Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Every privacy-preserving system in production today runs into the same wall: at some point, somebody has to look at the plaintext to do anything useful with it. Your hospital wants to run a tumour classifier on a patient scan, but to call the model the cloud GPU sees the raw pixels. Your bank wants to detect fraud across a million transactions, but the analytics service sees every account number. End-to-end encryption protects data at rest and in transit, and then promptly hands it over the moment a CPU needs to do arithmetic on it. Homomorphic encryption is the tool that closes that final gap — it lets a server compute on ciphertexts and return ciphertexts, never seeing the underlying values. This first task is about feeling the size of the problem before you meet the machinery: why this matters, and why for forty years people thought it was impossible.
Picture three actors: a client holding a secret value , a server that runs a function , and an adversary watching everything in between. Without HE, the only protocols that compute correctly are the ones where sees at some point. With HE, encrypts to get , sends only the ciphertext, and the server returns — which only can decrypt. The adversary watching the wire (and even the server itself, if honest-but-curious) learns nothing about or .
print(scan[:32]) inside classify_tumour — that line is exactly the privacy violation HE is designed to prevent: the server has unrestricted view of the input.classify_tumour. Label every place the scan exists in plaintext. (You should find at least three: client RAM, server RAM, and any logs the model writes.)classify_tumour(scan) with classify_tumour(encrypted_scan) using a normal symmetric cipher like AES. Why does AES not give us what we want here?Use these three in order. Each builds on the one before.
In one paragraph, explain to someone new to cryptography why 'end-to-end encryption' is *not* the same as 'computing on encrypted data,' and why that distinction matters for cloud services like medical imaging or fraud detection.
Walk me step by step through what changes in the client-server interaction when we switch from a plaintext API to an HE-based API. Where does the key live? What does the server see at each step? What new failure modes appear?
Suppose I run a cloud spam filter that today receives email plaintexts. If I migrate it to homomorphic encryption, what *operationally* still leaks (timing, ciphertext size, query rate) even though the message contents don't? Which of those leaks are HE's job to fix and which need orthogonal techniques like ORAM or constant-time evaluation?
// main.go
// A toy 'cloud predict' API call — the privacy bug we want to fix.
// In the world WITHOUT HE, the server sees the patient's data in the clear.
package main
import (
"crypto/sha256"
"fmt"
"math/big"
)
func classifyTumour(scanBytes []byte) string {
// Imagine a real model here. It needs the raw scan to do its job.
digest := sha256.Sum256(scanBytes)
n := new(big.Int).SetBytes(digest[:])
if n.Bit(0) == 0 {
return "benign"
}
return "malignant"
}
func main() {
// Client side
scan := []byte("... 30 MB of pixel data ...")
// This is the line where privacy dies: scan leaves the client in the clear.
result := classifyTumour(scan)
fmt.Println("verdict:", result)
fmt.Println("but the server saw every pixel:", len(scan), "bytes of patient data")
}go run main.go