Researchers from Tokyo University of Science in Japan have developed a faster and cheaper method for handling encrypted data while improving security.
Homomorphic encryption involves performing computations on encrypted data on a single server. While the method is straightforward, it can be computationally intensive.
Secret sharing, meanwhile, is fast and computationally efficient. In this method, the encrypted data, or secret input, is divided and distributed across multiple servers, with each performing a computation – such as multiplication – on its piece of data. The results of the computations are then used to reconstruct the original data.
But such a system can be challenging to deploy in practice due to the need for a fast communications network to allow geographically disparate servers to communicate with each other.
In combining the best of homomorphic encryption and secret sharing, Keiichi Iwamura and Ahmad Aminuddin at Tokyo University of Science devised a computation method where all the computations can be performed on a single server without requiring significant compute power.
The system comprises a trusted third party (TTP), one compute server, four parties that provide secret inputs to the server, and one party that restores the computation result.
The TTP is a neutral organisation that generates random numbers which are provided to the server – also known as shares – and the parties in certain combinations. These random numbers are used to encrypt the data.
Each party then performs a computation with the random numbers and generates secret inputs which are sent to a server. The server then uses the shares and secret inputs, along with new values computed by the TTP, to perform a series of computations, the results of which are sent to a final party that will reconstruct the computation result.
The new method allows for decentralised computation of encrypted data while still performing the computation on a single server.
“In our proposed method, we realise the advantage of homomorphic encryption without the significant computational cost incurred by homomorphic encryption, thereby devising a way to securely handle data,” said Iwamura, who led the study.
The researchers noted that their method could also be modified such that the random numbers generated by the TTP can be stored securely by a trusted execution environment (TEE), which can be a secure area in a device’s hardware, such as a microprocessor. As the TEE takes over the role of the TTP during the subsequent computational process, the speed at which the encrypted data is handled is improved.
Aminuddin noted that the new data encryption method addresses the drawbacks of current practices, adding that it is now “possible to realise faster and more secure computations than conventional methods using secret sharing”.
Industry players have also been working with data encryption for more than a decade. In 2009, IBM pioneered fully homomorphic encryption (FHE), which works by converting readable plaintext data into ciphertext.
The ciphertext is then computed directly while the data and computed results remain encrypted. This can be done in untrusted or third-party environments such as the public cloud, so even if a threat actor manages to access the data while it is being computed, the data and the results would not make any sense.
Only the owner of the data can decrypt the results in a trusted environment using a cipher algorithm. That means, for example, a food app that provides recommendations on nearby restaurants will be able to do so using encrypted location data, with the results readable only on the user’s device.
IBM said interest in FHE has been brewing in recent years with more computational power available today to crunch cyphertext. It has also developed an open source library that can be used to deploy FHE technology, as well as a software development kit that supports use cases such as credit card fraud detection.
Read more about cyber security in APAC
- Cloudflare co-founder and CEO Matthew Prince talks up what has changed since the company’s first business plan was written in 2009 and how it keeps pace with the fast-moving network security landscape.
- Google’s AI smarts and Mandiant’s intelligence on new and emerging threats could lay the foundation of proactive security.
- Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure.
- Sophos has grown its managed detection and response business to more than $100m over the last three years as more organisations grapple with the increasingly complex cyber security landscape.