Apple, boldly proclaiming that it believes privacy is a fundamental human right, has announced the use of "homomorphic encryption" in its products. This means that a client device (eg, an iPhone) encrypts a query before sending it to a server (eg, Apple), then the server operates on the encrypted query and generates an encrypted response, which the client then decrypts. The server does not decrypt the query or even have access to the decryption key, so the client data remains private throughout the process. I realise that to a lot of people, including regulators and legislators, that must sound like witchcraft.
Homomorphic encryption (HE) is a type of encryption that allows basic mathematical operations (eg, addition and subtraction) on encrypted data so that on decryption the results will be correct. For example, you might encrypt three and seven and send the two encrypted values to a trusted third party. You ask that third party to add them together and send you the result. When you decrypt the result, you get 10. But the third party did not (and could not) know that you sent it three and seven and did not (and could not) know that it sent you back 10! Amazing! It is not witchcraft though, it is mathematics.
HE is amazing, but there is a more advanced form of this encryption known as Full Homomorphic Encryption, or FHE, which is even more astonishing. FHE is capable of performing arbitrary computations and running complex algorithms on encrypted data. While it is more versatile, FHE can be computationally intensive, so research aimed at improving efficiency and practicality for real-world applications is continuing. A high level then, think of HE as being appropriate where specific and limited operations are needed, while FHE is suitable for more complex data processing needs where full flexibility in computations on encrypted data is required.
(As an aside, I first came across HE in in the 1990s when Eric Hughes, author of the cypherpunk manifesto of the early 1990s, wrote about "encrypted open books" using cryptography to perform public operations on private data. This got me interested in the idea of translucent transactions and "glass banks", which I have written about before here, where observers could look through a list of bank deposits and loans to check that the bank is solvent, but not be able to see who the deposit or loans. I had the good fortune to meet Eric for dinner back in 1997, along with John Perry-Barlow, and was fascinated by his clear thinking and practical vision.)
Why is this technology so important to the future of business? Well, we are becoming a data economy, in which the sharing of data is key to economic growth. There is, however, a tension between sharing and privacy. Current data privacy legislation such as GDPR, to take the obvious example, restricts organisations from repurposing data beyond its original intended use without re-obtaining consent from individuals (to safeguard privacy) which limits data sharing among businesses. This impedes economic growth because it privileges the hoards of data in the hands of the Big Tech platforms and raises barriers to competition.
We need data to flow if we are to maximise its benefits for consumers, and for that matter, society as whole. But neither individuals, nor companies, nor governments want private data sprayed around the internet as it is now. We need data sharing, yes, but we also need privacy.
This is as true in the world of financial services as it is in other sectors of the economy. Samantha Barnes, writing in Institutional Banker, identified a number of privacy-enhancing technologies (PETs) that would allow financial institutions the ability to share insights obtained from data without sharing the underling data. These included:
All of these technologies can be combined in interesting ways. See, for example, the Federal Reserve paper on "Data Privacy for Digital Asset Systems" which notes that homomorphic encryption has a variety of benefits when paired with secure multiparty computation to realise the vision of open book accounting and auditing without compromising privacy.
With these technologies now out there in the wild and working, it is entirely possible to imagine a new kind of financial market built from institutions engaging in translucent transactions, serving their customers and working with regulators in a wholly new, and vastly less expensive way. This a very attractive prospect and suggests that new token and defi-based financial market infrastructure (FMI) will help the institutions, their customers and their regulators to operate with (simultaneously) more security, more privacy and more safety.
Homomorphic encryption makes it possible to manipulate encrypted data without revealing the data to anyone at all. An example of how are Apple are using it in iOS 18 is the new "Live Caller ID Lookup", which provides caller ID and spam blocking services. This feature uses homomorphic encryption to send an encrypted query to a server that can provide information about a phone number without the server knowing the specific phone number in the request. It is a simple example that illustrates just what the technology can do.
This is game changing when it comes to providing both privacy and security, with no trade-offs, into the mass market and the technology will undoubtedly form part of the core of future transactional environments. Looking to the future IBM has already implemented full homomorphic encryption using lattice-based algorithms for quantum-computing resistance), so it seems to me to be incumbent on the sector to make these techniques a fundamental part of future products and services. When it comes to data sharing and privacy, we can in fact have our cake and eat it.