Homomorphic encryption brings a whole new paradigm to encrypting data. In this article, I’ll explain homomorphic encryption, including:
- How it works
- Different types
- Overall security
How traditional encryption works
Traditionally, encryption comes in data-at-rest and data-in-transit. As long as the data remains encrypted, no action can be made on the data until it is unencrypted. And in this traditional approach, typically only the person who “holds” the private key can unencrypt the data, to take action on it.
(Read our data encryption introduction for more details.)
Unfortunately, decrypting the data makes it vulnerable to outside threat actors. It is a common practice to keep the files cryptographically scrambled using a secret key, as noted above. However, when the business needs to work on the files or documents then the data will have to be unlocked — this is where the vulnerability lives.
Now let’s turn to homomorphic encryption and how it can solve this vulnerability.
What is homomorphic encryption?
Homomorphic encryption is a new approach that allows you to process and compute directly on encrypted data. That means you don’t have the risk that comes with decrypting it. This approach is based on mathematical algorithms which compute the action. With this technology, data can remain secure both:
- While it is processed
- Without ever sharing the encryption keys or needing to unencrypt the data
Types of homomorphic encryption
Homomorphic encryption is still an emerging technology, but it is already categorized into three different types of homomorphic encryption, described below. The fundamental difference between the different types is the frequency of mathematical operations that can be performed on the ciphertext.
- Partially Homomorphic Encryption (PHE). In PHE, ‘partially’ means that only a select mathematical functions can be processed on encrypted values. So only one action — either addition or multiplication — is allowed to be performed an unlimited number of times on the ciphertext.
- Somewhat Homomorphic Encryption (SHE). ‘Somewhat’ is more general than PHE in that it supports homomorphic operations with additions and multiplications. However, the primary con here is that it can perform only a limited number of operations.
- Fully Homomorphic Encryption (FHE). Here, ‘fully’ is the operative word. Where PHE and SHE have limited operations, fully homomorphic encryption has the capability of using both addition and multiplication with no limit on the number of times they’re performed on the ciphertext.
Security of homomorphic encryption
Homomorphic encryption security is based upon the ring-learning with errors (RLWE) problem, which is a hard mathematical problem related to high-dimensional lattices. With many peer-reviewed research confirming the difficulty of the RLWE problem gives confidence that the schemes are at least as secure as any standardized encryption system.
Applications: When to use homomorphic encryption
Two events have changed the way businesses use and manage their data: moving to the hybrid cloud environment and today’s exponential rate of data.
Traditionally the business or user used the Advanced Encryption Standard (AES) which needed secret keys which led to security issues. With the public cloud comes the ease of encryption which, in turn, can help drive homomorphic encryption. That’s because the cloud can:
- Directly operate on encrypted data.
- Return the data in encrypted format to the source of the data.
Homomorphic encryption is an emerging technology that is still in the works of being developed. Homomorphic encryption will benefit many organizations from healthcare to Supply Chain, and with traditional IT moving to the cloud makes homomorphic encryption a great secure technology to use in the future.
- Data Lake vs. Data Warehouse: Comparing Big Data Storage
- How To Store Encrypted Secrets in a Splunk App
- A Comparative Analysis of Ransomware Encryption Speed
- How To Choose Cybersecurity Frameworks For Your Organization
- The Best Security Conferences & Events To Attend
What is Splunk?
This posting does not necessarily represent Splunk's position, strategies or opinion.