If you’ve never heard of homomorphic encryption, you should know many data scientists and information technology (IT) professionals view it as a sort of holy grail of encryption. So, what’s holding it back? Understanding how it compares to other encryption schemes can help you decide whether or not to adopt it.
Homomorphic data encryption lets you perform mathematical operations on ciphertext without altering the plaintext. In other words, you can process information in its encrypted state and obtain an encrypted result without revealing the unencrypted text.
In Greek, “homos” means “same,” and “morphic” means to have a “specific structure,” so homomorphic translates to “same shape.” This encryption scheme preserves plaintext when you perform mathematical operations on the ciphertext. In other words, you don’t need to use or share decryption keys to analyze or process information.
Suppose you had a locked safe with a valuable mathematical equation inside. Typically, you would have to unlock it to read the problem. However, with homomorphic encryption, you can analyze and solve it without opening the door.
There are three types of homomorphic encryption, each with varying degrees of complexity:
- Partially homomorphic encryption: With partially homomorphic encryption (PHE), you can only perform a single mathematical function — either addition or multiplication — on encrypted values. However, you can do so an unlimited number of times.
- Somewhat homomorphic encryption: While somewhat homomorphic encryption (SHE) supports addition and multiplication, you can only perform a limited number of operations on the encrypted data. This is because of ciphertext noise buildup, meaning the information would eventually become too complex to analyze in a reasonable time frame.
- Fully homomorphic encryption: Fully homomorphic encryption (FHE) is the gold standard because it allows you to perform either mathematical function an unlimited number of times. Consequently, it is computationally intense and requires expansive data storage systems.
In classic encryption, there is no connection between plaintext and ciphertext — your data is rendered randomized and unreadable. Consequently, performing a mathematical operation on encrypted information would change the plaintext’s corresponding value. On the other hand, homomorphic schemes give them a relationship to make analysis possible.
A homomorphic encryption scheme’s basic criteria revolve around the concept of preservation, meaning adding two ciphertexts together should produce the same result as the encryption of the sum of two plaintexts. The same concept applies to multiplication.
In other words, if you add or multiply the encrypted versions of “A” and “B,” you should get the encryption of the plaintext “A plus B” or “A times B.” This ability to perform relational mathematical operations enables you to process and analyze encrypted data while preserving its incomprehensibility — and without using a decryption key.
One of the most significant use cases of homomorphic encryption involves secure information sharing. If you’ve ever sent sensitive, proprietary or valuable data to vendors, you understand the risk of third-party data breaches and insider threats. Data breaches can damage customer trust and cause severe financial impacts. With homomorphic encryption, you don’t have to give vendors the decryption keys and risk a breach — instead, they can analyze the ciphertext without ever exposing the plaintext.
A similar use case involves preserving privacy in the cloud. In 2021, just over six in 10 respondents agreed data privacy was their biggest cloud concern. If you feel the same, you might feel homomorphic encryption’s ability to hide plaintext while keeping encrypted information usable is a valuable business application.
You could also use homomorphic encryption to secure internal big data analysis, minimizing the potential damage threat actors can do. Since you won’t need to decrypt the ciphertext to analyze it, you wouldn’t need to concern yourself with the possibility of a breach — your information would remain secure at rest, in transit and in use.
Unlike classic encryption, a homomorphic scheme lets you secure data regardless of its state or location. Naturally, this capability sets it apart from the rest. However, various other minor differences also separate it from its counterparts.
One of the best practices for encryption involves keeping keys secure and rotating them periodically to maintain security. While homomorphic schemes still leverage decryption keys, they’re no longer a priority since the information remains operable even in its encrypted state. You don’t even have to share them with vendors unless they require access to the plaintext.
While homomorphic schemes exist today, their adoption remains limited because many view other techniques as superior. Compared to classic encryption, it is drastically slower — to an astonishing degree, truthfully.
The issue surrounding IBM’s free, open-source homomorphic library may help put things into perspective. This company was able to accelerate encryption speed by a factor of 100 million in a span of three years. While such an improvement sounds promising, it was still roughly 100 trillion times slower than the equivalent operations performed on plaintexts.
While leveraging homomorphic encryption might seem like a no-brainer, you should carefully consider the pros and cons before deciding.
- Strengthened Security
Homomorphic encryption introduces noise to ciphertext, making it more secure than its classic counterpart. Considering the average cybersecurity spend per employee will increase to $26 by 2028 — up from $5 in 2018 — you’d be wise to strengthen your defenses. - Likely Quantum Proof
FHE is based on lattice-based cryptography — which is considered quantum-proof — meaning it could become the standard for cybersecurity in an age where quantum computers threaten to crack classic ciphers. If you become an early adopter of this encryption scheme, you could benefit from being ahead of the competition regarding security posture and compliance. - Improved Compliance
Information privacy and protection regulations like the General Data Protection Regulation have exceptions for encrypted data. Homomorphic encryption could make compliance more manageable because it lets you send and store data without exposing the plaintext.
-
Diminished Scalability
Data volume is increasing faster than organizations can utilize or manage it. If they were to leverage homomorphic encryption, they’d struggle with extended processing times, resulting in scalability issues. - Increased Expenses
Since homomorphic encryption is inefficient, it requires more computational resources. In the case of FHE, the ability to perform mathematical functions on encrypted data infinitely requires expanded storage space. For these reasons, this approach isn’t cost-effective. -
Reduced Efficiency
The most significant downside to homomorphic encryption is its lack of efficiency. Research shows it takes 360 times longer to encrypt data than classic techniques. While its decryption is somewhat faster, it’s still far slower than other methods. If you have a large amount of information, using it would be incredibly inefficient.
Although FHE is essentially the gold standard, it is far too computationally intensive and time-consuming for most business applications. PHE and SHE would be better options if you’re considering leveraging homomorphic encryption. Ultimately, the decision comes down to the amount of data you have, your security needs and your vendor relationships.