Advanced Cryptography: new approaches to data privacy

Fully Homomorphic Encryption (FHE) has long been sought after by cryptography researchers. FHE facilitates arbitrary computations on encrypted data, decoupling the process of carrying out computations from the authorization to decrypt the data. This concept was a challenging problem for three decades following the introduction of public key cryptography. However, about 15 years ago, it was demonstrated that FHE is theoretically achievable, leading to a surge of subsequent ideas, improvements, and optimizations.

Currently, FHE is practical for enhancing data privacy in certain situations, such as enabling database searches without disclosing the search query to the database owner. Nevertheless, this does not imply that FHE is scalable; it remains highly computationally demanding, meaning that initial applications often have limited database sizes or search complexities or rely on functionally restricted versions of homomorphic encryption.

Multiparty Computation (MPC) enables a group of participants to collaborate by pooling their data for specific calculations without needing to share the raw data. MPC is increasingly recognized as a protocol for banks and FinTech, facilitating applications such as:

• sealed-bid auctions conducted without an auctioneer
• matching share-trading orders while keeping client positions confidential
• enhancing the privacy of encrypted transaction data by ensuring that no single participant can decrypt them

When implementing an Advanced Cryptography solution such as MPC, it is vital to understand the trust model and confirm that real-world trust relationships align with the mathematical properties of the protocol. For instance, can all participants be trusted to adhere to the protocol without divergence? What if they comply but share data designed to extract insights about others? Each Advanced Cryptography solution is predicated on certain assumptions regarding participant behavior, and if these conditions are not met, security may be jeopardized in unforeseen ways.

Advanced Cryptography encompasses a diverse array of mathematical methods, each varying in complexity, utility, and maturity. This paper does not aim to provide a comprehensive catalog, as the field is still evolving with blurry boundaries. However, it clearly delineates what is not included: it does not focus on enhancing encryption ‘security’ with more advanced mathematics nor does it address new encryption algorithms intended to counter the threat of quantum computing (which is covered in our guidance on timelines for migration to post-quantum cryptography).

The white paper examines emerging forms of cryptography that are being developed in academia and industry to address issues that can’t be resolved merely by encrypting, decrypting, signing, and verifying information. While there are precautionary notes throughout this exploration, we currently lack comprehensive standards and assurance processes that would afford the same level of confidence in the security of these new techniques as seen in more established encryption methods. In an increasingly data-driven world, this new cryptography frontier has the potential to enable more innovative and collaborative uses of datasets without compromising the privacy of individuals’ sensitive information.

Mark O
Head of Applied Cryptography