Fully Homomorphic Encryption (FHE) is known as the holy grail of cryptography. It allows arbitrary computation over encrypted data. In other words, by encrypting your photos with FHE before storing them in Google Photos, Google would still be able to process the encrypted photos to automatically order them and notify you with cute montages, but Google would not be able to see the photos themselves.
Advantages
- Users can keep their privacy, while being able to enjoy a service they appreciate.
Limitations
- FHE tooling is still nascent, and FHE has particularly poor performance. It often requires being optimised by running on a GPU. Significant improvements have been made in this field (notably by Zama and researchers around the world), however it is not production-ready for general-purpose applications yet. Unlike Fully Homomorphic Encryption in particular, homomorphic encryption in general is already used across various markets for specialised applications (e.g., the official French Expats online voting portal is based on Belenios, which uses homomorphic encryption).
- FHE is not verifiable. In the example of Google Photos, users would need to trust that Google’s server is honest in its implementation of FHE. A malicious server can leverage the lack of integrity to carry out interactive key-recovery attacks that would destroy the privacy guarantees. Work is being done to improve this situation, often relying on combining FHE with ZKPs (ZKPs are verifiable), but it is still at the research level (e.g., Verifiable FHE).
Can it be useful for our requirements?
- Since we are focusing on social apps that are predominantly used for exchanging information and opinions, rather than those designed for maintaining personal relationships or sharing personal life details, these information and opinions are not meant to be encrypted. They are instead expected to be publicly widespread (such as on Reddit). Instead of encryption, we are more interested in anonymity—making sure the unencrypted opinions cannot be correlated back to originating from a specific public individual. This anonymity feature can be provided by ZKP, not FHE.
- As a result, FHE is not useful for our goal. Even if our product evolves to provide the option for users to restrict who can see their posts or for users to send direct messages, in which case encrypting these posts or messages could eventually make sense, using other classic e2e methods would probably be enough.
- It is however, great to keep in mind, as it could be an eventual building block.
