There is a gaping hole in our data protection models.
Certainly, there are numerous, robust methods for encrypting data at rest. We can also protect data in transit, both by keeping it encrypted during transmission and by hardening the transmission channels themselves.
But when we have to actually work with data – search it, analyze it, compare it to other data sets – it becomes vulnerable because it must be decrypted to do any of that. Finding an effective, flexible and scalable way to close this gap has not been easy. And the potential solutions to this problem, including confidential computing, blockchain technology and shared responsibility, to name but a few, all have serious drawbacks.
Homomorphic encryption is often held up as a viable answer to the conundrum of protecting data in use. Indeed, as recently as December, the World Economic Forum claimed that homomorphic encryption could help protect privacy in the time of COVID. Unfortunately, the promise of homomorphic encryption is far from being realized, either now or in the future.
What is homomorphic encryption?
Homomorphic encryption as a method of encryption was originally proposed in the 1970s. It works by encrypting data in such a way that one can perform mathematical operations on the encrypted data producing an encrypted result. This result, once decrypted, will be the same as if the entire calculation had been performed on unencrypted data.
There are several “flavors” of homomorphic encryption – partially homomorphic, somewhat homomorphic, leveled fully homomorphic and fully homomorphic. The primary differences between these various flavors reflect the range of operations and the size of the data set that one can work with.
Fully homomorphic encryption (FHE), one version of which was developed by IBM in 2009, represents the most comprehensive application of this method, offering the broadest range of operations on available data.
The limitations of homomorphic encryption
The biggest problem with homomorphic encryption, even in its fullest form, has long been performance.
The polynomials generated to encrypt the underlying data are so large that working with them is slow and cumbersome. To analyze fully homomorphically encrypted data at the same rate as unencrypted data requires 40 to 50 times the compute and 10 to 20 times the memory, according to a detailed look by Ars Technica in July 2020. This alone makes homomorphic encryption a method that can be undertaken only by a limited number of organizations, primarily research universities and large government agencies.
Performance aside, homomorphic encryption is of limited utility because of its focus on arithmetic functions. Yes, being able to run calculations on data can be an important part of data analysis. However, there are numerous use cases where this method doesn’t actually help.
Consider search. Searching data is probably the most common activity performed on data. Unfortunately, while there has been some research conducted on the viability of homomorphic encryption as a means for encrypting searchable data, this hasn’t progressed much past the proof of concept phase. As such, it is not ready for prime time, especially in the enterprise.
Now consider a situation in which you would like to compare your data to another data set. Companies do this all the time when they are looking to augment their data with data collected by other organizations. A compute intensive encryption method designed primarily to perform mathematical calculations with limited search functionality is utterly inadequate for such a task. Among other things, this means that companies cannot rely on this encryption method to either increase or monetize the value of their data.
Not the solution for the data challenges we face today
It’s been over forty years since the concept of homomorphic encryption was first proposed. The fact that we are still talking about it today is less an indication of its actual power than a reflection of the persistence of the problem it is supposed to solve: the problem of protecting data in use.
As it turns out, there are methods for working with encrypted data that are flexible and scalable. These methods also avoid the high performance costs of methods like homomorphic encryption. If you would like to learn more, let’s talk!