Homomorphic Encryption: Privacy Throughout the Data Life Cycle

Homomorphic Encryption: Privacy Throughout the Data Life Cycle
Author: Bruce R Wilkins, CISA, CRISC, CISM, CGEIT, CISSP
Date Published: 7 August 2019

As cybersecurity experts, we are sometimes confronted with encryption techniques that go far beyond our understanding of the math involved. This is fine if we understand how to properly apply technology under the correct conditions. However, just as asymmetrical and symmetrical encryption algorithms, encrypting vs. hashing, and other cryptographic techniques are becoming well-known, something new is appearing on the horizon.

Enter fully homomorphic encryption (FHE). FHE performs calculations on encrypted information (ciphertext) before decryption. Once decrypted, the information looks as if the encryption had been performed on plaintext.

Homomorphic encryption was invented in the 1970s around the same time as Rivest–Shamir–Adleman (RSA) and asymmetrical encryption algorithms were invented. RSA is a partial homomorphic algorithm but is not a fully homomorphic solution. So why does FHE seem to have just recently appeared?

Just like we have seen with deep learning, the resource demand was so great upon discovery that these ideas remained in the realm of theoretical and not practical. However, using today’s modern processing platforms, FHE is becoming (almost) practical.
If you remember from encryption 101, symmetrical encryption uses secret keys. Everyone who wants to communicate in that community must know the secret key. Asymmetrical encryption brings us the ability to have public key infrastructures. Asymmetrical algorithms have public keys and private keys; one pair for each computer or individual in the infrastructure. The root key pair is maintained by a trusted agent from which all other keys are generated.

Up to this point, we had a fundamental understanding that there are 2 kinds of text: plaintext, which is data that have not been encrypted, and ciphertext, which is data that have been encrypted. To protect data at rest and in transit, we encrypt the data. However, when we want to process the data, the data must be decrypted (turned into plaintext) and then processed. Homomorphic encryption algorithms break this paradigm. A homomorphic algorithm allows a user to define query criteria, encrypt it and send it to a database that may or may not be encrypted. At the homomorphic layer of the database, or host-based application, the query will be compared against the data in the database without ever decrypting the query criteria. Thus, the query criteria will only be known to the originator. Simply stated, the query is encrypted, the query is processed and the found set is returned encrypted without anyone but the originator knowing the query criteria that was satisfied and the found set returned.

Homomorphic algorithms are a perfect solution for querying databases that are hosted external to an organization within the cloud or by a third party. As you have probably concluded, there is no possibility of a man-in-the-middle attack or covert channel from your querying pattern. This makes the only issue with FHE the resource requirement. For example, to support one user, homomorphic encryption has led to a query increasing in size up to 2 TB. This, along with the encryption of the found set that could increase size by another 3 to 5 times, makes the technique unattractive in an environment where you are paying for data transfer and computing power. This is further complicated by the processing time needed for complex queries, which can greatly increase. So, size and processing requirements tend to limit the ability to use these types of algorithms at scale. For these reasons, homomorphic encryption is limited to large processing platforms and is not easily scalable.

However, some small enterprises are beginning to overcome some of these limitations. These emerging enterprises have written homomorphic encryption clients that can run on a 4G or 5G (preferred) network-compatible phone. In concert with the client is a host-based application that processes data at the database. The sizes of found sets and query criteria have been reduced by limiting what is being encrypted.

In the future, FHE will become practical for everyday use. Further, when properly implemented, homomorphic encryption will be a transparent layer within the communication stack. You may use it and never even know it.

Bruce R. Wilkins, CISA, CRISC, CISM, CGEIT, CISSP, is the chief executive officer of TWM Associates Inc. In this capacity, Wilkins provides his customers with secure engineering solutions for innovative technology and cost-reducing approaches to existing security programs.