(1) Why Do We Need Fully Homomorphic Encryption (FHE)?
Beyond static data encryption (where data is encrypted and only the key holder can decrypt it), we further aim to achieve “dynamic data encryption” – allowing a third party to perform computations on encrypted data without being able to access the original content.
That is, we want to achieve: Decode( f( Encode(x) ) ) = f(x)
Using FHE, a special encryption method, we preserve the crucial operational structures (addition and multiplication). That is, there exist pseudo-addition ⊕ and pseudo-multiplication ⊗ such that:
Encode(x) ⊕ Encode(y) = Encode(x + y)
Encode(x) ⊗ Encode(y) = Encode(xy)
Theoretically, any complex computation can be achieved by combining addition and multiplication (since all computations can ultimately be transformed into addition and multiplication gate circuits). Therefore, FHE allows us to directly perform arbitrary computations on encrypted data without decryption.
(2) Why Do We Need Differential Privacy?
Differential privacy aims to counter “Difference Attacks”: even without directly exposing an individual’s data, an attacker might still infer information about individual U by comparing the query results of two databases differing by only one record (e.g., D₁ = D₂ ∪ {U}).
We want to achieve two goals:
· Protect Individuals: It should be impossible to deduce any specific individual’s information from the query results.
· Maintain Utility: The processed results should still possess high statistical accuracy suitable for population analysis.
Main implementation methods include:
· Noise Addition
Query database D₁ to get the true value V₁, then publish R₁ = V₁ + N₁ after adding random noise N₁; similarly for D₂, obtain R₂ = V₂ + N₂. This way, even if an attacker obtains both R₁ and R₂, they cannot determine whether the difference stems from the real data (V₁ vs. V₂) or the noise (N₁ vs. N₂). The magnitude of the noise is determined by the “privacy budget” and “global sensitivity” (the maximum impact a single record can have on the query result).
·Sampling
Independently and randomly sample each record from the original database D with probability p to form a sample database S. Analysts can only query S. The query result F(S) may have a small amount of additional noise added. This way, for neighboring datasets D₁ and D₂, it becomes difficult for an attacker to determine whether the difference in results stems from U ∉ S₁, S₁ ≠ S₂, or U ∈ S₁.
The mathematical expression of differential privacy is:
P[Algorithm(D₁) = S] ≤ e^ε × P[Algorithm(D₂) = S] + δ
This means that in the vast majority of cases (with probability 1-δ), an observer cannot determine whether the original data was D₁ or D₂ based on the output; only in very rare cases (with probability δ) might this guarantee be broken.
(3) What Are the Practical Applications of Cybersecurity?
· Send encrypted medical examination data to a cloud server, enabling the server to perform disease judgment without violating privacy.
· Detect suspicious fund flows or enable outsourced auditing without exposing user privacy.
· More scenarios include secure multi-party computation, privacy-preserving machine learning, etc., promoting the concept of “data being usable but invisible”.
