In recent years, as we have all entrusted more and more of our digitised data to the cloud, conversations about data privacy have become more prominent. People are now more aware of their data privacy rights and their digital footprints than ever before, and a certain distrust of tech organisations has grown in parallel to the new digital ‘enlightenment’.
In an ideal world, data subjects would retain sovereignty over their personal data and be able to live their online lives without fear that their data is stolen, misused, accessed or otherwise interfered with without their consent. Likewise, corporations would benefit from the ability to outsource data processing without the possibility of their intellectual property or confidential business information being stolen or copied.
Since the proposition of a fully homomorphic encryption (FHE) scheme in 2009 by Craig Gentry, a great deal of progress has been made towards viable applications of FHE that could go on to solve some problems related to the protection of private information, both personal and commercial.
In contemporary applications of data encryption, symmetric cryptography or asymmetric cryptography are typically used. A common usage of symmetric-key algorithms might be encrypting an offline database (i.e. ‘data at rest’) with AES-256 encryption, using a private key held by the database admin that served to encrypt and decrypt the data. Asymmetric-key algorithms — like those used in public-key cryptography — avoid the need for existing trust between the two communicating parties (e.g. when a client contacts a web server) by using a public key to encrypt the data which is later decrypted by the holder of the private key.
Comparatively, FHE allows arbitrary computation on encrypted data (ciphertext) without the need for decryption. In theory, a client can send encrypted sensitive information to a cloud server, have the server process the data without decrypting it, and receive the encrypted result of the computation from the server. This could, of course, revolutionise cloud computation and remove the need for absolute trust between the client and the cloud service provider. Similarly, its application in ‘secure multi-party computation’ (or ‘privacy-preserving computation’) scenarios could allow for collaborative data sharing and processing between data controllers that maintains the security and confidentiality of the information. Microsoft, IBM and others have released libraries and frameworks for early-adopting devs to make use of, which should lead to further development and progress in the field.
So, is FHE a silver bullet for the ‘privacy by design’ principle? Currently, no. As is the case with many novel technologies, it will take some time for FHE to be adopted and appropriately understood. To create meaningful applications, developers and designers would ideally have abstractions that allowed for experimentation without digging into the underlying mathematics too deeply, in the way that TensorFlow does, for instance. FHE also has relatively slow computation speed and can encounter inaccuracies because of the nature of computing data ‘blindly’, though compute power does grow expontentially (whether Moore’s Law is still relevant or not) and IBM suggest that FHE ‘is now capable of being performed at seconds per bit, making it fast enough for many types of real-world use cases and early trials with businesses.’.
In the near future, it is likely that further progress will be made with FHE and the algorithms that underpin it, which could lead to a revolutionary new era in the privacy technology field. Following the typical life cycle of technology adoption, FHE has been taken up by early adopters and should move into the stage of ‘early majority’ when applications become commercially feasible and useful. Hopefully that isn’t too far away.
###
Further reading : Exploring Design and Governance Challenges in the Development of Privacy-Preserving Computation
