A word that’s been popping up a lot lately is homomorphic encryption. Many companies and online services are switching their encryption model into a type of homomorphic encryption, advertising that it’s for better user privacy and security.
But what is homomorphic encryption? What does it mean? And what makes it different from other types of encryption?
What Is Encryption?
When encrypting a file, you’re encoding its content to appear jumbled beyond recognition. The only way to access encrypted data is to either obtain its encryption key or attempt to crack it manually or using third-party software.
The primary benefit to encrypting a file, group of files, or even an entire database is to keep them private from anyone who isn’t authorized to view or edit them, ensuring authenticity and privacy.
However, the problem with most encryption types is the inability to edit the data while it’s encrypted. While this might not seem like a big issue at first, it’s similar to not being able to close your house’s front door while you’re inside it. Decrypting data to edit it leaves it vulnerable to all the attacks you were trying to protect it from.
What Is Homomorphic Encryption?
Homomorphic encryption is a type of public-key encryption—although it can have symmetric keys in some instances—meaning it uses two separate keys to encrypt and decrypt a data set, with one public key.
The word “homomorphic” is Greek for “Same Structure,” as homomorphic encryption uses algebraic systems to encrypt data and generate keys, allowing authorized individuals to access and edit encrypted data without having to decrypt it.
There are three types of homomorphic encryption:
- Fully Homomorphic Encryption
- Somewhat Homomorphic Encryption
- Partially Homomorphic Encryption
The three types vary in the level of operational access they allow to affect encrypted data. Fully homomorphic encryption is the newest type. It offers the complete ability to edit and access encrypted data.
“Somewhat” and “Partially” homomorphic encryption, as their names suggest, only allow for limited access to the data.
They either:
- Limit the number of operations run on a data set, like with “somewhat homomorphic encryption,” or,
- Only allow you to run simple operations but for an unlimited number of times, as with “partially homomorphic encryption,” which makes it the perfect homomorphic encryption type for highly-sensitive data.
Real-Life Applications on Homomorphic Encryption
Thanks to its remarkable security and flexibility, homomorphic encryption has a presence in many prominent fields that handle massive amounts of sensitive data that require regular access.
It’s also not limited to corporations that work with sensitive data. It has now reached a level where it’s being implemented into everyday use.
Password Managers
The most notable recent example comes from Google Chrome and Microsoft Edge. Both browsers recently introduced homomorphic encryption for their in-browser password management tools, along with an in-browser password generator for Microsoft Edge.
Browsers like Chrome and Edge are widely used. Chances are either you or someone you know uses one of them daily and maybe even trusts them with passwords and other login information.
But how will they implement homomorphic encryption into their password managers, which are essential to every internet user, to increase efficiency and security?
You might be familiar with “password monitoring.” If not, password monitoring is when your password manager continuously runs your passwords against public lists of recently breached or leaked logins. That way, it can alert you whenever it detects one of your passwords floating around online.
Previously, and with traditional encryption methods, your password manager had to decrypt your logins to check them against those enormous and constantly-growing lists of compromised credentials, which, in itself, drastically reduces your privacy and puts your passwords at risk.
But with homomorphic encryption, you retain complete privacy while your password manager runs your still-encrypted passwords against those lists.
Web Apps and SaaS Providers
Both web apps and SaaS providers have to collect and process large amounts of data that are, more often than not, private user data. The need for secure encryption increases according to the type of data in question, whether it’s general files or sensitive information like financial records and credit card information.
In those two scenarios, the data needs to be secure but also available to the service provider’s cloud, and IT resources to store and process.
Using homomorphic encryption instead of its alternatives can ensure both privacy and the ability to process, calculate, and alter data without decrypting it. It’s a win both for the service provider, as it increases their trustworthiness, and for you, because your data becomes private and secure simultaneously.
Why Not Use Homomorphic Encryption Everywhere?
If homomorphic encryption is this great, why aren’t more companies using it in their services, especially ones that hold sensitive data?
Compared to other types of encryption methods that offer similar security levels, homomorphic encryption is incredibly slow. That makes it only possible to use in individual cases such as personal password managers and per-user SaaS and web apps.
But when it comes to rapid communication channels and large databases, homomorphic encryption is too slow and inconvenient to make up for the slight increase in privacy and security.
Homomorphic encryption isn’t new by any means. It dates back to 1978, which has given it a lot of time to grow in efficiency, complexity, and speed. But it’s only been used and studied by established corporations for the last ten years. Still, that means the internet is likely to see a homomorphic encryption revolution not long into the future.
Looking Forwards to Better Encryption
Just because an encryption model is old doesn’t mean it’s without merit and can’t evolve into a version that keeps up with today’s cybersecurity needs. Companies that value data security will continue to grow and evolve or change their encryption models to the best out there, which can be hard to keep track of.
You don’t have to become a cryptographer to understand what companies are doing with your data, but it’s good to understand basic encryption terminology and learn more about it.
About The Author