Homomorphic Encryption and Multiparty Computation
Homomorphic encryption continues to entice cryptographers and academics. But is this technology ready for widespread deployment in enterprise environments? Our CEO and Co-founder Ameesh Divatia contributed his thoughts on the topic in a recent Dark Reading article. Today we continue our Homomorphic Encryption Explored series with a look at how the technology compares to Multiparty Computation.
In my last blog post, I reviewed the key advantages and disadvantages of homomorphic encryption. Central to this entire blog series is the need to implement best security practices without slowing down the speed of business.
In this post, we’ll look at Secure Multiparty Computation (SMPC) as an approach to enable homomorphic properties and its advantages and drawbacks. Let’s first start with a definition.
What is Secure Multiparty Computation? What are its Advantages?
Unlike homomorphic encryption, secure multiparty computation (SMPC) can use an AES cryptographic algorithm, which is considered an industry standard encryption mode, and which has strong properties around privacy and confidentiality. SMPC provides a mechanism to enable computation on encrypted data, without decrypting the underlying values themselves. As a result, data remains encrypted in memory, in process and at rest.
Utilizing this approach, SMPC can be implemented to enforce a security model where the encrypted data and encryption keys are never comingled while computation on the encrypted data is occurring. Another example of SMPC in practice is key splitting or secret sharing, where an encryption key is split into shares so that no attacker has all of the components to reassemble the key in full. Instead, they must guess from billions of combinations to unlock the key.
As a result, SMPC achieves the same homomorphic-like functionality that people clearly desire, but without the performance penalties, data leakage and need for application rewrites that homomorphic encryption brings.
Download the Gartner Cool Vendor Report on Privacy Preserving Analytics
The Drawbacks of SMPC
On the surface, SMPC can seem like a silver bullet solution. Running operations on encrypted data, without decrypting the underlying values, is clearly taking the market by storm. But there are drawbacks beneath the surface that can make SMPC implementation more complex.
First off, SMPC introduces additional architectural components and new methods for computation. It can be difficult to understand and comprehend its inner workings and the protocols for SMPC functionality. In implementing SMPC, you’ll need to establish separate computation and process servlets in order to perform these types of operations.
This creates the need for additional infrastructure, which should be accounted for in your project planning and total cost of ownership (TCO) calculation. That’s not often a consideration that’s immediately recognizable.
There is a Better Way
There are tools on the marketplace today that allow you to run operations on encrypted data without the implementation drawbacks of SMPC or the speed and encryption strength limitations of homomorphic encryption. Think of this as a data abstraction layer, or a managed infrastructure layer. Baffle Advanced Data Protection service offers the data protection benefits of SMPC and functional benefits of homomorphic encryption with an orchestration process that simplifies the complexity of SMPC deployment and integrates seamlessly with key management. This helps make encryption implementation faster and easier, and ultimately, enables a high data protection standard without breaking business process.
Want to learn more? Watch our 90-second video on how Baffle can operate on encrypted data without any application code modifications and still preserve application functionality, or request a demo with one of our experts.
The Whole Series
- The Advantages and Disadvantages of Homomorphic Encryption
- Homomorphic Encryption and Multiparty Computation
Join our newsletter
Schedule a Demo with the Baffle team
Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.
Easy
No application code modification required
Fast
Deploy in hours not weeks
Comprehensive
One solution for masking, tokenization, and encryption
Secure
AES cryptographic protection
Flexible
No impact to user experience