Fully Homomorphic Encryption: Cutting the Gordian Knot of querying health data without accessing it
Imagine you are the steward of a database of sensitive, patient identifying health information. You are tasked with giving access to data scientists so they can run queries on these data. However the rub is, the data scientists cannot have access to the source data but can only access the data in an encrypted form? Sounds impossible right? Well not if Fully Homomorphic Encryption (FHE) is used!
What is FHE?
FHE refers to a special type of encryption technique that allows for computations to be done on encrypted data, without requiring access to a secret (decryption) key. The results of the computations are encrypted, and can be revealed only by the owner of the secret key. The image below illustrates what FHE’s inventor Craig Gentry described it as “one of those boxes with the gloves that are used to handle toxic chemicals… All the manipulation happens inside the box, and the chemicals are never exposed to the outside world.”
In 2009 Gentry invented the first fully homomorphic encryption algorithm. The main limitation back then and for a time after was the length of time it took to compute on encrypted data: in 2011, it took 30 minutes to process a single bit using FHE. Fast forward to 2015 and researchers could compare two entire human genomes using FHE in less than an hour.
What are the FHE use cases?
The use cases are many and growing all the time as data privacy, rightfully so, becomes ever more important. FHE offers much better cyber security resilience by allowing data owners to not just store encrypted data at rest or in transit but also when being queried.
Having a professional stake in this I believe health informatics will be the biggest beneficiary of FHE. As things stand moving healthcare data into the cloud faces many barriers despite the many perceived benefits. Some of the main arguments in opposition to cloud adoption are:
- Who has access to the data?
- Where is it stored?
- and how do I know it is not being copied?
These of course are legitimate concerns for the data owners. Having the data on-premise on servers that they can control and administer is a lot more re-assuring. However with FHE data owners can feel confident that storing the data on cloud in an encrypted form does not violate its privacy. For instance the data can be made available to third parties to run machine learning algorithms on it without revealing the underlying elements of the data.
Barriers to adoption are the perceived complexity in implementing FHE. It is still early days and as of yet there is not a fully commercial application available to allow organisations to easily transfer their data into a FHE environment. That being said IBM have done huge work on FHE over the past decade and provide a toolkit on Linux to allow developers to dip their toes into FHE. The Github repo is here
Finally…the data sovereignty cloud
Cloud data sovereignty is the concept that data stored in the cloud is subject to the laws and regulations of the country that has jurisdiction of the physical servers and premises being used. In some circles 2022 has been touted as the year of the data sovereignty cloud. The current cloud regulatory environment will become more complex. But FHE can offer a way for cloud providers and data owners to assure their users and the regulators that their data is always encrypted on-cloud. A huge win for everyone
Homomorphic Encryption: The 'Golden Age' of Cryptography
Modern cryptography is embedded in countless digital systems and components. It's an essential tool for keeping data…
The Future of Crypto: IBM Makes a New leap with Fully Homomorphic Encryption
By Flavio Bergamaschi, Russ Daniel, and Ronen Levy
Homomorphic Encryption - Microsoft Research
Homomorphic Encryption (HE) refers to a special type of encryption technique that allows for computations to be done on…