Top 3 myths about homomorphic encryption
There’s been a lot of buzz surrounding homomorphic encryption because it comes with a lot of promise. But what's really behind the hype?
Homomorphic encryption stands out from other encryption methods as it guarantees the encryption of data while it’s being used for computation.
In this scenario, organizations can engage in data and analytics, enable secure voting (for elections) and more. As we enter a new decade of hyper-digitization and smart cities, encryption will be critical to protecting data from malicious insiders and external threat actors.
However, there are some myths surrounding this technology that needs to be quashed. Before we get ahead of ourselves, let’s define it.
What is homomorphic encryption?
Homomorphic encryption is fundamentally a cryptographic technique that allows mathematical data to be calculated without decryption. So users can run programs without actually decrypting the data stored in a cloud.
Let’s break this down.
Imagine this scenario: Your company has an encrypted database of customer search terms. While leaving them encrypted, you can search through them directly and get the same results while the database stays encrypted.
Homomorphic encryption essentially allows you to perform complex calculations without compromising the privacy of your customers. This approach, from a theoretical point of view, is a massive win for both privacy and security.
Why? There’s no need to hand out any decryption keys, so there’s no risk of anyone stealing your sensitive customer data. The same applies to election data that demands strict anonymity.
Myth 1: Homomorphic encryption will enable hack-proof elections
Homomorphic encryption technologies have led to the development of secure and verifiable voting systems such as Microsoft’s ElectionGuard. With ElectionGuard, citizens are able to track their votes with a code to ensure it has been recorded or sent to the proper authorities to be audited.
The tabulation process will take place securely in parallel with existing tabulation processes. So if there’s an audit, random ballots can be pulled from the database for comparison with paper ballots. This will help combat machine errors that can have an impact on results.
While the vote is trackable by just the voter, the system is limited to only computing the number of encrypted ballots and reporting the results.
But the problem with this idea is that you have to trust the party that’s storing and managing the data (securely). If they make mistakes, all your efforts will be futile. Furthermore, the encryption backdoors that governments are pushing for could easily lead to elections getting hacked.
Myth 2: Homomorphic is a robust privacy technique
Although the terms are often used together, privacy and security are two different things. Security is about hacking, so we have network firewalls, encryption (of course!), two-factor authentication and so on.
Privacy is about making sure that both personal and enterprise data isn’t misused. We use techniques such as data bucketing (or k-anonymization) to mask sensitive information, but while privacy is preserved, we can’t quantify how well it’s preserved.
However, with differential privacy, we can achieve true anonymization that enables the quantification of how much privacy is being preserved. That’s why iPhones can study your typing patterns and make suggestions without compromising your privacy.
While this type of technology has been around for a long time, recent regulations and enforcements such as the EU’s General Data Protection Regulation (GDPR) have led to significant acceleration within this space.
There can never be privacy without security. So homomorphic encryption can help boost privacy, but it’s not a privacy technique in and of itself. If you want to achieve strict confidentiality, you have to understand the difference between privacy and security and choose an approach that complements both.
Myth 3: Homomorphic encryption will see rapid adoption
To achieve total homomorphic encryption quickly, we will need significant computing power and highly efficient algorithms. The way we construct public keys for this technology is also expensive (because of the key-switching matrix).
So at present, it works in theory and research verticals at a relatively low level. As technology improves, we can expect to see homomorphic encryption becoming a viable solution, but that’s still some years away.
To learn more about homomorphic encryption and our very own military-grade encryption solutions, reach out to us at Artmotion.
This post was originally featured on Security Boulevard.