The case for standardizing homomorphic encryption
By ITU News
While established encryption technologies help to protect private communication on the Internet, they don’t allow the sharing of numbers for external calculation.
Homomorphic encryption (HE), in contrast, introduces a new, arguably revolutionary property to cryptography – allowing calculations on data in encrypted form.
Considered a key element of privacy-enhancing technologies, HE lets you outsource your analytics without revealing any individual or interpretable details, including sensitive medical records or bank information.
Doing this involves obfuscating original data points before they go for computation. Afterwards, the original user can remove the obfuscation – or “noise” –from the results and thus obtain a valid calculation.
Let’s say you want a third party to make calculations on your bank account, without letting the third party know your actual account balance. Your original balance values, in this case 545 + 63, are entered with random “noise”, represented by the values 5 and 2, that obfuscates the actual numbers. Your values then go into the system as follows: 545 + 5 = 550 and 63 + 2 = 65 – with 5 and 2 as the obstructing “noise”. The cloud provider receives those two numbers for the computation and calculates 550 + 65 = 615. The “noisy” outcome comes back as 615, which your own HE system then decrypts by subtracting the 5 and the 2 from the result. You can then see the accurate final amount of 608.
The solution has taken a decade and a half to reach its current level of efficiency, said developer Zvika Brakerski at the 5th Homomorphic Encryption Meeting at the International Telecommunication Union (ITU).
Brakerski developed the foundations for the current second generation of the fully homomorphic encryption schema. In a recent interview, he explained taking HE from theoretical possibility to implementation as a practical tool.
Now proven and ready to deploy, experts highlight that an international standard could convey the maturity of HE and bolster trust in its ability to safeguard privacy, keep calculations secure, and maintain data credibility.
Real-world use cases
ITU’s latest two-day Homomorphic Encryption Standardization Meeting reinforced the rising acceptance of HE to facilitate secure and collaborative data analytics.
“Homomorphic encryption helps promote collaboration across jurisdictions, across geographies,” said Kurt Rohloff, co-founder and chief technology officer at Duality Technologies.
Rohloff, who developed one of the leading toolkits for HE, is also on the steering committee of HomomorphicEncryption.org, an open consortium bringing together industry, governments, and academia to advance the new encryption solution.
Uses for the solution could stretch across many areas of our lives. Medical research centres, for instance, have started considering HE to combine sensitive data for rare diseases – each of which might arise in only a very limited number of cases locally. Expanded datasets, potentially global in scope, would help in finding more effective treatments.
For law enforcement, HE offers a way to track international money flows without exposing citizens’ private financial data. An example of an application would be a country’s government providing investigators in another country with obfuscated bank account records.
Within those datasets, the investigators in the second country can search for anomalies indicating likely criminal activity. Only when such anomalies warrant closer investigation would the authorities in the first country need to share confidential bank account information in a real, un-obfuscated form.
Standardization as a catalyst
“Data owners, artificial intelligence (AI) modellers, data analysts, and cloud providers could all benefit from an international standard for HE,” said Heung Youl Youm, Chairman of ITU’s standardization expert group for security, ITU-T Study Group 17.
“An international standard could give stakeholders both the interoperability and the confidence to use the solution routinely in supporting complex analyses confidentially across international borders,” he adds.
For the earliest adopters, open-source development can serve as the “near-peer of standardization, in that it allows people to know what they are getting,” Rohloff says.
“A great way to formulate trust and transparency is through the use of open-source technologies,” which would allow HE to be “inspected, evaluated, and improved.”
Rohloff explained in the same interview how open standards could create trust in privacy-enhancing technologies and boost HE adoption.
Fully homomorphic encryption (FHE) is the subject of a draft Technical Report (working name TR.sgfdm) on “FHE-based data collaboration in machine learning” under development in ITU-T Study Group 17.
HE is on the agenda for the ITU-WHO Focus Group on AI for Health in March 2023; and at a dedicated session during the MIT Media Lab and Harvard Kennedy School workshop on Trustworthy AI at ITU’s 2023 AI for Good Meeting.
ITU’s 6th Homomorphic Encryption Meeting takes place in mid-2023 in Seoul, Republic of Korea, followed by a workshop in Tokyo, Japan.
Header image credit: phonlamaiphoto via Adobe Stock
