Privacy and trust – Exploring Homomorphic Encryption – CBX Hackathon
Written by Integration.team
Team “Divergent,” pooling their expertise to address the business case of “Securely liberating high sensitive embassy data!
Every year, the CBX Hackathon beckons employees from i8c, Integration Designers, Archers and Integration.team to step out of their comfort zones and dive into the realm of new technology. This time around, our team embraced the challenge of exploring Homomorphic encryption—a task that promised to be nothing short of exhilarating!
Combining forces, Integration.team and Archers formed the formidable team “Divergent,” pooling their expertise to address the business case of “Securely liberating high sensitive embassy data”. The scenario presented a compelling puzzle: how to effectively manage sensitive political and citizen data within an embassy’s on-premise infrastructure while adhering to regulatory compliance and cybersecurity measures. The crucial caveat was to ensure that no foreign public cloud vendor could gain access to this highly confidential information.
Homomorphic encryption?! Say what now?
When the Hackathon kicked off, our team was determined to break out of our comfort zone and venture into uncharted territories. That’s when Edwin Hurst from Archers stepped up with a unique idea: leveraging homomorphic encryption to tackle the task at hand.
Homomorphic encryption—a term that might sound alien to many—is a cryptographic marvel that unlocks a world of possibilities. At its core, it enables computations to be performed on encrypted data without the need for prior decryption. In simple terms, sensitive data can stay encrypted while still being processed or operated upon.
The true beauty of homomorphic encryption lies in its ability to preserve the confidentiality of information throughout the entire process. When a client requests computation on encrypted data, the execution takes place entirely in the encrypted state, utilizing an encryption key known only to the requesting client. As a result, the server-side never needs to decrypt any of the data, ensuring that all encryption remains securely handled on the client side.
Let’s put it to practice…
Our research quickly led us to the Microsoft SEAL, an open-source cryptographic library developed by Microsoft Research. It is designed to provide a framework for performing secure computations on encrypted data. Specifically, Microsoft SEAL focuses on homomorphic encryption techniques, enabling computations to be performed on encrypted data without the need for decryption.
Our solution was centered around a front-end web application communicating with an Azure Function hosted in the cloud, enabling seamless CRUD operations on blob files stored in an Azure storage account.
Encryption in Action
The front-end web application served as the gateway, facilitating interactions with the Azure Function in the backend. Through this seamless integration, users could easily manage and manipulate blob files stored within the Azure storage account while having peace of mind that their sensitive information remained safeguarded at all times.
Each computation and manipulation performed on the data was conducted entirely in its encrypted state, eliminating the need for traditional decryption that could compromise confidentiality.
This meant that our web application, acting as the gatekeeper, had the power to handle encryption and decryption processes without exposing the actual data. By taking charge of generating encryption keys, we ensured a secure foundation for our system, with the data firmly under the control of the client.
A twofolded role for the protector
The web application’s role as the protector of data privacy was twofold. Firstly, it generated the private and public encryption keys, ensuring that the keys remained exclusively in the hands of the client, untouched by external threats. Secondly, it implemented SEAL encryptors and decryptors, enabling seamless and secure transformations of the sensitive data.
Through this orchestration, our front-end web application established a secure channel of communication with Azure Functions, facilitating the exchange of data while preserving its confidentiality. With homomorphic encryption at the core, our web application performed computations on encrypted data without ever requiring the actual decryption of information—a remarkable feat in data security.
In the end, the Hackathon became a journey of discovery—a pursuit that led us to homomorphic encryption and the realization that solutions often lie beyond the familiar. We left the event with not only a newfound appreciation for this cryptographic marvel but also a commitment to explore and leverage its potential in real-world applications.