Unlock value of sensitive data without decryption

Preserve privacy and compliance while working with confidential data at all times.

Your business data is likely hosted and stored across hybrid multicloud environments, whether owned and managed by your organization or a third-party provider. This setup exposes that data to various risks and vulnerabilities.

To mitigate potential noncompliance or breaches, risk management and security leaders of most enterprises encrypt their business data. Indeed, extensive use of data encryption can help achieve zero trust and reduce the financial exposure for businesses.

$5 billion

Penalty the Federal Trade Commission charged for deceiving users about their ability to control the privacy of their personal information¹

While encryption allows data to be protected both during transit and at rest, the data typically must be decrypted while being accessed for computing and business-critical operations. Under these conditions, you're potentially violating the privacy of your confidential data.

What if you could unlock the value of your sensitive data without ever having to decrypt it?

Fully Homomorphic Encryption (FHE) allows you to take advantage of your valuable data previously unreachable due to the paradox of need-to-know versus need-to-share between data custodians and data users. With FHE, you can better enforce zero trust because the data is always encrypted and can be shared, even on untrusted domains in the cloud, while remaining unreadable by those doing the computation. In short, one can now do high-value analytics and data processing – by internal or external parties – without requiring that data to be exposed.

The good news is that IBM Security™ is bringing this innovation from IBM Research® to reality with new, first-of-its-kind security services to help you take the next step.

This video illustrates more how IBM Security Homomorphic Encryption Services works.

Understand the concepts for unlocking the value of sensitive data.

In the past, cryptographic schemes that allowed processing on encrypted data were limited to partial homomorphic schemes. This situation meant when two parties want to send data securely, the following process occurred:

• The sender would encrypt the data with a public key.
• The recipient would decrypt the data using the key.
• The recipient would perform a computation on the data, re-encrypt the data and send it back to the original sender.

Using this method, the data is scrambled for transmission so if a third party intercepts the data, it could not be stolen in its clear form. But senders must trust recipients with their data, as recipients have to decrypt the data to perform the computation.

This situation changed in 2009, when IBM® pioneered FHE. FHE enables the processing of data without giving access to it.

Foundational concepts of FHE

Step 01

Owner encrypts the data


Plaintext is first converted into ciphertext, which is unreadable by humans until the proper cipher algorithm is used to decrypt it.

Step 02

Computation on encrypted data is performed

Computations are performed directly on the ciphertext, which means that the data and results remain encrypted during computation.

Step 03

Owner unlocks data and results


The encrypted results are then sent back to the data owner. Data and results are decrypted by that data owner, so security isn't compromised.

However, when first introduced, FHE was too slow for practical use by businesses. In recent years, thanks to algorithmic and computation advancements, Fully Homomorphic Encryption has reached an inflection point where its performance is becoming practical. These developments have the potential to revolutionize data privacy for businesses.

Fully Homomorphic Encryption has the potential to transform the way you interact with data.

FHE can help you unlock the value of your sensitive data without decrypting it, preserving privacy and compliance.

Data monetization

Unlocking the value of data: You can generate measurable economic benefits from the implementation of FHE while preserving data privacy. Because computation occurs on encrypted data, organizations can share sensitive business data for analytics or cross-industry collaboration without giving access to or divulging the private data.

Data privacy

Improving or enhancing privacy: Data can now be processed by third parties without divulging the data itself or any insights from processing the data as intermediate and final results are also kept encrypted.

Regulatory compliance

Helping meet regulatory and compliance mandates: As penalties for violations increase, FHE can help you process activities involving your encrypted data without ever exposing unencrypted and sensitive information.

More secure use of cloud

FHE provides a means to keep data encrypted in a third party or untrusted domain, such as a public cloud or partner data center. At the same time, FHE allows for use and computation on that data.

Who needs FHE?

The following stakeholders can find FHE advantageous in such activities as computing on fully encrypted data, developing algorithms for practical applications and helping protect consumers:

• Line of business (LOB) owners
• Chief marketing officers (CMOs)
• Chief information security officers (CISOs)
• Chief information officers (CIOs)
• Chief risk officers (CROs)
• Heads of data analytics
• Business intelligence leaders
• Data security analysts, administrators or both
• Data scientists
• Cloud transformation leaders

The collaborative nature of FHE encourages many of these stakeholders to work together when installing and running the service.

Review some specific use cases of how Fully Homomorphic Encryption can work.

