Ellison Anne Williams on demystifying the Homomorphic Encryption landscape
HE libraries provide the basic cryptographic components, but it takes software engineering and enterprise...
Innovative ‘emerging’ technologies are rarely straightforward. The path to market creation and broad commercial use, especially for a technology that is transitioning from the realm of research to commercial applicability, is lined with the challenges such as constructing shared terminology, understanding business relevance, and defining scope. At the heart of it all: a whole lot of market education, writes Enveil Founder Dr Ellison Anne Williams.
It is in this space that we find homomorphic encryption (HE), a transformational technology with the potential for significant impact across a number of data-driven use cases. A pillar of the Privacy Enhancing Technologies (PETs) category, HE protects data while it’s being used or processed by allowing computations to occur in the encrypted or ciphertext domain. These powerful capabilities have led to HE being referred to as the “holy grail” of cryptography and are the reason why it has been the subject of much research and academic pursuit for nearly four decades. Once computationally impractical for use at scale, recent performance and utilization breakthroughs have prompted exploration and adoption of the technology in a number of market verticals.
When paired with market factors such as digital transformation, positioning data as the backbone of the global digital economy, and data privacy moving from a ‘nice to have’ to a ‘must have’ for enterprise leaders, these advances and usage have led to a surge of activity within the HE landscape.
Yet, those of us who work in the space (full disclosure: my company is an HE solution provider) continue to see confusion around both the technology and its pursuit. This topic was the subject of some discussion at the recent 2021 Secure and Private Compute Summit, the first event focused entirely on commercial applications of technologies, like HE, that protect Data in Use. Event participants included potential HE customers in industries like healthcare and financial services, as well as vendors and researchers. While all play an important role in advancing the technology and its broader impact, the contributions each make to the HE community are distinct. To help clarify the nuance of the landscape, it’s helpful to compare the developing market to constructing a home.
This HE market analogy includes three primary components: HE Libraries, HE Research/Services, and HE Solutions. While they may sound similar to those unfamiliar with the space, there are significant differences in their role and contributions. Think of it this way: an HE solution is the house; HE services are the plans; HE libraries are the raw lumber.
As building blocks, homomorphic encryption libraries provide the basic cryptographic components for enabling the capabilities, but it takes a lot of highly specialized work including software engineering, innovative algorithms, and enterprise integration features to get to a usable, commercial grade product. Companies who build and maintain these libraries typically do so via research teams. Some of the more notable HE libraries include Microsoft SEAL and IBM’s HElib. As with all types of encryption, open source libraries are the safest, most transparent way to utilize HE algorithms. As any security practitioner would tell you, proprietary crypto is fundamentally a bad idea and if anyone is trying to sell it to you, you should run in the other direction.
Vendors providing HE solutions have already built the house and often leverage HE libraries as part of their offerings. While some may require minor adjustments to ensure that the product addresses a customer’s specific needs, all of the heavy lifting is done. A number of solutions are ready for purchase and implementation today, one of the biggest representations of the technology’s advances in recent years. The ability to obtain a commercial, off-the-shelf HE solution was a feat that seemed improbable even ten years ago. The growth we see now is just the beginning. According to Gartner, “The lasting opportunity that HE presents has enabled HE to emerge in recent years with a slow but steady increasing development trajectory in an otherwise unstable financial environment.”*
In the space between HE libraries and solutions we find researchers and service providers. While some efforts are linked to a specific library or standardization effort, ongoing research also includes a broad range of ongoing academic efforts aimed at exploring the technologies potential impact, applicability, and performance. Research & development efforts by teams in the commercial and government space are working to advance both the HE cryptographic components as well as hardware accelerators that could help optimize performance and efficiency. Further efforts, including those recently announced by Google, are focused on furthering usability for software engineers. Some research groups are also offering HE services to help organizations identify HE use cases and understand how to leverage the technologies accordingly.
While HE landscape continues to develop and mature, it is clear the technology has established a foothold. However, when investigating offerings in the space, it is important for organizations to understand what they are getting: raw building blocks, plans, or a house.