Lauter and colleagues implemented only the most efficient parts of a fully homomorphic encryption system. As a result, they’ve produced a system dubbed “somewhat” homomorphic that can only perform some calculations, but is speedy enough to be used in real software. “I’m trying to look at this from a practical perspective and say what can we do now,” she says.
Only additions and a few multiplications can be done on a piece of encrypted data sent to the system, but that’s enough for many services, says Lauter. “You can still do a lot of statistical functions and perform analysis like logistical regression, which is used to do things like predict how likely a person is to have a heart attack,” she says.
The software was tested on an ordinary laptop. It added together 100 numbers, each 128 binary digits long, in 20 milliseconds. This and other performance tests show that such a system could be used for a real cloud service today, says Lauter, without waiting for the fully homomorphic encryption designs to be made practical.
“Those schemes are still very much in flux and evolving fast,” she says. “We’re hoping that people will do serious implementations of our design.”
Daniele Micciancio, a professor and cryptography researcher at the University of California, San Diego, says that Lauter and colleagues have demonstrated a new avenue for work in the area. “She showed that taking a fundamental building block of the schemes for fully homomorphic encryption could be enough to build applications,” he says. “It demonstrates that it is possible to work with homomorphic encryption at different levels.”
As techniques for fully homomorphic encryption evolve, it might be possible to gradually increase the complexity of calculations that can be performed practically. Today, however, performing calculations using fully homomorphic encryption often takes around 30 minutes, not a few milliseconds, says Micciancio.
Carson Sweet, founder and chief executive of Cloudpassage, which works on security for cloud services, says the technology will need considerable development to attract the interest of commercial cloud providers, but could solve significant problems. “You can push encrypted data into a cloud service today, but it can’t be indexed, searched, or operated on,” he says.
Sweet says that the privacy and security issues associated with storing and processing medical records make this an area in which the technology could be deployed first. “Federal government and financial services are other areas where people are willing to accept a performance penalty to get better security,” says Sweet.