Today, we are immersed in a data-driven era, from wearable devices and IoT systems to AI-driven analytics and real-time sensor data.
This ecosystem fuels innovation, automation, and decision-making and research undertaken by Gartner shows that organisations that share data generate three times the economic value of those that don’t. Yet, this surge in data creation raises a critical challenge: How can organisations securely harness the power of data while protecting privacy?
Current data protection methods encrypt information at rest and in transit. However, the third state of data - when it’s in use – remains exposed, allowing vulnerabilities that attackers exploit. As cyberattacks increase in frequency and sophistication, safeguarding data during computation is no longer optional. Without adequate protection in this state, organisations face heightened risks of breaches, data theft, and reputational damage.
This issue is particularly pressing in the context of artificial intelligence (AI) and other data-intensive operations. Gartner reports that nearly 30% of enterprises deploying AI have experienced an AI-related security breach. These breaches often occur during critical stages like model training or inference, where sensitive information is processed without robust safeguards.
The vulnerabilities in protecting data during computation threaten sensitive information and erode trust in AI systems and their outputs.
Traditional solutions, such as Trusted Execution Environments (TEEs) and confidential computing, aim to secure data in use but fall short. TEEs, for instance, rely on intricate "roots of trust" that are inherently difficult to secure and validate. Vulnerabilities such as speculative execution and side-channel attacks further expose gaps in these approaches, leaving critical data at risk of exploitation.
PEC Solutions
The Huawei Intelligent World 2030 report emphasises the urgency of addressing these shortcomings and highlights the role of privacy-enhanced computing (PEC) technologies as the foundation of future digital ecosystems. According to the report, by 2030, more than 50% of computing scenarios will rely on PEC solutions such as Fully Homomorphic Encryption (FHE).
This global trend reflects the growing demand for “privacy by default” approaches as consumers, industries, and regulators prioritise secure and trustworthy data practices.
FHE enables secure computations on encrypted data without exposing sensitive information. Unlike traditional methods that decrypt data during processing, FHE ensures data remains encrypted throughout its lifecycle, providing mathematically guaranteed security and quantum-proof encryption.
With FHE, computations are performed directly on encrypted inputs, and the results remain encrypted until decrypted by an authorised key. This groundbreaking capability transforms how organisations can approach data privacy, making it possible to analyse sensitive information securely.
FHE aligns with the predictions outlined in the Huawei report by enabling organisations to operate in trusted environments, even as they process massive amounts of sensitive information in increasingly complex digital ecosystems.
Real-World Impacts of FHE
The June 2024 Tile data breach illustrates how FHE could prevent significant security incidents. In this breach, attackers accessed sensitive customer data, including names, addresses, contact information, and Bluetooth tracker device IDs, which are often tied to personal belongings. The association of device IDs with customer information allowed attackers to potentially trace valuable items, presenting serious privacy risks.
FHE could have protected this data by enabling Tile to perform necessary operations - like user notifications - without decrypting sensitive information. With FHE, computations could occur directly on encrypted data, preserving privacy even if the database was breached.
Personal details would remain fully encrypted, rendering the stolen information useless to attackers, as FHE only allows access through specific decryption keys. This approach would have maintained user privacy and eliminated vulnerabilities that contributed to the breach.
Such scenarios underscore the need for a technology like FHE to safeguard data by eliminating vulnerabilities inherent in traditional methods.
Above: Data in use - a comparison
Why FHE Matters
The exponential data growth - projected to exceed yottabytes annually by 2030 - necessitates a fundamental shift in how sensitive information is managed and secured. As the volume and complexity of data increase, traditional encryption methods fall short in providing comprehensive security, particularly during data processing.
FHE enables transformative possibilities across diverse industries:
- In healthcare, FHE allows institutions to analyse patient data securely, paving the way for advanced diagnostics, personalised treatments, and improved patient outcomes. Researchers can perform complex studies on encrypted datasets without exposing sensitive personal health information, ensuring compliance with strict privacy standards like HIPAA while accelerating medical innovation.
- In finance, FHE empowers organisations to conduct fraud detection, risk assessments, and secure transactions without decrypting sensitive data. Financial institutions can securely collaborate across borders, analysing customer behaviour and market trends on encrypted datasets. This capability mitigates the risks of data breaches and ensures compliance with stringent regulatory requirements, such as GDPR and PCI DSS.
- In artificial intelligence and machine learning, FHE facilitates the training of models and the extraction of insights from encrypted datasets. Companies can develop algorithms that process proprietary or sensitive data without exposing it, enabling the creation of AI systems that respect privacy while driving innovation. For example, FHE can support privacy-preserving AI in consumer applications, such as virtual assistants, or in critical fields like national security.
- These applications reflect a broader global shift toward “privacy by default.” Regulatory frameworks like GDPR, CCPA, and emerging legislation worldwide demand greater accountability for data protection.
Additionally, consumer awareness of privacy issues has surged, driving demand for technologies that ensure trust and security. FHE positions organisations to meet these expectations, enabling them to leverage data’s full potential while adhering to privacy standards and fostering consumer confidence.
Hardware acceleration
Historically, FHE faced performance barriers that limited its scalability. However, advances in hardware acceleration are closing the performance gap, enabling FHE to handle real-time applications.
Hardware-accelerated FHE solutions are coming to market to power secure data processing in sectors where speed and privacy are critical. These innovations will make FHE accessible to organisations of all sizes, unlocking large-scale applications in secure analytics and machine learning.
By 2030, privacy-enhancing technologies like FHE are expected to underpin more than half of all computing scenarios, according to Huawei’s Intelligent World 2030 report. This vision includes AI-powered medical breakthroughs, fraud-proof financial systems, and privacy-centric IoT ecosystems.
FHE’s cryptographic guarantees and hardware-accelerated performance position it as a cornerstone of this future. By integrating FHE into their systems, organisations can protect sensitive data without sacrificing functionality or innovation.
The Path Forward
As we begin to plan for the post-quantum data world, the limitations of traditional security measures are clear. FHE offers a revolutionary approach to data privacy, enabling secure computations at scale. In Gartner’s July 2024 Privacy Hype Cycle report, homomorphic encryption is expected to be transformational in the next 5-10 years.
For engineers, developers, and decision-makers, FHE represents a shift toward responsible computing - where innovation and security go hand in hand.
By adopting FHE, organisations can unlock the full potential of their data while upholding the highest standards of privacy and trust.
Author details: Jorge Myszne, Chief Product Officer, Niobium
- Niobium is developing dedicated hardware acceleration capable of advancing fully homomorphic encryption (FHE) into the mainstream.
