Homomorphic encryption tools find their niche

Current homomorphic encryption offerings require fewer specialized skills and are proving themselves effective in some use cases.

A circuit board with CPU / chip displaying glowing binary code.
Matejmo / Getty Images

Organizations are starting to take an interest in homomorphic encryption, which allows computation to be performed directly on encrypted data without requiring access to a secret key. While the technology isn’t new (it has been around for more than a decade), many of its implementations are, and most of the vendors are either startups or have only had products sold within the past few years.

While it's difficult to obtain precise pricing, most of these tools aren’t going to be cheap: Expect to spend at least six figures and sign multi-year contracts to get started. That ups the potential risk. Still, some existing deployments, particularly in financial services and healthcare, are worth studying to see how effective homomorphic encryption can be at solving privacy problems and delivering actionable data insights. Let’s look at a few noteworthy examples.

  • The San Diego-based Community Information Exchange uses homomorphic encryption to allow multiple social service agencies to share data on their clients without revealing their personal information. This is useful if one client requires services from multiple agencies, such as a housing benefit, food stamps and medicines. The exchange satisfies the HIPAA requirements for privacy yet allows for the coordination of the various social agencies to avoid duplicating benefits.
  • Microsoft has created a research project aimed at improving election ballot security called Election Guard. While it hasn’t yet been deployed by any elections board in production, it was used in a small municipal election in a Wisconsin primary vote in February as a trial run. The issue in voting is that voters have secret ballots but want to verify that their vote was tabulated. Election Guard is based on homomorphic encryption and satisfies the needs of voters and the elections board.
  • One of the more compelling use cases is in the financial services sector. Scotiabank is using homomorphic encryption technology from Duality Technologies for its anti-money laundering (AML) detection. To give you an idea of how big a problem this is, the United Nations reports that up to $2 trillion in funds is laundered through the global financial system every year. These include a wide range of illicit activities such as terrorism, drugs, cybercrime and human trafficking.

    With AML, you want to be able to correlate and query activities by the criminals across multiple banks but can’t reveal who the targets are due to privacy regulations. Homomorphic encryption offers the ability to get this information without disclosing who the subject of the query is and instead hides this data from the entity that is processing the query. These bank-to-bank transactions are a natural fit for homomorphic encryption. Resolving some of these fraud cases could take months, but with homomorphic encryption they can be resolved within minutes.

Finding the right use cases

That brings up another important point for homomorphic encryption: Because the encryption algorithms use problem-solving complex mathematics, they take more time to process transactions than non-encrypted methods. That isn’t a surprise to anyone who has worked in the data encryption space, and the slower processing has been considered a roadblock to adoption. Homomorphic encryption vendors refute this notion.

To continue reading this article register now

Microsoft's very bad year for security: A timeline