This is an exclusive interview series conducted by the Editor Team of CIO News with Akhil Wadhavkar, Chief Information Security Officer (CISO) at CDSL – Central Depository Services India Ltd.
In today’s digital age, data security is of paramount importance. With the increasing amount of sensitive information being stored and processed online, ensuring the privacy and security of this data has become a significant challenge. One promising solution to this problem is homomorphic encryption.
What is homomorphic encryption?
Homomorphic encryption, simply put, is a cryptographic approach that permits information to be processed even as it remains in an encrypted form. Unlike conventional encryption, which calls for statistics to be decrypted for any significant operation, homomorphic encryption permits computations to be performed at once on encrypted statistics. The result of those computations, when decrypted, fits the result of the same operations completed at the plaintext records. This manner in touchy statistics may be analyzed, manipulated, and worked with, all even as it remains encrypted, hence retaining both privacy and security.
The concept of HE indicates that operations can be performed on encrypted data without the need to share the secret key needed to decrypt the data with the cloud provider. If decryption is carried out as the result of any operation, it will be the same as if calculations were done on the raw data.
Why would it be needed? What are the use-cases?
Data privacy stays one of the paramount concerns with the advent of AI/ML.
Engaging with third-party services (most probably cloud-based) and subscribing to LLM services for data analysis are all challenging due to data privacy concerns and regulations.
The traditional encryption method provides an efficient way to address data at rest, but eventually data must be decrypted for processing and performing operations on it.
The main impetus for the development of homomorphic encryption is cloud computing. Some businesses are only commercially viable because they can use cheap, scalable cloud computing services. Because they lodge all their data with a third party, the prospect of being able to encrypt remotely stored data but still work with it is very appealing.
Aside from cloud computing, HME is also of interest for federated learning. Federated learning is the use of multiple machine learning systems to “compete” with each other to deliver better and better results. For example, to generate increasingly realistic human faces or increasingly accurate interpretations of medical diagnostic images.
This use case has two prerequisites:
- A generative adversarial network (GAN), which consists of two neural networks competing to produce increasingly realistic outputs based on their training datasets (e.g., human facial images),
- Distributed training datasets (e.g., medical records)
Because the training datasets are distributed, one approach might be to make a centralized copy of them, but this may be impractical for reasons of privacy or security. Federated learning with homomorphic encryption allows neural networks to use distributed training datasets without needing to decrypt them.
Regulated industries, like finance, retail, information tech, and health care, will all be able to benefit from homomorphic encryption. As the technology advances, it will be possible for these industries to perform computations on large data sets through techniques like machine learning, all while keeping sensitive data secure.
Homomorphic encryption could be used to improve the security and efficiency of cloud computing processes, such as in the case of citizen data or public records.
What are the types of homomorphic encryption?
Homomorphic encryption schemes are classified depending on the possible circuits they can evaluate on encrypted data; differences lie in the available gates to use and the depths of those circuits. HE schemes can be classified into three main types:
Partially-HE (PHE): This type of scheme can evaluate any circuit composed of a single type of gate, addition or multiplication, but never both. It doesn’t restrict neither the size nor depth of the circuit. This type is well suited for the applications that only need to perform either addition or multiplication on encrypted data. The RSA cryptosystem is an example of a PHE that allows an unbounded number of modular multiplications.
Somewhat-HE (SHE): This type of scheme can evaluate circuits composed of addition and multiplication gates, but with the restriction on the depth. SHE is useful for evaluating low-degree polynomials up to some level; however, we sometimes need to evaluate circuits of arbitrary depth.
Fully-HE (FHE): This encryption scheme can evaluate circuits composed of both addition and multiplication gates. In contrast to SHE, FHE has unlimited circuit depths, which makes it suitable for deep learning applications. Although many FHE schemes have been proposed during the last decade, it has been difficult to use them in practice. In the linked paper, Craig built FHE on top of SHE by using what he called bootstrapping. Although FHE being the most powerful type, in order to put such a scheme into practice, one needs to consider other factors as well, like the cost of evaluation, size of ciphertext, domain of plain text (integer or real numbers), and the cost of bootstrapping.
Pros & Cons
Homomorphic encryption is based on lattices, which hide data in a repeated collection of points. It’s difficult for both a quantum computer and a traditional computer to break lattice-based encryption, adding to its security.
Data sets are encrypted while retaining the same structure and mathematical operations. A block of ciphertext that is computed on is structurally the same as its plaintext counterpart.
Unfortunately, homomorphic encryption does have challenges. First, it’s a complex process. Each encryption algorithm is difficult to create and implement, and producing a valid result for each computation can be time-consuming.
Between slow computation speed or accuracy problems, FHE remains commercially infeasible for computationally heavy applications.
Besides being computationally expensive, homomorphic encryption limits the set of operations one can perform on the data. For instance, operations like division, inverse multiplication, etc. are not feasible either.
Practical implementations?
Some popular open-source libraries for implementing homomorphic encryption schemes include:
Similar to homomorphic learning, federated learning also caters to the problem of not being able to centralize the training data due to data privacy, secrecy, regulatory compliance, and heavy volumes and loads of data.
References
How Homomorphic Encryption Works—Explained in Plain English (freecodecamp.org)
Homomorphic Encryption Use Cases: IEEE Digital Privacy
Also read: Unveiling the Ethical Imperatives: Navigating the Intersection of AI and Cybersecurity
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.