Learn the vocabulary of computing directly on encrypted data without ever exposing it in plaintext.
0 / 5 completed
1 / 5
At standup, a dev mentions performing computations directly on encrypted data and getting an encrypted result that, once decrypted, matches what the same computation would have produced on the original plaintext, all without ever decrypting the data during processing. What is this technique called?
Homomorphic encryption is exactly this: homomorphic encryption allows computations to be performed directly on encrypted data, producing an encrypted result that, once decrypted, matches what the same computation would have produced on the original plaintext, all without the data ever needing to be decrypted during processing. A hash collision is an unrelated hash-table concept about two keys sharing a bucket. This compute-without-decrypting approach is exactly why homomorphic encryption lets sensitive data be processed by an untrusted third party without ever exposing it in plaintext.
2 / 5
During a design review, the team uses homomorphic encryption to let a third-party cloud provider process sensitive data, specifically because computing directly on encrypted data avoids ever decrypting it on infrastructure the team doesn't fully trust. Which capability does this provide?
Homomorphic encryption here provides Computation on untrusted infrastructure without exposing plaintext, since the data stays encrypted throughout processing and only the party holding the decryption key ever sees the plaintext result. Decrypting the data on the third-party provider's infrastructure before processing it exposes the plaintext to that provider, which is exactly the exposure homomorphic encryption avoids. This compute-while-encrypted behavior is exactly why homomorphic encryption is favored when sensitive data must be processed by infrastructure the data owner doesn't fully trust.
3 / 5
In a code review, a dev notices a data-processing feature sends sensitive data to a third-party cloud provider in plaintext for processing, then relies on the provider's own security controls to protect it, instead of using homomorphic encryption so the provider only ever handles encrypted data. What does this represent?
This is a missed homomorphic-encryption opportunity, since computing directly on encrypted data would let the third-party provider process it without ever seeing the plaintext, instead of trusting the provider's own security controls to protect exposed plaintext. A cache eviction policy is an unrelated concept about discarded cache entries. This send-plaintext-to-a-third-party pattern is exactly the kind of exposure risk a reviewer flags once the provider's trust level is genuinely limited.
4 / 5
An incident report shows sensitive data was exposed in plaintext on a compromised third-party cloud provider's infrastructure, because the data was decrypted there for processing instead of processed with homomorphic encryption that keeps it encrypted throughout. What practice would prevent this?
Switching to homomorphic encryption keeps the data encrypted throughout processing, so a compromise of the third-party infrastructure never exposes plaintext. Continuing to decrypt sensitive data on third-party infrastructure for processing regardless of how limited that infrastructure's trust level actually is is exactly what caused the issue described in this incident. This encrypted-throughout approach is the standard fix once the third-party provider's trust level is genuinely limited.
5 / 5
During a PR review, a teammate asks why the team reaches for homomorphic encryption instead of simply encrypting the data at rest and in transit but decrypting it briefly for processing. What is the reasoning?
Homomorphic encryption keeps data encrypted even during processing, so infrastructure that performs the computation never sees the plaintext at all, while encrypting only at rest and in transit still requires a brief decrypted window during processing where the plaintext is exposed to whatever infrastructure performs the computation. This is exactly why homomorphic encryption is chosen when even that brief processing-time exposure is unacceptable, while at-rest and in-transit encryption remains the lighter-weight, far more common baseline.