Fully homomorphic Encryption

Fully Homomorphic Encryption (FHE) is a recent cryptographic technology that allows a remote server to compute sensitive data in a privacy-preserving way. For example it can allow a hospital to perform statistics on encrypted input data from patients without knowing it in plain text, with medical confidentiality preserved. The applications of FHE can meet various domains, including multimodal transport.


What is fully homomorphic encryption ?

  • Homomorphic encryption : encryption technique that allows for the performance of some computations directly on encrypted data, without knowing it in plain text ;
  • Fully homomorphic encryption : homomorphic encryption that allows for the performance of (in theory) any kind of such computations.
  • Recent area of research, only theoretical just a few years ago;
  • The increase of the performances of homomorphic encryption is gradually breaking the technological barriers, allowing to scale up and use FHE in real life

 

  • Basic workflow :
    • A user encrypts its data and sends it to a remote server with a big storage capacity (potentially in a dynamic way) ;
    • The user requests a computation on this input data to the server ;
    • The server computes and sends the encrypted result to the user ;
    • The user decrypts and gets the result in plain text;
  • The server knows neither the input data nor the results of its own computations in plain text.

 

 


Some use-cases from a transport context

    • Use-cases for blind searches in a database :
      • Blind search of a driving license number in a blacklist, to check (in a privacy-preserving way) if a user that pretends to share a car has not been blacklisted before.
      • Blind search of an IP address in a blacklist, to check (in a privacy-preserving way) that a connexion to a multimodal transport network is not from an IP address that has been blacklisted before
        (network intrusion detection is important in transport context, as in many areas);
      • In an analogue way, FHE can allow a user to perform a blind search of an e-mail address or any other kind of data in a blacklist

    (a server that performs homomorphic computations on encrypted data is agnostic in the kind of the data in clear).

     

    • Use-case for blind set intersection :
      • Blind computation of an intersection between the interests of a passenger and services provided by a transport company. For instance, a user can search which kinds of restaurants are provided in an airport among the kinds she likes, in a privacy-preserving way.

Real-life aspects and performances

  • Our cluster dedicated to homomorphic encryption technologies uses 10 virtual machines hosted in OVH Cloud ;
  • Performance (focus on the use-case of blind search of an IP address in a blacklist as an example) :
  • 10 000 IP addresses checked in 5-6 seconds.