Frequently Asked Questions

When you’re solutioning around transformative technologies and leading the formation of an entirely new commercial market as we are, you’re bound to encounter some questions. We asked several members of our team to address a few frequently asked questions

What are Privacy Enhancing Technologies and how do you use them?

Privacy Enhancing Technologies, or PETs as they are sometimes called, are a powerful family of technologies that enhance and preserve the security and privacy of data throughout its lifecycle. These technologies are transformational because the capabilities they enable aren’t making something else better; they are making something entirely new possible.

Our ZeroReveal solutions, which leverage one of the pillars of the PETs category, homomorphic encryption, make PETs practical, scalable and performant for real business use cases today. Data is the backbone of the digital economy and we enable organizations to utilize that data for business purposes while ensuring privacy and regulatory barriers are respected.

What is homomorphic encryption?

By its most basic definition, homomorphic encryption (HE) secures Data in Use by allowing computations to occur in the encrypted or ciphertext domain. If encryption is a vault protecting sensitive data, traditional practice requires taking that data out of the vault every time it needs to be used or processed (perform a search, apply analytics/machine learning, etc.). This exposure leaves the data and the operation vulnerable. HE allows these actions to take place within the vault, ensuring the interaction and the corresponding results remain protected.

A focus of research for more than four decades for its transformative potential, computational barriers kept HE relegated to the academic/research arena or some enigmatic government spaces. However, breakthroughs in recent years have now made it practical for a wide-range of commercial and mission applications, delivering HE from exclusive academic darling to commercial game changer. HE is often hailed as the 'holy grail' of crypto for its paradigm-shifting potential to revolutionize how and where organizations can securely and privately leverage data assets.

Do you sell proprietary crypto?

No – and if someone is ever trying to sell you proprietary crypto, we suggest you run in the other direction.

Our breakthroughs are in the utilization of homomorphic encryption. We take those cores HE building blocks, which allow you to either add or multiply in ciphertext, and use them to create products that address real business and mission problems. Our solutions enable users to encrypt a search, analytic, or machine learning model and allow them to be processed without ever decrypting the content of the search or its corresponding results.

Our products can leverage any type of HE – that can, and often does, include open source HE libraries such as Microsoft SEAL.

I’ve read academic research on homomorphic encryption – are you a research firm or an HE library?

Neither actually. We build solutions that creatively and efficiently leverage homomorphic encryption to solve real business and mission problems. In contrast, HE research is focused on advancing the core mathematical HE cryptographic components. We applaud those doing HE research, and view their work as complementary to our work at Enveil.

There is a significant difference between an HE library and an HE-powered solution. You can think of an HE solution as the house, while an HE library is one of the raw materials, like brick or lumber. HE libraries provide the basic cryptographic components for enabling the capabilities and are often created and maintained by HE researchers, but it takes a lot of additional work, including software engineering, innovative algorithms, and enterprise integration features, to get a usable, commercial grade product. Vendors providing HE solutions have already built the house, often leveraging various HE libraries, so while some remodeling may be required to ensure that the solution addresses specific needs, the heavy lifting is done.

Is HE performant enough for commercial use?

When homomorphic encryption was first theorized, it was simply not practical. Performing even the most basic operation in ciphertext would take days and an amount of compute power that made it unreasonable for use at scale. But that is no longer the case. Advances in the underlying HE technology, as well as efficiencies relating to its use that we have pioneered, mean that HE can now operate at the speed of business for a number of use cases. Encrypted searches can be performed over hundreds of millions of data records and returned within seconds rather than days or even weeks (yes, it started out that slow). In fact, commercial and government entities are using HE operationally at scale today. Not working toward using it — actually using it in production environments to solve real problems.

Does your solution protect all my data, all the time?

No, we exclusively focus on protecting data while it's being used or processed, what we call Data in Use. This is different from other common forms of encryption, such as protecting Data at Rest on the file system, or Data in Transit as it moves through the network. You can think of Data in Use as the interaction with the data – we encrypt the search, analytic, or machine learning model itself, as well as the corresponding results throughout the processing lifecycle. Using Enveil, organizations can securely derive insights, cross-match, and search third-party data assets without ever revealing the contents of the search itself or compromising the security or ownership of the underlying data.

Do I need to pool or centralize my data in order to use ZeroReveal?

No, we specifically designed our software to support a decentralized approach to data sharing and collaboration since we know that requirements to move or pool sensitive assets are often deal breakers for our customers. Enveil ZeroReveal allows all participating organizations to retain positive control and ownership of their sensitive data assets at all times. We will never ask you to move data to a centralized data lake or repository, an approach that differentiates us from many of our competitors. We enable customers to perform encrypted processing over data where it is and as it is today.

How does ZeroReveal help customers address regulatory challenges?

