Homomorphic encryption is a type of encryption that allows for computation on encrypted data without the need to decrypt the data first.
Data encryption is designed to protect the confidentiality of information as it is stored in systems or transmitted across networks. Encryption stops your credit card information from being easily intercepted while online shopping, or from revealing your banking transactions or account details when using online banking sites and apps.
More broadly in business, encryption has been of extraordinary benefit. It has allowed companies to understand more about their supply chains, customers, and product processing. It has allowed for those supply chains to proliferate – extending beyond the enterprise and well beyond the borders of a state or country. It has given rise to platforms as diverse as the crowd sourced Etsy marketplace, the corporatised and aggregated multi-sided marketplaces like Alibaba and the encrypted communications platform WhatsApp.
As these examples show, encryption has significantly reduced the risk of doing business online at scale, improving productivity while also protecting sensitive commercial and personal information. But the encryption practices used in these systems are largely to do with the storage of data – what we call “data at rest” – or the transmission of data – what we call “data in transit”. In either of these states, data is fairly secure. But generally, when we want data to be put to work it needs to be decrypted so that computers can transact, compute, analyse or report on that data.
This is the weakest link in your data chain.
It is also where the opportunity to turn data into real business value exists.
Homomorphic encryption changes the rules of the game
Whether we realise it or not, managing, and computing data is a standard part of our workday. Whether it’s compiling a marketing email list, analysing inventory patterns, processing purchases, using social media, or simply using or touching data in any part of the business value chain, we all rely on the access and management of data to do our jobs.
This makes sense when we realise that there are around 4.7 billion active internet users (approximately 60% of the world’s population), generating over 2.5 quintillion data bytes per day (there are 18 zeros in a quintillion). From an economic point of view, 70% of the world’s GDP is now digitised (source: IORG).
Encryption is fundamental to securing the global economic and social value of the internet. Essential to unlocking the business value is decryption. After all, decryption is usually required to analyse and run algorithms across datasets.
But what if decryption wasn’t needed? What if encrypted data could be securely computed, analysed, processed, and reported upon? This is exactly what “homomorphic encryption” allows.
Applied to business at scale, homomorphic encryption could disrupt the very way we understand and manage data. It could change the way we do business, manage technical infrastructure and plan for the future.
We consider homomorphic encryption as a game changer.
How does homomorphic encryption work?
While encryption uses a public key to encrypt data – allowing only an individual (or machine) with a matching private key to decrypt the data, homomorphic encryption takes this to a new level. The word “homomorphic” means “same shape” – and the homomorphic encryption libraries use algorithms to maintain the relationships between elements in data which in turn, allows for encrypted computation.
The resulting computations are also encrypted and can only be revealed through the use of the secure, private key. This additional level of security means that value can be added to datasets without compromising the integrity or privacy of the source data. Perhaps, more importantly, this enriched data can be tracked, traced, and audited – ensuring a continuous chain of custody, building trust and provenance at the same time.
Privacy enhancing technology meets privacy enhancing computation
As you might imagine, encryption itself slows down the speed of computation. And homomorphic encryption with its libraries of algorithms and protections requires a significant additional computational overhead.
In order to deliver privacy enhancing computation – at scale – and in a form that supports large batch processing or real time transaction processing, there is significant hardware and software investment required. We will require new technology visions and leadership.
The IXUP team continues to focus on building secure, private and trustworthy computing technologies, supporting the needs of businesses working with sensitive data, emerging global standards such as GDPR and the expectations of an increasingly vigilant, privacy-aware community.
While we consider homomorphic encryption a vital component of the privacy enhancing technology trend, it is not the end point of a data maturity journey. It is, however, a vital stepping stone. Privacy enhancing computation is a goal that we should all aspire to.
Dr Paul Coe is Chief Technical Officer of IXUP Limited. He specialises in IT strategy with 15+ years experience in large transformation programs that delivered complete enterprise business end-to-solutions, achieved major cost savings and enabled businesses to own their technology direction.