Carbon footprint calculation, patient privacy, and machine learning based on sensitive data – thanks to advanced encryption methods like fully homomorphic encryption.

Most have been in this situation before: one of the providers or services we use is a victim of a data breach and we want to determine if our personal user data has been impacted. This is where fully homomorphic encryption (FHE) comes into play. With FHE, the encrypted, personal password is compared against the data set of stolen user data and potential matches are identified without ever revealing the user’s password.

Use cases for this type of privacy-enhancing technology (PET) are numerous. They range from applications in medicine, where third-party service providers can analyze health data without compromising a patient’s privacy, to performing machine learning and AI algorithms on encrypted data, allowing organizations to derive insights from sensitive data sets without exposing the data to potential breaches or privacy violations.

How It Works

Fully homomorphic encryption allows calculations to be performed on encrypted data without having to decrypt it first. Confidentiality is maintained, as even the results are encrypted and can be viewed only with the appropriate decryption key. Further techniques for processing encrypted data are multi-party computation (MPC) and trusted execution environments (TEE).

Mathias Kohler, research manager at SAP Security Research, outlines the differences: “While FHE is the most known of the encryption technologies, MPC is the ideal candidate if working with several parties exchanging encrypted data across company borders. And it can be substantially faster than FHE.” While both are software-based technologies, TEE is hardware-based, which makes it the fastest choice. The downside: TEEs, unlike MPC and FHE, require decrypting the data for processing. While decryption happens in a trusted hardware environment isolated from the operating system, it can allow data leakage via side-channel attacks. Notably, PETs do not need to be considered in isolation and can augment each other. For example, MPC can encrypt and distribute an FHE decryption key, protecting the FHE key and ensuring no single party can decrypt everything.

SAP protects businesses’ applications and data by building, running, and maintaining more-secure operations

Why It’s Relevant

There is a demand for this kind of technology. By 2025, 60% of large organizations will use at least one privacy-enhancing computation technique in analytics, business intelligence, or cloud computing, according to Gartner.

Fully homomorphic encryption has numerous applications, especially in scenarios where privacy and security are paramount, such as secure computation in the cloud, privacy-preserving data analysis, and secure outsourcing of computations. As long as one party is performing the data processing centrally, FHE is the encryption method of choice. FHE enables organizations to share encrypted data with partners or third parties for analysis or monetization purposes while maintaining data confidentiality. This is particularly relevant in industries such as advertising and market research.

Interesting use case scenarios from SAP’s perspective could be secure benchmarking and predictive maintenance.

Secure Benchmarking

Companies often assess their competitiveness relative to industry peers and compare business-relevant KPIs, such as automation rate or return rates, with peers and even competitors. With fully homomorphic encryption, all participating parties can share encrypted KPIs without revealing individual data. As a result, they learn about relevant statistics, such as averages or medians, to assess their relative competitiveness and decide where to improve and invest.

Predictive Maintenance

Predictive maintenance is a machine learning technique to forecast demand for maintenance or spare parts based on historical data. “In certain industries, required data, such as usage patterns and failures, is considered sensitive and is not easily shared with data scientists or maintenance operators,” says Anselme Tueno, senior researcher at SAP Security Research. By computing on encrypted data, however, no sensitive information is revealed while still allowing for the required insights to be gathered for prediction tasks.

Carbon Footprint Calculation with Multi-Party Computation

While it is early days from a product availability perspective, SAP is working on potential use cases with customers and partners. One key example is calculating carbon footprints of products.

Prime examples for complex collaborations are today’s supply chains, intricate networks that encompass various levels of suppliers, manufacturers, and processed goods. Unfortunately, there is often a lack of comprehensive visibility across the entire process – either for technical reasons or because businesses are often reluctant to share sensitive data across supply chains that often include direct competitors.

However, to accurately assess and disclose a product’s carbon footprint, sensitive production details and associated carbon costs for production-relevant parts and materials are required. Here, MPC can reveal only the required carbon footprint without disclosing associated, proprietary manufacturing details with other supply chain participants.

Currently, SAP is working with Bosch on cloud-native software for secure multi-party computation called Carbyne Stack.

“SAP participates in this open-source project and supports the development of Carbyne Stack’s storage and processing services and the deployment of Carbyne Stack on Amazon Web Services (AWS),” Kohler explains. “For Bosch, Carbyne Stack is a type of cloud-native operating system for MPC workloads that manages resources to run as efficiently as possible in multi-cloud deployments.” This effort can help SAP in the long run to integrate MPC as technology into SAP solutions and services while running in a cloud-native environment.

What’s Next?

Despite all the benefits around processing data, encryption introduces significant computational overhead due to the complexity of performing operations on encrypted data. Slow processing speeds, especially for complex operations and large data sets, makes fully homomorphic encryption impractical for real-time applications or large-scale data processing. Although the performance of FHE has greatly improved in recent years, its practical adoption is still limited due to the processing overhead and performance considerations. Ongoing research is focused on the design of FHE-specific hardware accelerators.

“PETs for computing on encrypted data have the power to amplify data-driven business collaborations and reshape the future of cloud computing,” explains Jonas Böhler, senior researcher at SAP Security Research. By safeguarding data, they enable access to previously untapped information while minimizing privacy risks and thwarting data breaches. The future of computing is encrypted.


Follow SAP News on LinkedIn to stay up-to-date