Homomorphic Encryption - Interesting (if theoretical) technology

Hi,

Thought I would share something that I have been reading about recently. Homomorphic Encryption

Wiki description: Homomorphic encryption is a form of encryption that allows computations to be carried out on ciphertext, thus generating an encrypted result which, when decrypted, matches the result of operations performed on the plaintext.

For example:

Lets assume we have a homomorphic encryption algorithm X which takes some integer and outputs an encrypted integer.

X(1) outputs “AAABBB===” (the encrypted ciphertext)
X(2) outputs “BBBBAAA==”

The encryption algorithm would have additive properties such that when we add “AAABBB===” and “BBBBAAA==” you get lets say “CCCCCC==”. Which when decrypted using X, would give the following:
X(“CCCCCC==”) = 3.

This is a simple example, and having an encryption algorithm which only does addition is not that useful. The idea of a fully-homomorphic algorithm is that it would support any computation function, meaning full encrypted data could pass through some complex function (for example, data analysis).

The big deal about this is that it would open up the possibility of outsourcing the computation to third parties (AWS etc) without having to ever decrypt your data on their servers.

Recommended Reading on this:
http://www.americanscientist.org/issues/pub/2012/5/alice-and-bob-in-cipherspace
http://blog.notdot.net/2012/08/Damn-Cool-Algorithms-Homomorphic-Hashing

1 Like

That’s a very interesting topic. Sadly as far as I know the mathematical structure doesn’t seem to be investigated enough.

I’m working in enterprise IT, there cloud thechnologies are of course the big thing. My boss often talks about homomorphic encryption saying it is the missing part to getting german companies to the public cloud.

I read your example, and this was my reaction:

In other words, I don’t understand.

Can you ELI5?

Slight tangent: Weirdly this is the second time I’ve seen this abbreviation in roughly 2 hours and only the second time I ever recall seeing it in my lifetime. It looks like an upcoming javascript standard.

Ok, let me think of a different theoretical example of this:

Lets say you have an audio recording of a bad voltage show that is top secret (I’ve heard it contains information that could incriminate you all as accomplices in electing Trump).

Lets say I run a cloud service which normalizes the volume of audio of an audio clip.

You obviously want to normalize your top secret show and don’t have the computing power or functionality to do it locally.

You also don’t want to send your audio to my cloud service who could listen to your top secret audio.

However, we offer homomorphic encryption support for audio normalization.

The process is as follows:

  1. You encrypt your audio locally using secret X and pass that file up to our cloud service in its encrypted state.
  2. The service uses its homomorphic normalization algorithm on the encrypted data to generate a new encrypted file.
  3. You download the encrypted file and decrypt it using secret X.

Some things to note:

  1. The file is never decrypted on the cloud service.
  2. The secret never leaves your computer.

If this seems like magic, its because it kind of is.

The example above is theoretical in that we don’t have a homomorphic encryption algorithm that allows for audio normalization, but the idea of fully homomorphic encryption is that it would allow any computation to be achieved on the encrypted data.

Hope this is clearer?

I’m wondering if quantum mechanics could solve the problem?

In quantum mechanics there is a concept of spooky action at a distance which states that two particles can act as twins even when separated by large distances and by observing what happens to particle you know what must be happening to its twin which can in theory be used as a one time only key which is only available to the sender and receiver of a message and hence perfect encryption. I’ve no idea how close anyone is to a practical implementation however.

As far as I know you can already buy commercial devices that use quantum twins to encrypt data. Or at least to detect if the data has been read on its way.