To many, analysing and computing encrypted data is considered the summit of the security mountain. But the question as to whether it is actually possible continues to linger. After all, how is it possible to compute or analyse inputs which are hidden through encryption? Information that cannot be seen, let alone read isn’t likely to produce a useful outcome.
Like a man with no ability to navigate setting sail for another country, analysing concealed and encrypted data seems like a problem that is impossible to solve. How could anyone, if they are an expert or even an incredibly powerful computer, understand information that cannot be observed? Well, there’s one specific cryptography trick that might be able to do just that.
Being able to analyse and compute encrypted data brings to light many new security applications. As far as security and privacy concerns go, if we can maintain a level of encryption over data as it’s being used, there is far less to worry about. It may go so far as to even make tools such as VPNs redundant.
Believe it or not, there are actually many different tools for analysing encrypted data – each with its own strengths and weaknesses. In this post, we’re going to focus on one in particular: Fully Homomorphic Encryption.
Before we dive straight into what exactly entails fully homomorphic encryption, it is important to give a complete description of how encryption is defined.
First and foremost, you absolutely need to take tight security measures – such as securing your data behind two-factor authentication and following password best practices. Most good password management applications create those passwords for you and then rotate them out with other strong passwords regularly. You can also take online courses or ‘bootcamps’ on coding, development, and software engineering to learn about secure practices for concealing data on your website as well. Most courses take only a few weeks to complete and can be taken at your own pace.
However, encryption is an important security concept to understand. Generally, an encryption scheme is denoted by two essential algorithms – encrypt and decrypt.
The process is as follows:
For the encrypted side, you are given a private key alongside a plain text message. A cipher-text comes with it, but for now, nothing is revealed about the message. For the decrypt side, you are given a private key alongside a cipher-text that allows you to read the original plain text message.
A good example of this would be WhatsApp, which encrypts the message on the sender’s side, and then decrypts it on the recipient’s side so that only the two conversation participants can read it. Without the unique keys generated on each side, nothing can be read by a third party attempting to intercept the message in transit.
Such encryption is used in many different forms of communication and data transfer. This is naturally important if what you’re sending is confidential or includes sensitive payment information – where a data breach could lead to a huge loss in customer confidence or financial loss.
While it has become widespread in technologies like messaging and SSL certificates, it remains to be seen whether actual, workable encrypted data will become commonplace.
In basic terms, a full encryption keeps our data hidden by allowing it to appear completely useless and unintelligible to anyone without the private decryption key. That is because, without the key, the data is exactly that – useless and unintelligible.
One weakness of classical encryption, however, is that analysing or computing the data does not affect the cipher-text while it is in the cipher-text-space, certainly not in the same way plaintext is affected. However, if the encryption does allow cipher-text to be analysed, we would call this homomorphic.
Let’s take an example. If you have two separate pieces of data that read as two separate values (i.e. a and b) and then using homomorphic encryption, you would get two new encrypted values (i.e. ea and eb) that would affect how those values could be computed or analysed. If, for example, you wanted to add them, then the sum of the two would be the result of the two original sums but encrypted as a new one (i.e. a + b = ec).
Confused? It gets even more complicated. Generally speaking, taking data from a plaintext space across to an encrypted space can involve multiple operations. In Paillier, the most common crypto system, attempting to multiply cipher-texts when they are in an encrypted space will lead to the underlying plaintext values being added together.
For an example of a somewhat homographic encryption system, you could do worse than look at Paillier. It’s a crypto system that allows for analysis and summation across encrypted data. Therefore, while it is not a completely homographic system, it is still an effective, albeit partial one.
In order to achieve a fully homographic system, you would need to find encryption that can both add and multiply on the cipher-texts as it reads them. With these two complete operations as your foundation, you would be able to undertake any other computational tasks. Such an achievement would be a huge step forward for healthy encryption. In a world where encryption is being used to conceal malicious cybercrime, this would be an enormous step forward.
Ultimately, lacking encryption is one of the easiest ways to expose yourself to the more common and rampant kinds of network vulnerabilities, such as XSS attacks, misconfigured firewalls, broken authentication, data leaks, and SQL injections. On the other hand, adoption of homographic encryption protocols by NoSQL databases has enabled them to stay secure while scaling up to deal with big, unstructured data – the likes of which is used by Facebook, Amazon, and other major denizens of the cloud.
From all this, it would seem that achieving full homomorphic encryption would be far from impossible. And while this is true, it is still something we are far from achieving. But, like the problem at the heart of true AI, homomorphic encryption remains a riddle that is yet to be solved, and it doesn’t look like it will be solved any time soon.
We can only hope that pioneers continue to push the technology, however, as it remains an incredible tool and ambition for those seeking secure activity everywhere.
A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors…
SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers…
The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious…
Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022…
CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building…
A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly…