Back to blogs

Blog | OCT 10, 2021

Introduction to Fully Homomorphic Encryption

Cyber Security

The year 2009 is not only the year of the bitcoin genesis block, but also the year in which Craig Gentry proposed a Fully Homomorphic Encryption Scheme. Due to this publication, 2009 is widely accepted as the year Fully Homomorphic Encryption (FHE) was born. FHE is nothing new, however from an adoption perspective it’s still in its very early days.

What is FHE? The bold promise is that Fully Homomorphic Encryption schemes allow arbitrary computations on cyphertexts. It gets considered as the holy grail of cryptography because it has the mind-blowing property to trustless outsource computations, meaning there is no trust-relationship required between the involved parties.

Fully Homomorphic Encryption

To highlight why FHE could play a huge role in the future, let us describe a group of use cases in which a data-provider needs to share data with a service provider to do computations on this data and gain the necessary insights.

To simplify the following explanation, we assume that the data-provider also acts as data-owner and insights-consumer. The service-provider additionally fulfills the role as computation/model owner. These are the steps they would usually go through in our scenario: A data-provider shares data with a service-provider to consume the insights produced by the service-provider. The data of the data-provider is encrypted in transit. Data-provider and service-provider are authenticated. The computations (e.g. inference operations performed by a machine learning model) performed by the service-provider are executed on unencrypted input data because he has the ability to decrypt the data which is necessary because he cannot apply its computation/models on encrypted data. The results are sent back to the data-provider encrypted and authenticated. TLS with mutual authentication is the most prominent implementation candidate for it. It’s cryptographically ensured that only data-provider and service-provider have seen the data or insights in plaintext. Data and insights are protected in transit and it is guaranteed that the communication takes place between data-provider and service-provider.

What are the downsides of such an implementation? The root cause which starts a chain of downsides is that at a certain point in time the service-provider has access to the plaintext data. For certain use cases this is not acceptable.

To solve this problem, the most widespread approach is to move the computations to the data. The service-provider shares its computation/model with the data-provider. This could be compared to an installation of some tool on your laptop. The computation runs in some environment where the data-provider is confident enough that no one can access the data or the resulting insights. The environment could be resources deployed in an Azure subscription of the data-provider or an on-premise installation in his own datacenter. Unfortunately, this is not the desired solution for all use cases. In an ideal scenario, the computation should never run in the mentioned environment because the computation itself needs to be protected. The IP/USP of the service-provider sits in the computation. This can lead to a blocking scenario because the data-provider cannot share its data and the service-provider cannot share its computation/model. How to proceed?

Fully Homomorphic Encryption is one solution to the problem because data-provider and service-provider can interact in a trustless manner. The adoption by real world-applications is still very limited because of two reasons:

  1. There is still a significant computational overhead for FHE operations in comparison to operations on plaintext and

  2. the implementation of such systems is difficult and available libraries/frameworks which try to make it developer-friendly are in its very early days.

Therefore, FHE is not a candidate for every use case. However, it’s an enabling technology for use cases where the entire chain of downsides mentioned above needs to be tackled.

For a software company which puts its focus on making cross company data-sharing happen with a vision of interconnected data ecosystems as the new normal, FHE is one technology which is obviously important.

Tributech is part of the research project Secure Machine Learning Applications with Homomorphically Encrypted Data (SMiLe) and got a grant from the Ocean DAO for this proposal. The roadmap for the product DataSpace Kit includes services which rely on FHE.

Contact us

You want to unleash the full potential of your data? Contact us for a first discussion about your data strategy.