Can Homomorphic Encryption be Practical, by Kristin Lauter, Michael Naehrig, Vinod Vaikuntanathan, July 2011 describes that the prospect of outsourcing an increasing amount of data storage and management to cloud services raises many new privacy concerns for individuals and businesses alike. The privacy concerns can be satisfactorily addressed if users encrypt the data they send to the cloud. If the encryption scheme is homomorphic, the cloud can still perform meaningful computations on the data, even though it is encrypted.
The promise of practical homomorphic encryption is sought by government, industry, and society. IBM and Microsoft have been vigorously pursuing research towards its potential promise as it, for example, enables ‘secure encrypted search’ (or ‘privacy-preserving information transfer’) by a public (open) cloud server; the server, for example, searches in an encrypted medical database (without knowing the query or the result), and delivering the encrypted result for decryption by the secure client. Yet another application of ‘secure function evaluation’ is where the open untrusted server executes a secret algorithm for an input without knowing the nature of the algorithm or the result. Thus a hacker who is presumed to have gained an open access to the public cloud server (even a malicious cloud service employee) presents no threat of compromise of the information or transaction. The applications of this homomorphic encryption are many and will enable wide-spread use of cloud computing allowing, for example, security conscious government and financial industry to move their services to the public cloud by encrypting their data bases and make them available for cloud computing without ever worrying about a security violation by the cloud service or outside hackers. Further, this privacy-preserving technology helps society cope with ever increasing attacks on confidential data not to mention private clouds. Note that the security of the above is not a result of a moving-target paradigm (e.g., software that is rapidly updated to thwart hackers' analysis) or clear software obfuscation but inherent in the mathematical nature of the homomorphic cryptosystem.
To date, homomorphic systems have been found to be impractical; only restricted special-case constrained uses have been shown to be of some potential for practical use.
Gentry et al. in STOC '09, Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pgs. 169-178, proposes a fully homomorphic encryption scheme—i.e., a scheme that allows one to evaluate circuits over encrypted data without being able to decrypt.
Xiao et al, in a paper entitled, An Efficient Homomorphic Encryption Protocol for Multi-User Systems, available at www.utdallas.edu/˜ilyen/techrep/HPbound.pdf propose a solution for the homomorphic encryption problem.
The following patent references are also believed to reflect the state of the art:
U.S. Pat. No. 7,254,586 to Chen et al;
WO/2010/100015 of INTRINSIC ID B.V.;
US 20100329454 of Takashima;
U.S. Pat. No. 7,472,093 to Juels; and
US 20110110525 of Gentry.