In an increasingly regulated ecosystem, data sharing limitations often impede critical business functions and restrict data sharing and collaboration across jurisdictions and between organizations. By never decrypting searches, watchlists, or analytics during processing, Enveil ZeroReveal allows entities to securely and privately share and collaborate while retaining positive control of their data assets. Enveil allows this collaboration to occur in a secure, decentralized manner while protecting organizations against the risk of data breaches, regulatory penalties or brand and reputational damage.

Do I need to re-encrypt my data in order to use ZeroReveal?

Nope. Enveil is built to enable encrypted processing over data wherever it sits – in the Cloud, on Prem, or in a third-party data repository. Enveil sits above the data, allowing organizations and jurisdictions to maintain control of their data assets while leveraging existing storage methods, access, and audit controls. Enveil ZeroReveal is a lightweight, proxy-layer software system designed to work at the speed of business within existing customer workflows. The deployment model is optimized for highly distributed, decentralized multi-party, or hybrid cloud deployments.

How is ZeroReveal used in the federal space?

Most of our federal work centers around enabling users to perform trusted compute in what they consider to be untrusted locations. By keeping search terms, analytics, and machine learning models encrypted during processing, Enveil allows operators and analysts to securely derive insights, cross-match, and search untrusted data assets. This can be done across multiple data sources – even when using sensitive or classified indicators. Enveil protects not only the content of the interaction, but also the interests, intent, and TTPs of the party performing the search or analysis. This allows data to be leveraged in ways that were never before possible for use cases such as secure cross-domain and tactical edge collaboration.

Privacy Enhancing Technologies Myths & Misconceptions

To continue building a shared understanding of this increasingly visible, transformational family of technologies, let’s address some common myths and misconceptions about Privacy Enhancing Technologies, also known as PETs.

Myth #1: PETs aren’t ready for prime time

The PETs category includes technologies that protect, preserve, and enhance data throughout its processing lifecycle — technologies that have been studied deeply for decades. Homomorphic encryption (HE), for example, became broadly recognized thanks to research published by Craig Gentry in 2009. The timing of the story is similar for secure multiparty computation (SMPC) and trusted execution environments (TEEs). What has changed more recently is the practicality of their broad use at scale. Breakthroughs largely driven by market need and motivation have firmly taken these technologies from the realm of research to commercial readiness. These advances are being driven by a growing ecosystem of VC-backed startups, well-funded research components of global organizations, and academia.

There are a number of great examples of PETs being implemented at scale today. They are enabling cross-jurisdictional data sharing for Know Your Customer screenings and fraud investigations. They are allowing organizations to privately leverage third-party data assets without pooling or replicating data. They are facilitating more accurate risk assessment modeling by expanding the number of accessible data sources. They are protecting sensitive indicators and speeding time to value for applications at the processing edge. In short, PETs are making entirely new things possible across a growing number of industries by overcoming regulatory, organizational, security, and national boundaries to accommodate secure data usage and collaboration in ways that are not otherwise possible.

Myth #2: PETs protect Data In Use, At Rest, and In Transit

The power of PETs lies in their ability to protect data while it's being used or processed — when searches, analytics, and machine learning models are being run over data to extract value. This is different from, and complimentary to, other traditional measures that protect Data at Rest, such as in the file system or database, or Data in Transit as it moves through the network. While there are many effective, established solutions for protecting Data at Rest and Data in Transit, if organizations want to be able to safely and privately extract value from data assets, these traditional protection strategies are not sufficient. Further, PETs do not replace existing solutions protecting Data at Rest and in Transit; they work alongside them to protect the final segment of the data triad, Data in Use.

Myth #3: The individual technologies within the PETs category are competitive

In an emerging category like PETs, there is a tendency to pit technologies against each other to evaluate which technology reigns supreme. The reality is that these technologies each offer unique attributes and choosing the right ones depend entirely on the use case requirements, infrastructure, and the desired level and type of protection. PETs can, and often do, work together. For example, organizations can use a SMPC capability that leverages HE and vice versa. Or, SMPC and HE techniques can be leveraged in conjunction with a TEE. Organizations looking to utilize PETs should explore all the options available and educate themselves to determine the best fit. Commercial PETs companies, regulatory bodies, industry consortiums, market analysts, researchers, and other third-party groups have a role to play in these efforts to build awareness and enhance understanding. Likewise, those working in PETs space need to recognize and embrace the role we play in educating the market, in helping differentiate the technologies and explaining their often complementary nature, and do so in a way that acknowledges that the adoption of any and all PETs will best serve to address global privacy challenges.

