Those boffins over at Microsoft have shown that homomorphic encryption can go beyond theory and have developed a couple of limited proofs of concept. This is the cool part, this kind of encryption goes well beyond what we are thinking of privacy for personal data, if you can processed encrypted data, then over time as it becomes more common and gets into the hands of normal programmers you will soon start seeing everyone adopt this concept. The proof code is the important part, and as MIT’s technology review reports:
Kristin Lauter, the Microsoft researcher who collaborated with colleagues Vinod Vaikuntanathan and Michael Naehrig on the new design, says it would ensure that data could only escape in an encrypted form that would be nearly impossible for attackers to decode without possession of a user’s decryption key. “This proof of concept shows that we could build a medical service that calculates predictions or warnings based on data from a medical monitor tracking something like heart rate or blood sugar,” she says. “A person’s data would always remain encrypted, and that protects their privacy.” Source MIT Technology Review
So this has longer range implications from gaming, to banking, to health care, to even my own startup, if you want to try to keep something safe then you simply encrypt everything and call it good. The problems as always are going to where to keep the keys so that the bad guys can’t get at them. Once you have the keys then life is good, so much for encryption.
This article comes with the usual caveats that it is not quite yet ready for prime time, but now that the way has been shown, we have the ability to build upon it. While the standard reaction to the industry is to have more of something that will keep data safe, the idea that we can encrypt whole movies, songs, and otherwise to keep the little scanners and copiers from ripping movies and dumping them onto the P2P or Bittorrent networks has got to be appealing to people who own IP. If you make it harder to do something then there will be a decrease in whatever you are making harder to do. I know in my startup we have had to address the idea of piracy with our own board and other interested parties, I am sure that our board will bring this article up, what happens if you encrypt everything.
The good news is that it is not yet ready for prime time, and it will probably be years before it really is ready for prime time. I know Amazon Cloud Computing programmers have been working on this same issue for years because it is a major competitive advantage for cloud computing. Everyone in the cloud computing business knows that this addresses a lot of compliance issues that are keeping some industries from exploring cloud technology because they are so heavily regulated. It is also interesting that the first direct words in the article were that this would help the health care industry, of course it would, and that is one of the biggest growth industries in America. Anything that helps or adds something new to buy for an industry as regulated as health care makes sense, and is a potential way to dominate the market. But this kind of technology goes far beyond just simple healthcare, it goes into a lot of content delivery systems, movies, games, music, and most everything else that can be easily digitized and processed.
The downside to this is that it also makes a lot of sense for hackers and nation states to adopt this for their own technology and hacking needs. If the FBI, IFPI, or others simply get a cloud image of encrypted data and no keys, no one is going to easily break into it. Harder to prove that something bad was happening when everything is encrypted. There is a downside to everything, this would be the big one, once hackers have the idea, they can put almost as many resources as Microsoft or others can put on the problem, possibly coming up with a working solution faster than commercial industry.
Related articles
- Encrypted cloud could lead to hack-proof data (slashgear.com)
- Encrypting Data in the Cloud (q-ontech.blogspot.com)
- Data encryption and the Cloud (go.theregister.com)

Gosh, not a single mention of Craig Gentry and IBM? When I heard the analogy using Alice’s gloveboxes, it all started to make sense to me. I watched Craig disagreed with Adi Shamir at RSA 2009 and win the argument, so then I knew he was the real deal.
http://domino.research.ibm.com/comm/research_projects.nsf/pages/security.homoenc.html
Hi Too Tall Sid – thanks for the back links to IBM, they did a lot of interesting theoretical work, but really what matters is the proof. Theory is awesome, but once you develop the POC code, everything takes off from there. That is why it was not mentioned.