artificial intelligence. NLP combines linguistics, machine learning, and deep learning to “understand” written or spoken text. The data NLP can provide quickly is immense. Still, in many cases, as with medical data, the organization with access to the information doesn’t have the technical expertise or computational power to use NLP.

This is an example of where homomorphic encryption can be used. The data can be encrypted, and the medical information can be separated from the patient’s personal information. The encrypted data can then be turned over to an organization with NLP capabilities, and data analysis can ensue without privacy risk.

## Future of Homomorphic Encryption

With many companies relying on the cloud for data storage and analysis, homomorphic encryption technology is evolving to keep this data private and secure. The homomorphic encryption industry is growing to meet business demands, and the resulting homomorphic encryption market report looks promising. While all three types of homomorphic encryption are valuable and generally secure, the focus of the future is fully homomorphic encryption.

**Homomorphic Encryption from the ’70s to Now**

The RSA scheme was published in 1977. It is a public key cryptosystem that is widely used for secure data transmission. Within a year of its publication, attempts at constructing a fully homomorphic encryption system had begun. Developing a successful fully homomorphic encryption scheme took thirty years. In 2009 Craig Gentry constructed the first FHE scheme. Over the next few years, more efficient and fully homomorphic encryption systems were developed.

In 2013 Gentry, Amit Sahai, and Brent Waters proposed a technique for creating an FHE scheme that would avoid relinearization in homomorphic multiplication. Resulting cryptosystems have a slower noise growth rate and offer stronger security. Today the focus on new techniques involves encrypted machine learning and security when decryption results are publicly shared.

**Homomorphic Encryption and Other Encryption Types**

With the advent of cloud computing, mathematicians and technology experts are revisiting old encryption methods, and new approaches are emerging. One method for secure computation is to construct Boolean circuits as a function representation. The Boolean circuit could then be encrypted to disguise the original mathematical function. In brief, a Boolean circuit is a mathematical model for combinational digital logic circuits.

A new security model some major technology companies are beginning to use is confidential computing, which is designed to protect data at rest, in transit, and in use. It does this by storing data in a trusted execution environment where it is impossible to view the data or operations performed on it from outside. This technique can be complementary to homomorphic encryption.

Many available traditional encryption systems are symmetric, meaning the same key is used to both encrypt and decrypt the data. These encryption systems are much faster than homomorphic encryption and allow the data to be stored in encrypted form. To perform analytics on this encrypted data, the cloud server would need access to the secret key, which raises significant security concerns.

Homomorphic encryption, on the other hand, is asymmetric. This type of encryption uses a public key to encrypt plaintext to ciphertext and private keys to decrypt the data, or subsets of the data. It has more computational overhead than traditional encryption but provides significantly more security when it comes to data analysis.

**Homomorphic Encryption in the Future**

The applications for homomorphic encryption in the future are all about improved data privacy. One great example of a potential use is voting. In combination with other technologies, like distributed ledger, a person’s vote can be encrypted separately from their identity. With homomorphic encryption, one party will be given a key to decrypt the encrypted result of the vote. And another party will be given the key to decrypt the identity of the voter.

Because the decryption keys are distinct, neither party will have access to both pieces of information. In this way, officials can make sure no one voted twice and can find out the results of the vote without voters losing privacy.

The role of homomorphic encryption is expected to grow, powering security in the cloud and over the internet. A company can encrypt a database, then upload it to the cloud to be analyzed without the entire data set needing to be decrypted.

While limitations on data complexity and computational power still exist, the field continues to grow and evolve. The global homomorphic encryption market is expected to witness market growth at a rate of 7.5 percent from 2021 to 2028, according to Data Bridge.

## Homomorphic Encryption Innovation

Fully homomorphic encryption is still relatively new in terms of proven mathematics. Many of the major developments of the encryption system have occurred in the last two decades. Contemporary companies are building technologies that require more robust security in an age where the cloud is the most efficient and cost-effective space to store and analyze data.

With many organizations looking to utilize homomorphic encryption to protect data in the cloud, the list of open-source implementations is growing. Homomorphic encryption is becoming widely available and is expanding to meet the demands of protection in the age of quantum computing. With a healthy market and concerns over data privacy becoming ever more serious for many businesses, all three types of homomorphic encryption are likely to see expanded use.

*Interested in joining IEEE Digital Privacy? IEEE Digital Privacy is an IEEE-wide effort dedicated to champion the digital privacy needs of the individuals. This initiative strives to bring the voice of technologists to the digital privacy discussion and solutions, incorporating a holistic approach to address privacy that also includes economic, legal, and social perspectives. Join the IEEE Digital Privacy Community to stay involved with the initiative program activities and connect with others in the field.*