Homomorphic Encryption - Conquering The Performance Challenge
- Maor Volokh
- 3 minute read
Encryption is one of the most important measures that are used to protect sensitive data. In a world where one should assume that data can potentially be leaked, encryption is the last line of defense to protect this data. However, until recently, there was one technological gap in the way to implement end-to-end encryption - it was not possible to use the encrypted data for computations. If, for example, a database contained encrypted data, it was not possible to process it (search for query results, apply calculations, etc) without decrypting it first.
What is Homomorphic Encryption and Fully Homomorphic Encryption (FHE)?
Homomorphic encryption potentially solves this challenge by enabling mathematical computations to be run directly on encrypted data, while yielding the same encrypted results as if the functions were run on the plaintext. This means that it is no longer necessary to decrypt before performing computation tasks. It enables a third party to run applications, such as machine learning or analytics on encrypted data without revealing it.
Types of Homomorphic Encryption
There are several types of homomorphic encryption, which vary according to the types and frequency of mathematical operations that can be performed on ciphertext. The three types of homomorphic encryption include:
- Partially Homomorphic Encryption (PHE) - ensures sensitive data remains confidential by only allowing select mathematical functions to be performed on encrypted values. This means that one operation can be performed an unlimited number of times on the ciphertext. Partially homomorphic encryption is the foundation for RSA encryption. Other examples of PHE include ElGamal encryption (a multiplication scheme) and Paillier encryption (an addition scheme).
- Somewhat Homomorphic Encryption (SHE) - supports limited operations (for example, either addition or multiplication) up to a certain complexity, but these operations can only be performed a set number of times.
- Fully homomorphic encryption (FHE) - while still in the development stage, this holy grail of cryptography is capable of using any efficiently computable functions (such as addition and multiplication, not just one or the other) any number of times and makes secure multi-party computation more efficient. Unlike other forms of homomorphic encryption, it can handle arbitrary computations on the ciphertexts.
The advantages of homomorphic and fully homomorphic encryption
Homomorphic encryption allows the best of both worlds, companies can use aggregated data to train their AI models, run analytics, or perform other types of computations, all without running the risk of exposing sensitive information to 3rd parties or malicious insiders. For example, a medical researcher may want to compute descriptive statistics on a population of lung cancer patients at a hospital, however, the hospital is unable to share its private medical records with the researcher due to the HIPAA regulation. To solve this, the hospital would use FHE to encrypt its sensitive data, so that the data is protected while it can become available to the medical researcher. Another use case is to use homomorphic encryption to make democratic elections more secure and transparent. For example, the Paillier encryption scheme, which uses addition operations, would be best suited for voting-related applications because it allows users to add up various values in an unbiased way while keeping their values private. This technology could not only protect data from manipulation, it could allow it to be independently verified by authorized third parties.
The drawbacks of Fully Homomorphic Encryption
Although FHE is very promising, it is still considered theoretical and is rarely used in practical business applications as its performance hit is impractical to enterprise use cases. Back in 2016, IBM released its first version of its HElib C++ library, but it reportedly “ran transactions that took ‘100 trillion times’ longer than plaintext operations.” Since then IBM has continued working on this issue and have now come up with a version that is 75 times faster, but even this type of performance is usually not enough. This means that any mission critical or customer-facing application that needs to process data in real-time and use this data processing to deliver results to a user, is not practical.
In addition, homomorphic encryption requires application modifications. Since homomorphic encryption relies on its own data structure and query engine, any existing, legacy or third-party applications will not be able to use FHE.
Where FHE could work after all?
Not all use cases require real-time processing. For example, the training of AI and machine learning models is a resource-intensive process that runs as a background process. In this case, FHE is important also because it enables gathering huge amounts of data without compromising privacy. Hospitals would be able to contribute their patients' data to train an AI model that would help identify cancer cells while complying with HIPAA regulations.
Collaborative encryption can solve the performance challenge
Although Collaborative Encryption is not ideal for AI/ML use cases, it can help solve the FHE challenge for all other use cases, especially customer-facing applications that require real-time or near-real-time results. With Collaborative Encryption, the data remains encrypted while in use, without sacrificing performance. By simply deploying a connector between the database and the application, all database queries are intercepted from the application, while allowing standard operations to be performed over the encrypted data, all without code changes. Since Kindite is deployed as a bridge between the application and the database, it doesn't require code changes to the application nor to the database. This means that it can solve all the drawbacks of Fully Homomorphic Encryption, while providing strong encryption of data "in use":
- Strong encryption which is comparable with FHE.
- No code changes to application or DB
- Supports customer-facing applications - no performance issues.
- Supports legacy or 3rd party applications.