As homomorphic encryption gains steam, experts search for standards

As homomorphic encryption gains greater traction, practitioners need a set of agreed parameters for implementing the algorithms.
homomorphic encryption

Encryption has always been a battle line in cyberspace. Attackers try to break it; defenders reinforce it.

The next front in that struggle is something known as homomorphic encryption, which scrambles data not just when it is at rest or in transit, but when it is being used. The idea is to not have to decrypt sensitive financial or healthcare data, for example, in order to run computations with it. Defenders are trying to get ahead of attackers by locking down data wherever it lies.

The latest step in homomorphic encryption’s decade-long journey from dream to adoption was a standards meeting over the weekend of representatives from Google, Intel, and Microsoft, along with academics from around the world. While previous meetings focused on the specifics of algorithms, this fourth meeting included more talk of pursuing homomorphic encryption standards at a handful of global bodies, according to Intel’s Casimir Wierzynski, who helped organize the gathering.

The meeting is important because as homomorphic encryption gains greater traction, practitioners need a set of agreed parameters for implementing the algorithms. And the imprimatur of standards bodies like the UN’s International Telecommunication Union or the International Organization for Standardization (two of the groups being considered) could help drive adoption of homomorphic encryption.


But standards move much slower than algorithms, so it is unclear when members of the consortium will put forth a proposal. Wierzynski indicated it could happen organically in the coming months, as industry, academic and government experts on the group’s mailing list trade ideas.

Wierzynski, who is senior director in the artificial intelligence products group at Intel, hailed progress in homomorphic encryption over the last two years. During that time, Microsoft has released an open-source homomorphic encryption library that any developer can use, and Intel and IBM have touted their own plans for homomorphic encryption.

“[T]his technology is becoming not just a mathematical curiosity but actually something that [people] want to put into production,” he said.

Homomorphic encryption’s importance to machine learning is one big motivation for those pushing the encryption’s adoption. It is particularly promising, advocates say, in cases where several different organizations are accessing a common pool of data. One company might own the data while another is running computations with it on a third company’s infrastructure, Wierzynski pointed out.

“Almost every useful AI configuration you can think of is going to be a multi-stakeholder operation,” he told CyberScoop.


Yet despite advances in homomorphic encryption, broad adoption of the technology is still a way’s out. For now, many of the use cases have come from big tech companies with hefty research budgets and from startups with highly-technical expertise in the area.

Wierzynski and other members of the consortium are trying to usher in a new era of homomorphic encryption use by developing standards, getting the algorithms to run faster, and by making the technology more accessible to data scientists.

The consortium also isn’t naïve about the inevitable interest that malicious hackers will show in breaking homomorphic encryption. Saturday’s workshop featured a presentation from researchers at the Royal Holloway University of London exploring automated attacks on the encryption.

Lessons learned from that security research can be incorporated into international standards for the technology, said Kurt Rohloff, co-founder of Duality Technologies, a homomorphic encryption startup, and another organizer of Saturday’s meeting.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts