Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

A novel technique could see future Web services work with sensitive data without ever being able to read it. Several implementations of a mathematical proof unveiled just last year will allow cryptographers to start making the proposal more practical.

In 2009 Craig Gentry of IBM published a cryptographic proof that was that rare thing: a true breakthrough. He showed that it was possible to add and multiply encrypted data to produce a result that–when decrypted–reveals the result of performing the same operations on the original, unencrypted data. It’s like being able to answer a question without knowing what the question is.

Called “fully homomorphic encryption,” it has been dubbed the holy grail of cryptography. Addition and multiplication are the building blocks of computation, and being able to compute data without decrypting it would allow new levels of security. For example, someone could send an encrypted database of medical records to a cloud computing provider, secure in the knowledge that they could use the service to work on the data as usual without ever decrypting it. The results of a search could be sent to the data’s owner, who could decode it on his own system. The same approach could secure webmail or online office suites.

Nigel Smart, professor of cryptology at Bristol University, in the U.K., and collaborator Frederik Vercauteren, a researcher at Katholieke Universiteit Leuven, in Belgium, have now reworked the original proposal into a version that can be implemented and tested. “We’ve taken Gentry’s scheme and we made it simpler,” says Smart. While Gentry’s original scheme encoded everything in matrices and vectors, Smart and Vercauteren instead use integers and polynomials. “That makes it both easier to understand, and to work with,” says Smart, “you can actually compute with it and do real calculations.”

The original scheme’s reliance on large matrices and vectors made it impractical because of the complexity of working with every element of the matrices at each step, and the fact that their complexity grows significantly with each extra operation on the data. Smart and Vercauteren’s rewrite of the scheme sidesteps that enough to allow testing of actual implementations of Gentry’s idea on a desktop computer. “We do implement it, and we can actually encrypt bits and add and multiply a little bit,” says Smart. “We can do about thirty sequential operations.”

The usefulness of the scheme is still limited by the fact that, as more operations are performed, successive encrypted answers degrade, becoming “dirty,” as Smart puts it. That means the current version isn’t truly fully homomorphic, since it can’t perform any arbitrary calculation.

4 comments. Share your thoughts »

Tagged: Computing, security, privacy, cloud computing, cryptography, encryption, mathematics, cloud infrastructure

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me