The present disclosure relates generally to the field of data security, and, more particularly, to methods, systems, and computer program products for performing homomorphic encryption and decryption.
It may be said that computing has taken over all aspects of the global economy. Increasingly, outsourced or out-tasked models for computing have become more prevalent, for example, “cloud computing,” in which an enterprise uses a third party's computing resources, such as servers and storage, to run an application under an on-demand, pay-per-use model, not unlike renting a car or hotel room.
One potential challenge in such a model is security. If an enterprise wants to run an application on some data, either the application may be proprietary, e.g., a trade secret trading algorithm used by a brokerage, or the data may be proprietary, e.g., customer purchases/identity information, or both. In the same way that a package transported by a third party logistics provider might get lost, data breaches have occurred where proprietary information is released to unauthorized recipients either accidentally or through the efforts of cyber-criminals.
A strategy for protecting data is encryption. Under traditional mechanisms the data may be encrypted at a point of origin in the enterprise data center and then carried across a network as ciphertext, but then must be decrypted at the point of destination to actually be processed. If the data is decrypted then the data is exposed to parties at the destination where the data is processed. If the data represents private or sensitive information then additional security measures may need to be taken to ensure that the data is not released to unauthorized parties.
One technique that may be used to allow third parties to process data in a secure manner is “homomorphic encryption,” which has the property that mathematical operations performed on the ciphertext are homomorphic, that is, the operations generate a resulting ciphertext that can be decrypted to generate a plaintext which equals the same result as if those operations were performed on the unencrypted operands. An example would be an encryption process of doubling and a decryption process of halving. If the plaintext value is 3 then the ciphertext value is 6. For an addition process, 6+6+6 equals 18, which when decrypted, i.e., halved, yields 9, which is identical to 3+3+3.
A homomorphic encryption process has been published by Craig Gentry that uses perfect lattices to enable numerous mathematical operations to be performed on encrypted data. While of theoretical interest, this proposed encryption process generally involves complex mathematical calculations, which means that even the simplest computations can take relatively long time periods. Moreover, even with parallelism, the computational overhead may outweigh potential savings from using cloud services that otherwise could provide economies of scale.