Big Tech Turns to Homomorphic Encryption: Why Now?

Why Trust Techopedia

This year has seen a steady stream of announcements from the likes of IBM, SAP, Apple, and others about the transformative potential of homomorphic encryption (HE). By making masked data available for analytics, it promises to ease the tension between bullet-proof cybersecurity and the data-thirsty computational demands of AI.

Researchers have tried for decades to make it usable at scale. Has HE’s time finally come? We explain what it is, how it’s being applied, and what comes next.

Key Takeaways

  • Homomorphic encryption (HE) aims to bridge the gap between easy access to data and strong data security.
  • But for years, its intensive computational requirements have been a barrier to wide adoption.
  • Partly driven by demand for AI, 2024 has seen a surge in HE-related announcements and technical developments.
  • Experts think we’ll soon see an uptick in production-ready HE applications.

From Theory to Practice

The cloud economy, digital transformation, advanced analytics, and GenAI all have one thing in common – utter dependence on free-flowing data. Data needs to be accessed easily and shared within companies, between partners, and across supply chains. However, it also has to be secured against cyberattacks, and any data flows that include personal information have to stay in the lanes painted by compliance.

When freedom and sharing clash with regulation and security, who wins? Homomorphic encryption promises to make the decision less binary.

What is homomorphic encryption & how does it work?
HE’s computational compromise is to let operations be performed on encrypted data without decrypting it first. That leaves the security measures set by data owners in place while users reduce the costs, time, and complexity needed to ingest data for analytics and other apps.

Homomorphic Encription Process

It’s clearly a breakthrough development, though one that’s been around since at least 2009. Today, it’s best known as the technology behind RSA encryption, which tells you something about how it’s typically used.

As with RSA, homomorphic encryption can be slow and resource intensive, so real-world applications have been largely limited to smaller bits of data – say, for encrypting the keys that unlock files and messages.

Advertisements

That could all be set to change, as recent developments promise to expand HE’s utility.

Why Now?

In March 2024, SAP published a blog promoting its HE use cases and touting the technology’s strengths, even against newer forms of privacy-enhancing technology (PET) like multi-party computation (MPC) and trusted execution environments (TEE).

Then, in July, IBM published a technical note detailing its efforts in the realm of ‘confidential computing,’ particularly the use of HElayers that make it easier for developers to apply HE techniques to data, even if they don’t have cryptography expertise.

Homomorphic Encription Timeline

Dr. Juan Bernabe-Moreno, Director, IBM Research Europe for the UK & Ireland, told Techopedia:

“HElayers is packed with patented optimization and performance-boosting innovation for computation, AI innovation, and use case requirements that facilitate the practical use of a wide variety of AI workloads over homomorphically-encrypted data.”

Later the same month, Nature published a paper by Chinese researchers proposing a model for HE hardware at the network edge. It could give devices like laptops, where low power consumption and a compact form factor are key requirements, the ability to handle the computational heavy lifting around “encryption key generation, data encryption, and decryption within a single device.”

Then in August, Apple made its homomorphic encryption library open source, freeing it up for developer use under an Apache 2.0 license. Apple also revealed how it uses HE in Live Caller ID Lookup.

And that’s just a sampling of the thought pieces, research blog posts, and white papers published recently.

How did a technology that academics have been toying with theoretically since the late 70s suddenly become one of cyber’s hot topics?

AI & the Need for Speed

Jeremy Bradley, COO of homomorphic encryption startup Zama, told Techopedia that interest is being driven by regulation, innovation, and the demands of generative AI.

“Early versions of HE were notoriously slow and required significant computing power. However, recent advancements, such as new cryptographic schemes, improved algorithms, and optimized libraries, have reduced computation times and made HE more practical for real-world applications.”

Companies like Microsoft, IBM, and Zama are all pushing forward in this space, he says, by creating more developer-friendly tools and APIs to ease implementation.

Then, there’s compliance to consider. According to Bradley:

“Growing concerns around data privacy, amplified by laws like GDPR and CCPA, are driving organizations to explore encryption methods that ensure data confidentiality even when processed by third-party providers.”

Bradley says fully homomorphic encryption (FHE), with its ability to compute with encrypted data, presents an ideal solution for industries needing to balance data privacy with operational needs.

That’s also the case for AI and cloud applications.

“As AI models increasingly rely on large amounts of sensitive data (e.g., healthcare, financial services), there’s a growing need to process data securely in untrusted environments, such as public clouds or multi-tenant AI models,” Bradley says. “HE can enable AI algorithms to train on encrypted datasets, offering both utility and security.”

Homomorphic Encryption Use Cases

According to Bradley, the demand for more accessible homomorphic encryption technology rests on four key use cases:

Secure cloud computing
HE allows users to perform computations on encrypted data in the cloud, ensuring data privacy even while it is being processed by a third-party provider. This is crucial for sectors like healthcare and finance, Bradley says, where sensitive data is frequently analyzed by external entities.
Privacy-preserving machine learning
HE enables the training of AI models on encrypted data, allowing organizations to develop models without exposing sensitive inputs. This could transform industries like healthcare, where patient data can be encrypted and used in ML models without revealing identities.
Confidential data sharing
For enterprises dealing with multiple parties (financial services, government), HE allows secure collaboration on sensitive data without revealing the raw data to any of the participants.
IoT and edge computing
In areas like autonomous vehicles, smart cities, or medical devices, HE allows for the secure processing of data collected at the edge without sending sensitive information to centralized locations.

