Core Concept: Homomorphic encryption.

It turned out to be pretty easy for Yaniv Erlich to identify people who had donated their genomic data to science, even despite researchers’ attempts to make that data anonymous. Erlich, a former computer hacker hired by businesses to test the security of computer systems, only needed his tailor-made computer program and an Internet connection to access publicly available databases. Erlich, though, had no nefarious intentions. As a fellow at the Whitehead Institute for Biomedical Research, his was an academic exercise to show that such privacy systems were flawed. To keep others from repeating his work, however, Erlich omitted some of the necessary steps from his group’s published paper (1). Although this was an unusual omission for a scientific paper, Erlich was concerned that someone could repeat his work and reveal the individuals’ identities, and expose their genomic data—potentially affecting relationships, employability, and insurability. Erlich says the success rate of his technique is about 12% because he was only looking at a partial sequence of men’s Y chromosomes, plus their ages, and where they lived in the United States. But he notes that given growing amounts of genomic information, more and more people’s identities could be revealed. The ways in which Erlich and others have found to uncover individuals’ identities have left institutions little choice but to remove previously published genomic data from the Internet (2) and impose strict limitations on data use (3). Genomics is one of many fields that would greatly benefit from more secure ways to store and share data. An approach called “homomorphic encryption,” still being developed, may help. Homomorphic encryption allows people to use data in computations even while that data are still encrypted. This just isn’t possible with standard encryption methods. The method is called “homomorphic” (or “same form”) encryption because the transformation has the same effect on both the unencrypted and encrypted data. For example, suppose an encryption scheme entailed multiplying numbers by 10 and the decryption entailed dividing them by 10. This encryption is homomorphic for simple addition because 2 + 3 would be encrypted to 20 + 30, and decrypting the answer by dividing by 10 would get to 5, as expected. A standard encryption method, though, might turn a 2 into a smiley face and a 3 into a semicolon. Adding such symbols is nonsensical, making calculations impossible. But there are different degrees of homomorphic encryption, sometimes referred to as “fully” homomorphic compared with “partly.” The above encryption scheme, for example, is only partly homomorphic because it does not work for multiplication. Multiplying 2 by 3 would be encrypted as 20*30, and decrypting the answer, 600, gets you 60, not 6, as desired. Making an encryption scheme fully homomorphic is conceptually straightforward; in the above example, doing so means defining “encrypted multiplication” to include dividing by 10. Making a fully homomorphic encryption scheme secure, however, has been the hard part. When secure fully homomorphic encryption was first introduced as a concept in the literature in 1978 by researchers at the Massachusetts Institute of Technology (4), it wasn’t yet known whether it was even possible. Not until 2009 did Craig Gentry, then a graduate student at Stanford, find a way to do it (5). But that solution, says Kristin Lauter, research manager of Microsoft Research’s cryptography group, was “literally not implementable.” For example, Gentry himself estimated a simple encrypted Google search using his original method would take roughly a trillion times longer than a typical search. As a result, a one-second unencrypted search would take 31,688 years when encrypted. Should it prove feasible, homomorphic encryption could provide much needed security for all sorts of sensitive shared data. Image courtesy of Shutterstock/Lightspring.