Myth #4: PETs research = PETs commercialization

PETs have a long and rich research history and, as such, many PETs are part of an active ecosystem which includes open source research libraries and algorithms. While it is fantastic to have a research foundation upon which to build, it is also important to remember that these elements are not ready-to-use commercial offerings. For example, HE libraries provide basic cryptographic components, but organizations leveraging them must dedicate engineering, algorithmic, and integration resources in order to mature the basic building blocks into viable, enterprise-grade solutions. Likewise, SMPC libraries offer basic algorithms and TEEs are built into many chips and cloud environments today, however, there is much work and deep expertise required to take these fundamental elements and build practical, commercial offerings to protect Data in Use at scale. That’s the value that commercial PETs software providers bring to the table: deep PETs knowledge and off-the-shelf capabilities that are ready to deploy and use today to solve real problems. The open source research landscape is an awesome tool for advancing innovative technologies and the PETs category has certainly benefited from the efforts of numerous contributors. But, these PETs research efforts are just the beginning of the story. Commercial solutions advance and give these research efforts the ‘wings’ required to add real, measurable value.

Answers From Our Team

Members of our team to weigh in on frequently asked questions about Privacy Enhancing Technologies and our homomorphic encryption-powered solutions.

Homomorphic Encryption
Myths & Misconceptions

There can be a lingering degree of skepticism about whether homomorphic encryption is ready for broad commercial use. We’re tackling four common misconceptions about HE that should be considered by anyone interested in utilizing this transformative technology.

Myth #1: Homomorphic Encryption Is Not Ready For Commercial Use

When homomorphic encryption (HE) was first theorized, it was simply not practical. Performing even the most basic operation (something as simple as 1+1) in ciphertext would take days and an amount of compute power that made it unreasonable for any broad applicability. But that is no longer the case. Advances in the underlying technology, as well as efficiencies relating to its use, mean that HE can now operate at the speed of business for a number of use cases.

Encrypted searches can be performed over millions of data records and returned within seconds rather than days or even weeks (yes, it started out that slow). Commercial and government entities are using HE operationally at scale today. Not working toward using it, but actually using it in production environments to solve real problems. One of the areas where early adopters have emerged is the financial services industry, for anti-money laundering applications.

Myth #2: Working with Homomorphic Encryption Means Everything Needs to be Encrypted

Homomorphic encryption uniquely enables encrypted processing, allowing encrypted searches/analytics to be performed over both encrypted and unencrypted data. While HE-encrypted operations can be run over encrypted data, in many use cases, that level of protection is unnecessary. Take, for example, investors performing research to inform decision-making regarding a possible merger or acquisition. They likely turn to standard industry tools, including data aggregators, for the most current information available. Is the underlying data within these third-party environments sensitive? Not at all — investors just need to tap into existing information to learn about the company and its market positioning.

However, is the content of the search and reason behind the query sensitive? Absolutely. Exposing interest in a specific company could expose intent, potentially signaling to other interested parties and jeopardizing the investor’s bargaining power.

Myth #3: To Collaborate Using Homomorphic Encryption, Data Needs To Be Pooled

One of the most exciting use cases for HE is in the area of secure data sharing and collaboration. By allowing third parties to securely and privately work together, HE enables collaboration that was not previously possible. One of the key elements that has prevented such efforts from moving forward in the past is the need to pool sensitive data assets in order to make them accessible to a collective group. This is impractical for a number of reasons, at the core of which is an understandable unwillingness of organizations to increase their own risk and liability by giving up ownership of their assets.

While some implementations of HE suggest data must be pooled and encrypted in a centralized location, it is rarely practical or desirable. When HE is used specifically to protect the interaction with the data (i.e. the query or analytic), it can be done in a decentralized manner that allows all contributors to maintain control and ownership of their data assets.

Myth #4: A Homomorphic Encryption Library Is A Homomorphic Encryption Solution

While it can be confusing for those unfamiliar with the space, there is a significant difference between an HE library and an HE-powered solution. Think of it this way: an HE solution is the house; HE libraries are the raw lumber.

Homomorphic encryption libraries provide the basic cryptographic components for enabling the capabilities, but it takes a lot of work including software engineering, innovative algorithms, and enterprise integration features to get to a usable, commercial grade product. Companies who build and maintain these libraries do so via research teams. Vendors providing HE solutions have already built the house and often leverage HE libraries — while some may require remodeling to ensure the product addresses specific needs, the heavy lifting is done. When investigating offerings in the space, it is important organizations know what they are getting: raw building blocks, plans, or a house.

Request a Data Sheet

Interested in learning more about one or more of the use cases above? Let us know.
Enveil is a pioneering Privacy Enhancing Technology company protecting Data in Use. Enveil’s business-enabling and privacy-preserving capabilities for secure usage, collaboration, and monetization protect data while it's being used or processed – the 'holy grail' of data encryption. Defining the transformative category of Privacy Enhancing Technologies (PETs), Enveil’s homomorphic encryption-powered ZeroReveal® solutions allow organizations to securely derive insights, cross-match, search, and analyze data assets without ever revealing the contents of the search itself or compromising the security or ownership of the underlying data.
Copyright © 2022 Enveil