IBM’s Bernabe-Moreno says HE’s utility doesn’t end there.

“It’s a broad spectrum of use cases. To a large extent many leverage the benefits of privacy preserving collaboration enabled by FHE.

“For example, in financial services, much work has been undertaken in privacy preserving machine learning for areas such as collaboration on AML or fraud detection, where organizations want to work together without exposing their data to each other but benefit from the insights of computing together to train an analytic or a model.”

Limitations

Does that mean we’ll soon see a bevy of production-ready HE applications? Bernabe-Moreno thinks it’s not far off. He told Techopedia:

“Great strides have been made in mitigating some of the performance issues associated with FHE, like high computational overhead and latency. In fact we have not yet worked with a client where we could not meet the performance constraints that were required for their use cases.”

GPU acceleration and software improvement will soon be joined by dedicated FHE acceleration technologies, he added, which IBM expects to transform the compute environment.

“However, this is not something you have to wait for. We have demonstrated FHE utility at CPU, GPU and other levels for many practical use cases, not only in the Lab but with clients,” Bernabe-Moreno says.

Zama’s Bradley is also optimistic that HE will soon come into its own, though his enthusiasm is tempered slightly by the persistence of HE’s legacy drawbacks. He says:

“While performance has improved, HE is still slower than traditional encryption methods. This is because it requires additional computational overhead to enable operations on encrypted data. The gap is narrowing, but CIOs/CSOs need to assess whether the performance trade-offs are acceptable for their specific use cases.”

Bradley says there are other issues that need to be taken into consideration when adopting HE:

  • One is resource intensity, as HE generally demands more memory and computing power. “This limits its usability in environments with constrained resources, such as mobile devices or low-power IoT devices.”
  • Implementation complexity presents further challenges: “Despite recent advances, implementing HE requires specialized expertise in cryptography, and it is more complex than other encryption schemes. As such, adopting HE might necessitate investment in technical knowledge or reliance on specialized third-party services.”
  • Meanwhile, computationally-intensive operations like non-linear functions and complex branching logic are still less practical to perform using HE, Bradley says. “These limitations mean that HE is often most useful for mathematical operations like addition, multiplication, and linear algorithms.”
  • Finally, security can still be a concern. “No encryption scheme is invulnerable,” Bradley says. “As quantum computing becomes a reality, organizations will need to ensure that their HE implementations are resistant to quantum attacks, which could break many current encryption schemes.

On the quantum computing front, IBM’s Bernabe-Moreno believes homomorphic encryption still has a strong role to play in protecting data and minimizing reputational risk, “especially for protecting data or models used in compute or being utilized on the cloud. FHE is lattice-based and considered quantum safe and therefore has a role to play in Quantum Safe (QS) strategies.”

Successful Homomorphic Encryption Example: Encrypting DNA

More than 30 million people around the world have submitted their DNA to companies like 23andMe for analysis, sharing what has to be the most sensitive personally identifiable information (PII) possible in the process.

To test its machine learning framework for HE, Zama created a 23andMe-like genetic testing application, fully encrypted by HE.

Zama challenged its developer community to showcase the value HE brings to protecting sensitive data by building a machine learning system that could establish ancestry using HE-encrypted DNA data.

Two different solutions delivered the goods, both achieving 96% accuracy in genome matching. The full demo is available here.

Accelerating AI Adoption

So is homomorphic encryption a game changer, a complementary solution, or a spot solution with very specific applications?

“Potentially it’s all three, but fundamentally it’s an enabling technology,” says Bernabe-Moreno.

“Today we see it in AI and analytics, being applied in sensitive areas such as healthcare, finance, and other regulated industries where the ability to train models and make predictions on encrypted data can accelerate the adoption of AI while maintaining privacy. It also has a significant contribution to make to generative AI, for prompting, fine tuning or even privately querying LLMs.”

Zama’s Bradley believes HE is likely to play a complementary role in the broader security toolkit, rather than replacing other forms of encryption or becoming a stand-alone solution.

“HE works best when combined with other security technologies, such as zero-trust architectures, multi-factor authentication, data loss prevention systems, and quantum-resistant algorithms.”

The Bottom Line

The future of computing is encrypted. According to Gartner, 60% of enterprises will be using at least one privacy-enhancing computation technique by next year.

After decades of academic tinkering, homomorphic encryption could be top of the list.

FAQs

What is meant by homomorphic encryption?

What is a real-world example of homomorphic encryption?

What are the three types of homomorphic encryption?

What is the drawback of homomorphic encryption?

Advertisements

Related Reading

Related Terms

Advertisements
Mark De Wolf
Technology Journalist
Mark De Wolf
Technology Journalist

Mark is a freelance tech journalist covering software, cybersecurity, and SaaS. His work has appeared in Dow Jones, The Telegraph, SC Magazine, Strategy, InfoWorld, Redshift, and The Startup. He graduated from the Ryerson University School of Journalism with honors where he studied under senior reporters from The New York Times, BBC, and Toronto Star, and paid his way through uni as a jobbing advertising copywriter. In addition, Mark has been an external communications advisor for tech startups and scale-ups, supporting them from launch to successful exit. Success stories include SignRequest (acquired by Box), Zeigo (acquired by Schneider Electric), Prevero (acquired…