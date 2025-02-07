Well-designed software applications encrypt sensitive data when it is at rest or in transit. This provides robust protection of data in those states. However, to analyse or process data in memory, it needs to be decrypted. This creates a window of vulnerability for threat actors to potentially exploit. Unencrypted data in use could be susceptible to external and insider threats, including data theft. Using homomorphic encryption prevents this.

Homomorphic encryption differs from typical encryption methods by allowing computation to be performed directly on encrypted data without the need to decrypt it and without requiring access to a secret key to process it. The result of this computation remains encrypted in transit and in use, to be retrieved and decrypted by the data owner.

Preserving privacy with fully homomorphic encryption

Homomorphic encryption uses multiple types of encoding schemes to perform different classes of computation on encrypted data. Computations are represented as circuits (e.g., Boolean and arithmetical) and gates (e.g., addition/subtraction and multiplication/division). Some types of homomorphic encryption can evaluate multiple circuits with one type of gate, others can evaluate subsets of circuits with multiple types of gates. Fully homomorphic encryption (FHE) is the strongest version of homomorphic encryption, enabling evaluation of arbitrary circuits composed of multiple types of gates of unbounded depth.

The first plausible FHE scheme was constructed in 2009 by Craig Gentry at the IBM T.J. Watson Research Center, using a form of lattice-based cryptography that is the basis of various quantum safe cryptographic schemes. IBM has continued to research and develop FHE technology since this breakthrough, culminating in the announcement of IBM HELayers in 2021. IBM HElayers is a software development kit (SDK) for the practical and efficient execution of encrypted workloads using homomorphically encrypted data.

Protecting data confidentiality happens in three main locations: