Is Homomorphic Encryption a Game Changer in the Data Privacy Space?

Homomorphic Encryption (HE)

Wikipedia defines Homomorphic encryption as “a form of encryption that permits users to perform computations on ciphertexts and the encrypted output obtained will be the same as the encrypted result of computations performed on the plain text.”

In other words, if we encrypt data and perform computations on the encrypted data, the result of the operation, if decrypted, would be identical to the results we would get had we performed the same operation on plain text.

A public key is used to encrypt data using Homomorphic encryption. This encrypted data can only be unencrypted using a private key. Whoever owns the private key has access to unencrypted data.

 

Why do we need Homomorphic Encryption?

Nowadays, major enterprises are leveraging cloud-based service providers to support data storage, data computation, and data analysis services. However, the data migrated to the cloud can contain sensitive or personal information (PII) that needs to be kept private. On the cloud, the data is more susceptible to leakage or hacking and largely relies on the robustness of the security provided by the cloud operator.

Data stored on the cloud are usually encrypted to safeguard it against any vulnerabilities. Any arithmetic or logical operation on the data residing on the cloud is executed by firstly fetching it back and decrypting it before applying the computation.

Now, this process creates an additional risk of data leakage at the computation and the data restoration to the cloud stages. Any security breach in the process may affect the brand image and attract heavy penalties under international regulations like GDPR, CCPA, and HIPAA. The concept of Homomorphic Encryption came into the picture to address this challenge.

HE is a type of encryption that does not require data decryption before usage, thereby safeguarding the data privacy and integrity even during the computation. HE can enable individuals and third partiest to use the encrypted data without having access to or knowledge about the actual contents of the encrypted data.

 

Types of Homomorphic Encryption (HE)

The main difference between variations of HE algorithms is the ability to cater to various mathematical or analytical operations performed on the encrypted text and the number of iterations allowed for each of these operations.

Partially Homomorphic Encryption (PHE)

The PHE allows only one mathematical operation on cyphered data while protecting sensitive data.

Somewhat Homomorphic Encryption (SHE)

SHE supports a limited number of computational operations (like addition and multiplication) with a constraint on the level of complexity that can be executed a limited number of times.

Fully Homomorphic Encryption (FHE)

FHE allows multiple computations on the cyphered data, and the type of computations permitted on the data is unlimited.

 

Pros

  1. Security of Data Stored in the Cloud: The data stored in the cloud can be analyzed, computed, and secured using HE. Also, ciphered text can be searched and later decrypted without losing the originality of the data.
  2. Data Analytics: HE encrypts the data, and the encrypted data can be outsourced to a third party for statistical analysis, research, and third-party sharing while the privacy of the actual subject remains intact.

 

Cons

One of the major drawbacks of HE is that it comes as a trade-off of the speed of computation. The computation overhead on HE data is higher than that of plain text.

 

Conclusion

  1. In today’s world, the adoption of HE is vital for implementation as data privacy is a cause of concern for all major industries.
  2. HE ensures the required computations can be executed on data and at the same time shields it from any vulnerability.
  3. We can leverage HE algorithms to ensure the data is secure in the cloud. It facilitates cloud data storage that costs less and can be accessed whenever needed.

 

Author: Mustafa Saeed

Author Details

Vijayalaxmi Vijayalaxmi

Vijayalaxmi Suvarna is a Senior System Engineer at Infosys Center for Emerging Technology Solutions, she leads the Marketing initiatives for the PrivacyNext iEDPS Platform. Her focus includes User Experience and online branding of Infosys Data Privacy offerings.

Leave a Comment

Your email address will not be published. Required fields are marked *