Is Homomorphic Encryption the Future of Enterprise Data Security?

Is Homomorphic Encryption the Future of Enterprise Data Security?

November 14

The recent wave of data breach delirium has led to an increased interest in security technologies. Security vendors say encryption is high on the list of technologies driving intrigue. Encryption has been fairly effective at keeping hackers out and providing a peace of mind for the people and organizations who adopt it. To eliminate the hassle associated with the decryption process, IBM has invested in homomorphic encryption, a cutting edge cryptography concept that could have revolutionary implications.

Encryption in general requires a message to be decrypted – or unscrambled – before it can be read. Even though the message was protected during transit, it instantly becomes exposed and vulnerable to attack the moment you unlock it. In simple terms, homomorphic encryption would allow you to read that message in its decrypted form without actually removing that protective layer. It’s a novel idea with the potential to improve both the security and efficiency of sensitive data-driven operations across cyberspace.

Theoretically speaking, an IT administer could use homomorphic encryption to  encrypt customer records, business intelligence, trade secrets, and other confidential data before uploading it to the cloud, where encrypted data is essentially useless beyond storage. From there, the data can be managed, and shared with other users according to the company’s specific needs all without being decrypted. This example shows how the concept can prove valuable in areas like the cloud where security concerns are both warranted and mounting.

Adoption Challenges of Homomorphic Encryption

Homomorphic encryption isn’t exactly new, rather a concept computer scientists have been trying to hash out for decades. However, Craig Gentry, a researcher at IBM, is credited with first completing such a system in 2009. When starting out in 2008, Gentry’s experiment was limited to a couple of basic computations before the system spit out a jumbled mess comparable to standard encrypted data. It wasn’t until he implemented an additional layer of encryption to secure the intermediate output that he was able to find success.

While homomorphic encryption is incredibly promising, there are two main barriers standing in the way of mainstream adoption: performance and practical use. In a web search scenario, Gentry estimated that his original system would take Google roughly a trillion times longer to process the encrypted data. Improvements have been made since then, but even five years later, processing full-on homomorphic encryption is still about a million times slower than unencrypted data. Gentry projects that it’ll be another five years or so before the system is ready for enterprise adoption.

Crowd-Sourced Cryptography

Commercial-grade homomorphic encryption appears to be a few years away at least. On a positive note, we may see it faster than anticipated if IBM’s community-oriented call for participation takes off. The tech giant is currently inviting aspiring cryptographers to partake in public challenges built around breaking full homomorphic encryption schemes in difficulty levels ranging from small to large. The goal is to identify weaknesses and improve the system.

Check out this page on the IBM website if you think you’ve got what it takes or just want to learn more about project.

Photo Credit: Perspecsys Photos via Flickr and courtesy of