The ability to collaborate with third parties without exposing your sensitive data is a big asset FHE provides your enterprise. With this feature, you can obtain more insights and get more value from your data while avoiding privacy and compliance violations.

FHE can disrupt major industries such as finance, healthcare, infrastructure and government by bridging the gap of need-to-know data versus need-to-share data between data custodians and data users.

For example, FHE makes it possible to share financial data or patient healthcare records for analytics or cross-industry collaboration without giving access to the confidential data. Here are some other specific use cases that offer collaborative possibilities for your organization.

Analytics over FHE encrypted data

Allow a third party or separate line of business to perform analytics on encrypted data with FHE without ever exposing the data.

For example, marketing leaders can analyze a sensitive customer data set to run a campaign.

AI and machine learning

Train AI and machine learning models using a myriad of sensitive data without ever exposing the unencrypted data to the machine learning environment.

For example, developers can generate AI-driven insights from customers’ personally identifiable information (PII) within their applications.

Search and data matching

Perform FHE encrypted searches without revealing the intent and contents of your search.

For example, users can perform point-of-interest searches on mobile devices without revealing the location.

Biometrics and behavioral Data

Authenticate to services providing only encrypted biometrics and behavioral information.

For example, customers can sign into applications without revealing their sensitive biometric data or usage patterns.

FHE use cases in regulated industries

In certain industries, privacy and compliance mandates are paramount. These industries can benefit from FHE in the following ways:

Financial services

Many financial organizations are restricted from sharing and mining sensitive data due to legislation, regulation and their own policies. FHE enables the sharing and computing of encrypted data with machine learning models without exposing sensitive information.

Healthcare and life sciences

Past solutions to either completely anonymize data or restrict access through stringent data use agreements have limited the utility of abundant and valuable patient data. FHE in clinical research can improve the acceptance of data-sharing protocols, increase sample sizes and accelerate learning from real-world data.

Retail and consumer goods and services

Organizations interested in monetizing their data often run into a problem: How is it possible to share access to data while also concealing a user’s query intent? FHE makes it possible for universal freedom of information to exist with an individual’s right to privacy.

While Fully Homomorphic Encryption is powerful, some hurdles lie ahead.

There are two specific challenges associated with FHE: implementation and hosting and running FHE-enabled applications.

Implementing FHE

Developers and data stewards need the following assistance:

• Concepts and education: Learn foundational concepts, important design considerations and constraints.
• Data preparation and planning: Understand and prepare their specific use case data requirements prior to utilization in an FHE environment.
• Tools and services: Leverage the FHE tools and libraries and use IBM Security Homomorphic Encryption Services for hosting and running FHE-enabled applications.

Hosting and running FHE-enabled applications

Running your FHE-enabled applications needs the following assistance:

• Availability of computing power: Standard FHE calculations may take tens or hundreds of times more computing power than conventional applications, making the availability and sizing of compute difficult.
• Domain consideration: FHE-enabled applications can now run in any domain, even those historically classified as unfit for highly sensitive data.
• Tools and services: FHE-enabled applications need access to core FHE libraries and tools to be deployed alongside your application, and connectivity to your “trusted domain” for key and data exchange is required.

Introducing a first-of-its-kind security services for Fully Homomorphic Encryption.

IBM Research pioneered Fully Homomorphic Encryption, and IBM Security now is offering a first-of-a-kind security services for FHE in the industry.

With FHE from IBM Security Homomorphic Encryption Services, you receive what you need to get started, including the following benefits:

• Education and consulting on FHE concepts and constraints from IBM Data and Application Security Services advisors
• The FHE Toolkit with sample code and demonstrations to assist in learning and exploration
• A built-in Integrated Development Environment (IDE) for rapid development with minimal setup
• A managed computational environment on IBM Cloud® tailored to FHE use cases

IBM Security Homomorphic Encryption Services reduce complexity in getting started with FHE-enabled application development. IBM Security has consulting and managed services designed to meet your needs wherever you are on your FHE journey.

These services help you to learn about FHE concepts and provide a scalable and managed hosting environment on IBM Cloud to build, deploy and run FHE-enabled applications. Trusted advisors are ready to guide you along the way.

Led by security innovations of IBM Research, with over 3,000 security and risk patents, IBM is a cryptography solutions leader with global delivery capability. IBM can offer you holistic end-to-end data protection and help enforce and achieve zero trust.

For more details about IBM Security Homomorphic Encryption Services, click on the following button.

Read more

Developers who want to research the potential of FHE in depth should use the following link.

Learn more