Fully Homomorphic Encryption (FHE)’s role in protecting sensitive data

A digital padlock on a blue digital background.
(Image credit: Shutterstock / vs148)

In recent years, the adoption of cloud computing - which essentially involves performing computations on remote servers rather than on your local computer - has skyrocketed.

Transforming the way individuals and organizations store, process and manage their data, there are - as we all know - two primary categories of cloud computing: one within a company's network, otherwise known as a private cloud, and external cloud services, which are provided by third party providers such as Amazon Web Services (AWS).

Both offer immense convenience, flexibility and accessibility, however, as the use of cloud computing and the volume of sensitive data on the cloud continues to rise, so too have concerns about data breaches, cyberattacks, and unauthorized access.

Pascal Paillier

Researcher and entrepreneur in cryptography, and the CTO at Zama.

Cloud security

While there is typically a higher level of trust in a private cloud - the infrastructure is often within the company's premises and they will have more control over internal cybersecurity measures - scalability can be limited. Being able to keep up with fast growth is often a key requirement for startups and the process of procuring and configuring new hardware can be too costly and time-consuming for many SMEs - not to mention the significant initial investment.

As such, many organizations are opting for external cloud services; a shift that has led to the accumulation of vast troves of sensitive data, including personal information, financial records, and proprietary business data, on remote cloud servers. And although external cloud services offer rapid deployment, scalability, cost effective payment models and no need for infrastructure management, companies must rely on the provider to maintain robust security practices and data protection.

This can mean entrusting their valuable assets, such as cryptographic keys or intellectual property, to these cloud platforms. While they need to run their code on these remote machines, they understandably worry about the potential compromise of their data, which is a complex balancing act.

Additionally, beyond concerns about trust, we must acknowledge the ever-present threat of security breaches within cloud environments. Even if you place trust in your cloud provider, security breaches can still occur. Cloud infrastructure, by its nature, introduces potential vulnerabilities. These vulnerabilities can go unnoticed, and even spyware could be operating surreptitiously, exposing your data.

So how can organizations ensure the security and privacy of their data when using cloud services?

This is where privacy-preserving technologies come into play. Traditional encryption methods offer protection during data transmission and storage, but once the data is accessed or processed, it must be decrypted, leaving it vulnerable to potential threats. The aim is to ensure that computations can be carried out on cloud-based machines, while the data itself remains encrypted.

Fully Homomorphic Encryption (FHE)

Fully Homomorphic Encryption (FHE) has emerged as a groundbreaking solution addressing this aim. FHE allows operations to be performed on encrypted data without ever decrypting it, offering an unprecedented level of security.

This means that in the event of a data leak, the exposed information would be rendered meaningless without the encryption key, which stays securely in the hands of the owner. In other words, neither the cloud provider nor any potential spyware on the cloud machine would have the capability to decipher the encrypted data. This approach, which ensures sensitive data remains encrypted throughout its entire lifecycle on the cloud, even during processing and analysis, significantly enhances data security and privacy.

Multi-party computation in the cloud

FHE has the potential to play a significant role in cloud computing across a variety of scenarios - even collaborative computation within a multi-party setting, where several entities come together with the goal of working on a project without divulging their individual data.

A prime example of this is credit scoring. In the domain of credit scoring, you have banks holding data about individuals, along with specialized companies collecting pertinent information. This collective information is vital in determining whether an individual is creditworthy, and if extending credit is a good decision.

However, due to various factors, such as data privacy regulations and the proprietary nature of this information, these entities cannot openly share this data. To address this, they can employ encryption to protect the individual information they possess. By encrypting the data, they can collectively make predictions regarding credit scoring without exposing personal data. Only those entities with the appropriate decryption keys can access and decipher these predictions.

This approach allows them to make informed decisions about extending credit to individuals, all while safeguarding sensitive data. But what makes it particularly appealing is that the computational requirements are not overly complex, and it does not necessitate real-time processing. Credit scoring evaluations can take a few seconds or minutes per individual, which is well within the acceptable waiting time for credit applicants. In contrast to processes like real-time video analysis, this use case aligns with a timeframe that doesn't demand immediate results.

Enabling FHE in the cloud

While FHE is undeniably more secure - and use cases like the one just mentioned have generated considerable interest and discussions with several companies - implementing FHE is not without its challenges.

Firstly, it has a reputation for being particularly complex. Granted, in the past, FHE was quite challenging to use and was typically reserved for individuals with extensive cryptographic knowledge, often at the PhD level. Because of this, many clients may have preferred and still do prefer not to undertake FHE implementation themselves. This is understandable, given the complexity and expertise required. In response to this, open-source tools have been developed, which allow companies to experiment with FHE with ease and on their own terms, free of charge. It's only when they intend to commercialize the technology that they will need to consider licensing changes. Users shouldn't need to comprehend the inner workings of FHE; they should simply be able to use it easily and effectively.

Secondly, while there have been significant strides in simplifying FHE usage, in certain cases, FHE is still not as fast as desired. We are currently limited to scenarios where speed is not a critical constraint. Work is under way within the industry to address this, however. Tech companies, including giants such as Intel, are developing hardware accelerators. Once these hardware accelerators become available, we anticipate that FHE implementations will see a considerable increase in speed. Presently, we are mainly reliant on central processing units (CPUs) for computations. In the future, dedicated hardware accelerators are expected to significantly boost FHE speed, potentially by factors of 100x or 1,000x.

While we may not see these advancements in the immediate future, we can reasonably expect significant improvements in FHE speed by the year 2026. These improvements should open up new possibilities and reduce the limitations that currently exist, expanding the applicability of FHE to a wider range of use cases.

We've featured the best encryption software.

Pascal Paillier is a researcher and entrepreneur in cryptography, and the CTO at Zama. He has spent the past 25 years inventing new cryptographic techniques for critical industries.