Cryptographic expertise not needed to enable computations on encrypted data, says tech giant

Google has open sourced a set of homomorphic encryption tools

Google has released a set of coding utilities that allow fully homomorphic encryption (FHE) operations on encrypted data.

The open source collection of libraries and tools allow computational processes to be carried out on encrypted data without first having to decrypt it, offering security and privacy benefits as a result.

Homomorphic encryption and secure multi-party computation are known technologies. Google’s release is largely focused on refining and making them suitable for wider deployment, rather than reinventing the basis for the technologies.


Catch up on the latest encryption-related security news and analysis


“Our release focuses most on ease of use, cleanly abstracting the various layers of development between design (what the developer is actually trying to do) and implementation (what actually is performed),” a Google spokesperson told The Daily Swig.

“The transpiler offers a glimpse into all of these layers, allowing the combined expertise of the crypto, hardware, logical optimization and distributed computing communities to come together in one place.”

The suite of tools is available on Github.

Use cases: Fully homomorphic encryption

Use cases for homomorphic encryption range from “spell checkers for an email, to updates from wearables, to medical record analysis to, further down the road, things like photo filters or genomic analysis”, according to Google.

“The more sensitive or identifying the use case might be, the more important it is that a developer is able to provide strong guarantees on data handling,” the Google spokesperson added.

No special expertise in cryptography is required to make use of the search giant’s technology, which is geared towards overcoming a lack of crypto expertise amongst developers that has historically held back wider adoption of such tools.


DON’T FORGET TO READ Computer Fraud and Abuse Act: What the ‘landmark’ Van Buren ruling means for security researchers


The trade-off for the privacy benefits of homomorphic encryption is that the mechanism can be more computationally intensive and slower than other methods – an issue not immediately addressed in Google’s release.

“Performance remains a significant barrier (one we continue to work on) and so this won’t be a drop-in replacement for all existing cloud services,” the Google representative explained.

“At the moment, this environment is aimed at well-scoped problems where data sensitivity is critical or where extra compute cost is worth the added privacy benefit.”

Google's approach to fully homomorphic encryption in explained in more detail in a recent white paper (PDF).

Professor Alan Woodward, a computer scientist from the University of Surrey, said Google’s FHE tools might be useful across a wide range of applications.

“What Google appear to be doing is providing tools to enable FHE across a wide range of areas,” he explained.

“Bottom line is that anything where you want the dataset encrypted when in live use, not just encrypted at rest, then FHE could help.”


RELATED GitHub changes policy to welcome security researchers