By Mark Wilson, Director, BMC Mainframe Services by RSM Partners
So there I sat, having a coffee with an IBM distinguished Engineer at SHARE Fort Worth — more on that later — when he mentions Homomorphic Encryption (H-E). Now, I have been a mainframer for over 40 years, a security specialist for over 25 years, and I had no clue what he was talking about!
He then proceeds to tell me that you can do H-E on a mainframe. I was absolutely gutted I didn’t know anything about this, so I embarked on a research project.
This article is a summary of that research and contains some of my learning and thoughts. It also has links to relevant articles that I found during my research, which quite frankly have been written by people who are much smarter than I am. The purpose of this article is to simply inform the reader of what it is, how and why it could be used, and where to find further information.
The problem with encrypted data is that you must decrypt it in order to work with it, then re-encrypt it, which all takes time. By doing so, it’s vulnerable to the very things you were trying to protect it from. There is a potential solution to this problem, and it’s called H-E.
H-E makes it possible to analyze or manipulate encrypted data without revealing the data to anyone, allowing data to remain confidential while it’s processed.
A homomorphic cryptosystem is like other forms of public encryption in that it uses a public key to encrypt data and allows only the individual with the matching private key to access its unencrypted data. However, what sets it apart from other forms of encryption is that it uses an algebraic system that allows for the performance of a variety of computations/operations on encrypted data.
There are three types of homomorphic encryption. The primary difference between them is related to the types and frequency of mathematical operations that can be performed on the ciphertext. The three types of homomorphic encryption are Partially, Somewhat, and Fully.
- Partially: Only allows a small set of operations on unencrypted data
- Somewhat: Supports select operation (either addition or multiplication) up to a certain complexity, but these operations can only be performed a set number of times
- Fully: Still in development, but has lots of potential. Building upon somewhat homomorphic encryption scheme, it can use both addition and multiplication any number of times and makes secure multi-party computation more efficient. Unlike other forms of homomorphic encryption, it can handle arbitrary computations on ciphertexts.
From a mathematical perspective, homomorphic encryption describes the transformation of one data set into another while preserving relationships between elements in both sets.
The term is derived from the Greek words for “same structure.” Because the data in a H-E scheme retains the same structure, identical mathematical operations, whether they are performed on encrypted or decrypted data, will result in equivalent results.
Back to SHARE Fort Worth
The IBM DE was none other than Michael Jordan. He regaled the story of Banco Bradesco, a Brazilian bank, that — in working with the IBM research teams — ran a proof of concept for H-E. The hardware used for the tests was a z14 LPAR, with 64 cores, 1 TB RAM, and 1.2 TB DASD, running Linux Ubuntu 18.04 LTS. The links to two articles can be found at the end of this paper.
What my research has shown is that whilst H-E is a great idea, it is not a silver bullet to resolve all our data-related security issues. At this moment in time it’s considered slow from a compute time perspective, however the clever people are working on this. Townsend security, a company I have a great deal of respect for (see link below) has an interesting perspective on H-E.
In an era when the focus on privacy is increased, mostly because of regulations such as GDPR, the concept of homomorphic encryption is one with a lot of promise for real-world applications across a variety of industries. The opportunities arising from homomorphic encryption are almost endless. And perhaps one of the most exciting aspects is how it combines the need to protect privacy with the need to provide greater access to data.
I would encourage anyone with an interest in security to do a little research.
Links and References
IBM Banco Bradesco articles:
Further IBM Links:
Some of the other articles: