Tuesday 5 September 2023

On Homomorphic Encryption

Probably, one of the most exciting recent developments in the field of cryptography is the emergence of homomorphic encryption which is a type of encryption that allows computations to be performed on encrypted data while it remains encrypted, in other words, without the need to decrypt it first. This means that sensitive data can be kept confidential while still being used by third-parties.

This is achieved through the use of special encryption algorithms that preserve the mathematical structures of the plaintext data, allowing meaningful computations to be performed on the encrypted data while preventing unauthorized access to the actual plaintext data (which is never exposed and remain secure).

This technology is particularly useful in situations where privacy and security are of great importance, such as in the healthcare industry, where patient data must be kept confidential, or in financial services, where sensitive data such as bank account information needs to be processed securely. 

In traditional public key cryptography, the encrypted data cannot be used in any meaningful way without first decrypting it. This means that sensitive data must be available in plaintext on computer systems, which can be a significant security risk.

Overall, homomorphic encryption is an exciting development that has the potential to revolutionise the way we handle and process sensitive data. However, homomorphic cryptography is still in its early stages, and its practical implementation is not feasible yet because it requires significant computing resources which limits its application to certain use cases. 

I hope that quantum computation can provide significant speed advantage and solve some this problem and make homomorphic practical and widely used.  However, it is still a long way to build large-scale quantum computers.

The transition process of UK industry to post-quantum security would certainly require several steps to be taken:

  1. First of all, we need to raise awareness and provide education to encourage organizations to recognize the need for post-quantum security. Therefore, a good understanding of the risks and potential consequences of not transitioning to post-quantum security is key.
  2. Full evaluation of the organization's current security infrastructure and assess the potential impact of switching to post-quantum security, which will surely help organizations to identify their most critical systems and data that need to be protected.
  3. Organizations need to adopt post-quantum cryptographic technology to ensure their systems and data are secure against quantum attacks. They can work with technology vendors, standards bodies, and research institutions to identify the best post-quantum cryptographic implementations that fit their needs with a vision of a secure adoption of post-quantum technology.
  4. Post-quantum cryptographic standards need to be developed and adopted so that organizations follow the same security practices, resulting in an easier interoperability and a significant reduction of the risk of fragmentation. Thus, development of standards is mandatory.
  5. When it comes to implementation it has to be done gradually so that disruption can be minimised. Basically, this implementation can be completed to address specific areas of vulnerability prioritising based on risk assessments.
  6. Both the new and old cryptographic algorithms need to be tested to ensure that they are well-implemented and secure. Organizations need to build trust in the new mechanisms and provide a smooth transition to post-quantum security.
  7. The transition to post-quantum security will require collaboration between the government, industry, academia, and research institutions. Only by working together can we ensure that the transition is successful and also secure to use it at large scale. 

What else needs to happen to transition UK industry to post-quantum security? 

No comments:

Post a Comment

Let me know any remarks or questions you may have. Please write down your name.

HELLO, I'M PERCY REYES! — a book lover, healthy lifestyle lover... I've been working as a senior SQL Server Database Administrator (DBA) for over 20 years; I'm a three-time awarded Microsoft Data Platform MVP. I'm currently doing a PhD in Computer Science (cryptography) at Loughborough University, England — working on cryptographic Boolean functions, algorithmic cryptanalysis, number theory, and other algebraic aspects of cryptography. READ MORE