View article

Encryption is a well—known technique for preserving the privacy of sensitive information. One of the basic, apparently inherent, limitations of this technique is that an information system working with encrypted data can at most store or retrieve the data for the user; any more complicated operations seem to require that the data be decrypted before being operated on. This limitation follows from the choice of encryption functions used, however, and although there are some truly inherent limitations on what can be accomplished, we shall see that it appears likely that there exist encryption functions which permit encrypted data to be operated on without preliminary decryption of the operands, for many sets of interesting operations. These special encryption functions we call “privacy homomorphisms”; they form an interesting subset of arbitrary encryption schemes (called “privacy transformations”).

As a sample application, consider a small loan company which uses a commercial time—sharing service to store its records. The loan company’s “data bank” obviously contains sensitive informa tion which should be kept private. On the other hand, suppose that the information protection techniques employed by the time sharing service are not considered adequate by the loan company. In particular, the systems programmers would presumably have access to the sensitive information. The loan company therefore decides to encrypt all of its data kept in the data bank and to maintain a policy of only decrypting data at the home office——data will never be decrypted by the time—shared computer. The situation is thus that of Figure 1, where the wavy line …