Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

# Is homomorphic encryption the answer to enterprise encryption issues?

## Homomorphic encryption can be used to bypass encryption, but it's for the good of all. Application security expert Michael Cobb explains.

I recently read something about schemes that use homomorphic encryption to bypass encryption. How does homomorphic...

encryption work, and what steps can my organization take to prevent it?

Homomorphic encryption is actually a breakthrough in encryption techniques, not a breaking of encryption. Let me explain.

Strong encryption is the best way to keep sensitive data and information secure as it renders it meaningless. This very attribute, though, means that it can't be used or processed; so in order to edit an encrypted file or perform operations on an encrypted database, the data has to be decrypted first, immediately removing the protection that encryption provides. For example, in the simple Customer Order table below, data in row 1 is in plaintext, so calculating the total value of the order is easy: 2 times 20.00 = 40.00. The same data is encrypted in row 2, but how do you multiply FBjOII6Eu8c= by tiwlGzIV9uY= and get the correct answer of 40.00 while still keeping the data and the answer encrypted? Answer: homomorphic encryption.

 Id Quantity Price Plaintext 1 2 20.00 Ciphertext 2 FBjOII6Eu8c= tiwlGzIV9uY=

Homomorphic encryption allows computations to be carried out directly on encrypted data or ciphertext. These computations generate an encrypted result which is the same as if the computations were done on unencrypted data or plaintext.

So using homomorphic encryption to multiply FBjOII6Eu8c= by tiwlGzIV9uY= would generate ubXOlx4aHAc= as the encrypted answer of 40.00. The ability to keep sensitive data encrypted at all times would be a huge boost to Internet security as information such as an online shopping order that is passed to various services provided by different companies (e.g., accounts, fulfillment, shipping, payment and so on) could be processed without exposing the unencrypted data to any of them. Its use in cloud computing environments is another obvious example; a program that never needs to decrypt its data can be run by an untrusted party, making outsourcing services that handle sensitive data a lot less risky.

This perfect state of protection has mainly been theoretical as the computational power and time required to perform even a simple calculation have made it impractical. However, IBM, which has been working on this problem for a long time, was recently granted a patent for an efficient implementation of fully homomorphic encryption, which may mean that a practical solution to performing computations securely may be on the distant horizon. I say distant because the algorithms and working implementations -- a common weakness with encryption technology in general -- would need to be analyzed and stress-tested by the global security community to validate that they are indeed secure. To this end, IBM is offering public challenges for its homomorphic encryption schemes so that any successful attacks can be examined in detail.

Victor Shoup and Shai Halevi of the IBM T. J. Watson Research Center released HElib, an open source library that implements homomorphic encryption, targeted mainly at fellow researchers. There is also the hcrypt project, but again its library should not be used for any mission-critical applications. The Homomorphic Encryption Project is also aiming to provide homomorphic encryption libraries for developers.

If a practical homomorphic encryption technology does emerge, then the Internet, cloud computing and the Internet of Things can all be far more secure; hopefully IBM researcher Craig Gentry -- who came up with the first fully homomorphic encryption scheme -- and others can crack this challenge.

SearchSecurity expert Michael Cobb is ready to answer your application security questions -- submit them now. (All questions are anonymous.)

#### Next Steps

Get the latest encryption news and advice from SearchSecurity

This was last published in April 2015

## Content

Find more PRO+ content and other member only offers, here.

#### Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

### 1 comment

Send me notifications when other members comment.
Is homomorphic encryption the way of the future? Why or why not?
Cancel

## SearchCloudSecurity

• ### How cloud access security brokers have evolved

Cloud access security brokers keep being acquired by bigger security companies. Expert Rob Shapland looks at how these ...

• ### SQL injection attacks: How to defend your enterprise

SQL injection attacks threaten enterprise database security, but the use of cloud services can reduce the risk. Here's a look at ...

• ### Cloud security lessons to learn from the Uber data breach

Any organization that uses cloud services can learn something from the 2016 Uber data breach. Expert Ed Moyle explains the main ...

## SearchNetworking

• ### DNS challenges have changed, but its vital role hasn't

Developments like IPv6 and the internet of things are throwing obstacles into DNS operations. But this 'directory assistance of ...

• ### DNS functions remain vital, but must adapt as demands shift

The domain name system's tasks are simple, but essential, and the service faces challenges with the proliferation of devices that...

• ### Why IPv6 networks create DNS configuration problems

DNS data is among the most basic and crucial information required for network connectivity, but configuring DNS recursive servers...

## SearchCIO

• ### Deep learning algorithms power startup's beauty database

Deep learning algorithms are changing how we drive cars and navigate outer space. What about saving our skin? Silicon Valley ...

• ### Cloud ERP systems present 'business-critical' security challenges

Where does the data live? Who -- the provider or the customer -- is responsible for securing what? They're vital questions to ask...

• ### Software robot tech arrives: Are CIOs ready?

RPA technology is coming of age and becoming a strategic play in the public and private sectors. The task for CIOs is to make ...

## SearchEnterpriseDesktop

• ### How to establish Windows 10 security baselines

IT should consider following Microsoft's Windows 10 security recommendations in the Security Compliance Toolkit to better protect...

• ### VMware Workspace One helps Western Digital organize 3,000 apps

The application portal in VMware Workspace One allowed IT to streamline app delivery, and the product's cloud-based model proved ...

• ### Three PC lifecycle management options IT should consider

IT pros can use PCs and laptops until they stop working, or they can set up a lifecycle management plan that retires them after a...

## SearchCloudComputing

• ### Multi-cloud management still a work in progress for IT teams

Multi-cloud deployments are a mixed bag, providing both business value and complex management challenges. Fortunately, a number ...

• ### Bare-metal cloud services lure legacy workloads off premises

For some enterprises, bare-metal services in the cloud act as a crucial steppingstone to an IaaS deployment, and providers, ...

• ### Structure public cloud accounts for optimal resource tracking

As enterprises move to public IaaS or broaden their existing deployments, cloud account management gets tricky. Follow this ...

## ComputerWeekly.com

• ### Hana and S/4 users more sophisticated but beset by licensing doubts

Research sponsored by SAP consultancy and reseller Centiq finds SAP customers maturing their use of SAP Hana and S/4 Hana, but ...

• ### Unprotected Kubernetes consoles expose firms to cryptojacking

A number of big companies have been targeted by crytojacking attacks, where cyber criminals hijack computing power to mine ...

• ### Farming gets £90m tech boost

The government is pushing high tech into agriculture and farming as it fleshes out its Industrial Strategy

Close