The advancements in information technology, coupled with the evolution of smart devices, have exponentially increased the amount of global data that is generated, mobilized, stored and processed. Such advancements have also results in the continuous shuttling of sensitive data such as business data, individual data, etc., through the internet and their storage and processing in hybrid multi-cloud environments. Although currently available encryption algorithms can efficiently secure data in transmission and during storage, they don’t support the processing of encrypted data. For this reason, the data needs to be decrypted to be used, processed or analyzed. But the lack of homomorphic cryptography protocols makes data vulnerable to attacks and may expose it to potential attack vectors.
Organizations, majorly the big tech companies, can counter this by considering the adoption of Homomorphic Encryption (HE). HE is an old encryption idea that enables processing, analyzing, and manipulating data in encrypted formats. Though the idea of HE was proposed in the 1970s, its first successful demonstration was performed in 2009. HE allows users or third-party (cloud providers) to perform operations on user/client encrypted data without revealing the data values. HE schemes work efficiently on the data in an integer format and require minimal rounds of interactions in utilizing arithmetic circuits for performing addition, multiplication, and other operations on encrypted data.
The HE types are Partially HE, Somewhat HE, and Fully HE (FHE), and HE features include Symmetry, Asymmetry, Serialization, and Negative computation. HE operations include addition, subtraction, multiplication, ciphertext comparison, boolean operations, matrix operations and exponentiation operations. Unlike other encryption algorithms, HE is envisioned to be secure against attacks launched using quantum computers. Popular homomorphic encryption libraries include Microsoft’s SEAL, Intel’s HE-Transformer, Google’s Transpiler, HElib, TFHE, Paillier, ELGamal, RSA, etc. HE can be appropriate for securing data stored and processed in the cloud and can provide security and privacy assurances to highly regulated industries. This helps to collaborate and outsource their critical data with their partners or a third party (cloud) for research and analytics. HE allows users to search, browse and download online content without revealing their identity. One of the current implementations of HE includes Microsoft’s research project ‘the Election Guard’, which aims to improve election ballots’ security. Moreover, IBM’s HE services enable computation on encrypted data and Scotiabank’s HE implementation from Duality Technologies for anti-money laundering detection.
Though HE is appropriate for solving many real-time problems, its complex cryptographic operational requirements are computationally expensive and generate high overhead. These requirements highly impact parameters like the encryption’s speed, performance, ciphertext size, etc.
In recent times, due to the extensive research, advancements in hardware acceleration, optimizations and low-level implementations, HE implementations have become less computationally intensive. In 2018, IBM released an improved version of the HElib C++ library which was 25-75 times faster than the previous version, which, in turn, was 2 million times faster than its predecessor.
However, the HElib 2018 version takes 11.5 days to perform a calculation, which would take a second to perform on plaintexts. This delayed computation of HE has resulted in its slow widespread adoption and its inclusion is practically not possible for most of the applications currently. The lack of tools enabling software developers to integrate HE into their applications seamlessly has also slowed HE adoption.
Gartner predicts that less than 1 percent of companies possess the budget to include FHE in their projects and that this number will rise to 20 percent in 2025. According to the report by Insight Partners, the FHE market will increase from $120.12 million in 2019 to $246.29 million by 2027, with an average annual growth of 9.7 percent. Companies such as IBM, Microsoft, Google and Intel, are pushing the research to reduce the computational requirements of HE and to make the inclusion of HE easy for developers. In addition, organizations like the Federal Defense Advanced Research Projects Agency (DARPA), in collaboration with Intel, Microsoft, Duality Technologies, Galois and SRI International, have launched the Data Protection in Virtual Environments (DPRIVE) program intending to create an ASIC chip for reducing the computational power and time requirements of HE operations.
HE is a small market now but it is expected to grow rapidly. The extent of research and improvements being undertaken toward homomorphic encryption implementation in an easier and more affordable method demonstrates the potential of HE and its likely global adoption. The ultimate goal would be the widespread adoption of HE by users, developers and organizations that provides superior security to global data. When this happens, it is expected to impact diverse critical industries including information technology, financial services, healthcare and more.
In conclusion, the successful global mainstream adoption of HE will be a dream come true and be the manifestation of the holy grail in cybersecurity research.
References
- Harvey, Sarah. “Best Practices for Vulnerability Scanning | KirkpatrickPrice.” KirkpatrickPrice Home, 4 May 2020, https://kirkpatrickprice.com/blog/best-practices-vulnerability-scanning/.
- “How Often Should You Perform a Network Vulnerability Scan?” PurpleSec, 26 June 2019, https://purplesec.us/how-often-perform-vulnerability-scan/.
- Marr, Bernard. “What Is Homomorphic Encryption? And Why Is It So Transformative?” Forbes, https://www.forbes.com/sites/bernardmarr/2019/11/15/what-is-homomorphic-encryption-and-why-is-it-so-transformative/
- Arampatzis, Anastasios. What Is Homomorphic Encryption & How Is It Used | Venafi. https://www.venafi.com/blog/homomorphic-encryption-what-it-and-how-it-used
- “Homomorphic Encryption Nears Reality, Pushed by IBM, Google.” ESecurityPlanet, 24 June 2021, https://www.esecurityplanet.com/compliance/homomorphic-encryption-makes-real-world-gains/
- Homomorphic Encryption Services. https://www.ibm.com/in-en/security/services/homomorphic-encryption.
- “What Is ElectionGuard?” On the Issues, 27 Mar. 2020, https://news.microsoft.com/on-the-issues/2020/03/27/what-is-electionguard/.
- Strom, David. “Homomorphic Encryption Tools Find Their Niche.” CSO Online, 12 Oct. 2020, https://www.csoonline.com/article/3583972/homomorphic-encryption-tools-find-their-niche.html.
- “Microsoft SEAL: Fast and Easy-to-Use Homomorphic Encryption Library.” Microsoft Research, https://www.microsoft.com/en-us/research/project/microsoft-seal/.
- Homomorphic Encryption. https://cryptosense.com/blog/homomorphic-encryption.
- “What Is Homomorphic Encryption?” Hashed Out by The SSL StoreTM, 20 June 2019, https://www.thesslstore.com/blog/what-is-homomorphic-encryption/
- “What Is Homomorphic Encryption, and Why Isn’t It Mainstream?” Keyfactor, https://www.keyfactor.com/blog/what-is-homomorphic-encryption/
- “IBM Helps Prepare Clients for Next Generation Encryption Technology.” IBM Newsroom, https://newsroom.ibm.com/2020-12-17-IBM-Helps-Prepare-Clients-for-Next-Generation-Encryption-Technology
- DARPA Selects Researchers to Accelerate Use of Fully Homomorphic Encryption, https://www.darpa.mil/news-events/2021-03-08
