The problem with encrypting data is that sooner or later, you have to decrypt it. Keep your cloud files cryptographically scrambled using a secret key that only you possess, and it’s likely no hacker will have the codebreaking resources necessary to crack them. But as soon as you want to actually do something with those files—anything from editing a word document or querying a database of financial data—you have to unlock the data and leave it vulnerable. Homomorphic encryption, a still-mostly-theoretical advancement in the science of keeping secrets, could change that.
A homomorphic encryption scheme is a crypto system that allows computations to be performed on data without decrypting it. A homomorphically encrypted search engine, for instance, could take in encrypted search terms and compare them with an encrypted index of the web. Or a homomorphically encrypted financial database stored in the cloud would allow users to ask how much money an employee earned in the second quarter of 2013. But it would accept an encrypted employee name and output an encrypted answer, avoiding the privacy problems that usually plague online services that deal with such sensitive data.
Plenty of encryption schemes allow partial homomorphic encryption; That is, they let users perform some mathematical functions on encrypted data, but not others. In 2009, however, IBM researcher Craig Gentry came up with the first fullyhomomorphic encryption scheme. He compared the system to “one of those boxes with the gloves that are used to handle toxic chemicals…All the manipulation happens inside the box, and the chemicals are never exposed to the outside world.”
Unfortunately, Gentry’s method also adds immense computational requirements to computational tasks that would be simple with unencrypted data. With his original scheme, a Google search would take about a trillion times longer using his process. He estimated that it would be a decade or more before the scheme became practically usable.
But that scheme has been slowly improving. Gentry now says that it with recent tweaks to his method, fully homomorphic encryption would multiply the computing time necessary for a function by roughly a million—half as many zeroes as five years ago. That puts him more or less on track with his 2009 road map. And last month, Gentry was awarded the MacArthur “genius” grant for his crypto research. With $625,000 in Gentry’s pockets and users clamoring for better encryption in online services, practical homomorphic encryption could be unlocked in the not-so-distant future.
Hacker Lexicon is WIRED’s explainer series that seeks to de-mystify the jargon of information security, surveillance and privacy.