Encryption 101: your complete guide
Infosec 101 - 11 min read
May 18, 2022
Jan 31, 2020
4 min read
There's a never-ending debate going on online. Should you risk privacy for one-click interfaces and instant access? When should data security trump convenience?
For 30 years, privacy has kept losing ground. Now everything's up for sale: your searches, location, preferences, and your secrets. But you may not need to sacrifice privacy any more. Homomorphic encryption is here to change the game. It stands out because the data under homomorphic encryption can be processed while staying encrypted.
In this article, we will not cover all of the complicated functions but will include lots of examples of how homomorphic encryption could be used.
Let's start with what we know about standard encryption.
While incredibly secure, today's encryption process could be more efficient. Think about it.
Let's say you need a bit of information from an encrypted database on the cloud. First, you must download the entire database, decrypt it, and open the database. After using the database, you have to encrypt it and upload it back to the cloud.
If you work in highly regulated industries, like medicine or finances, most of your data is encrypted. And every time you need a piece of it, you must go through the same rigorous process of downloading and decrypting data. By now, you must be thinking that there should be a better way. You're exactly right.
The first concept ideas for homomorphic encryption came just after the RSA encryption. However, these ideas didn’t turn into anything substantial for 30 years. A breakthrough came with professor Craig Gentry’s 2009 thesis Fully Homomorphic Encryption Using Ideal Lattices, which gave start to many developments in homomorphic encryption.
Homomorphic algorithms hold a high data security standard because calculations can be performed within the ciphertext. Since you bypass the decryption/encryption stages, calculations are faster, safer, and offer complete privacy. We'll show you an example of how homomorphic encryption improves a simple Google search.
Let's imagine that you felt a sudden urge to buy an Indiana Jones hat. You take out your phone, type "Indiana Jones hats nearby" into Google, and hit Enter. Google knows what device you used, when and where you entered the query, as well as a ton of other information about you. Search engines use that data to generate an answer for you. However, doing it the homomorphic way would send an encrypted query to the search engine, where it would be processed without being decrypted. On the surface, nothing has changed. You sent out a question and received an answer. But in reality, your digital life has become much more private because you're not required to give away private information every time you share something.
Homomorphic encryption could also improve medical research. Instead of going from patient to patient, scientists could extract specific data from global databases. It could also work to revamp voting. Let's say every vote gets a unique voting token. Auditors could not see who you voted for, but they could use those values to confirm that each candidate received the same number of votes as was reported.
Arguably, homomorphic encryption in cloud security could be one of the first applications for this type of encryption. That would mean cloud storage providers could not access your data anymore. You would be the only one with control over your data. Just like you are at NordLocker.
But how can you access the data without accessing the data? We knew this part would be slightly confusing. So, welcome to the math portion of the article.
Homomorphic encryption works because the same result can be achieved inside as well as outside the function. The operations can include all of the basic arithmetic functions like addition, subtraction, multiplication, and division. For example, f(2*3) and 2+2+2 are homomorphisms. So think that, only a thousand times more complex.
An interesting bit about this kind of encryption is that it can't be solved by throwing more computing power into the problem. Most encryption algorithms rely on hard mathematical problems like prime factorization — problems that are hard today, but will become easier as our computers become more powerful. Homomorphic encryption is different in this regard. Since it’s not based on a mathematical problem, the algorithm does not become weaker as technology improves.
There are three types of homomorphic encryption that you should know about.
Partial homomorphic encryption allows only select calculations. However, the number of calculations is unlimited.
Somewhat homomorphic encryption limits calculations even more. It can use specific functions, which can be performed a set number of times.
It allows unlimited calculations on the entire encryption. This is the ultimate goal for making homomorphic databases accessible without compromising security.
Some scientists certainly lean that way. However, the process won't be as quick as we would all hope. At the moment, homomorphic encryption is too slow even to be considered for widespread adoption. But it is getting better. Plus, lots of privacy enthusiasts are determined to make homomorphic encryption a reality. That helps.
Eva is usually the quiet one in the gang. But don’t let that silent demeanor fool you. She’s a brown belt in Brazilian Jiu-Jitsu. And when she’s not kicking butts, Eva loves to dissect complex tech topics in a way even 5-year olds would understand.