How Homomorphic Encryption Works & When To Use It

Homomorphic encryption brings a whole new paradigm to encrypting data. In this article, I’ll explain homomorphic encryption, including:

  • How it works
  • Different types
  • Overall security
  • Applications

How traditional encryption works

Traditionally, encryption comes in data-at-rest and data-in-transit. As long as the data remains encrypted, no action can be made on the data until it is unencrypted. And in this traditional approach, typically only the person who “holds” the private key can unencrypt the data, to take action on it.

(Read our data encryption introduction for more details.)

Unfortunately, decrypting the data makes it vulnerable to outside threat actors. It is a common practice to keep the files cryptographically scrambled using a secret key, as noted above. However, when the business needs to work on the files or documents then the data will have to be unlocked — this is where the vulnerability lives.

Now let’s turn to homomorphic encryption and how it can solve this vulnerability.

What is homomorphic encryption?

Homomorphic encryption is a new approach that allows you to process and compute directly on encrypted data. That means you don’t have the risk that comes with decrypting it. This approach is based on mathematical algorithms which compute the action.  With this technology, data can remain secure both:

  • While it is processed
  • Without ever sharing the encryption keys or needing to unencrypt the data

Types of homomorphic encryption

Homomorphic encryption is still an emerging technology, but it is already categorized into three different types of homomorphic encryption, described below. The fundamental difference between the different types is the frequency of mathematical operations that can be performed on the ciphertext.

  • Partially Homomorphic Encryption (PHE). In PHE, ‘partially’ means that only a select mathematical functions can be processed on encrypted values. So only one action — either addition or multiplication — is allowed to be performed an unlimited number of times on the ciphertext.
  • Somewhat Homomorphic Encryption (SHE). ‘Somewhat’ is more general than PHE in that it supports homomorphic operations with additions and multiplications. However, the primary con here is that it can perform only a limited number of operations.
  • Fully Homomorphic Encryption (FHE). Here,fully’ is the operative word. Where PHE and SHE have limited operations, fully homomorphic encryption has the capability of using both addition and multiplication with no limit on the number of times they’re performed on the ciphertext.

Security of homomorphic encryption

Homomorphic encryption security is based upon the ring-learning with errors (RLWE) problem, which is a hard mathematical problem related to high-dimensional lattices.  With many peer-reviewed research confirming the difficulty of the RLWE problem gives confidence that the schemes are at least as secure as any standardized encryption system.

Applications: When to use homomorphic encryption

Two events have changed the way businesses use and manage their data: moving to the hybrid cloud environment and today’s exponential rate of data.

Traditionally the business or user used the Advanced Encryption Standard (AES) which needed secret keys which led to security issues. With the public cloud comes the ease of encryption which, in turn, can help drive homomorphic encryption. That’s because the cloud can:

  • Directly operate on encrypted data.
  • Return the data in encrypted format to the source of the data.

Homomorphic encryption is an emerging technology that is still in the works of being developed. Homomorphic encryption will benefit many organizations from healthcare to Supply Chain, and with traditional IT moving to the cloud makes homomorphic encryption a great secure technology to use in the future.

Related reading

What is Splunk?

This posting does not necessarily represent Splunk's position, strategies or opinion.

Martin Townend
Posted by

Martin Townend

Martin Townend is a cloud Solutions Architect for Splunk. He is 6x AWS Certified and Microsoft Azure and Google Cloud Certified, and has a deep understanding of cloud security and the various public clouds. Martin has focused on cloud for over 12 years, helping organizations on their cloud journey and designing secure, scalable environments. His innovation continues within cloud and emerging technologies.