What is a homomorphic encryption for laypeople?

TU Graz combines health and movement data in compliance with data protection regulations

Encryption experts from the TU and the Know Center have found a way of combining data from people suffering from Covid-19 with mobile phone movement data in compliance with data protection regulations. In this way, the data could be linked in encrypted form to form a "CoronaHeatMap", which allows conclusions to be drawn about contagion hotspots, as the Graz-based cybersecurity expert Christian Rechberger described to the APA.

The tension between the handling of health data and the protection of privacy is great - especially when it comes to fighting pandemics. From the point of view of Rechberger from the Institute for Applied Information Processing and Communication Technology at Graz University of Technology, data protection and pandemic management are perfectly compatible due to merged data: "However, only if we do not take the path of naive, centrally merged data collection and analysis," he restricted Graz cybersecurity expert.


There are definitely new methods of applied cryptography, such as homomorphic encryption, that can withstand the challenges. This encryption method ensures that confidential data can be processed without having to be decrypted beforehand. In this way, data would remain protected even during processing.

Rechberger outlined the advantage of the technology: "None of the data sources have to copy the data anywhere else, they remain local, registers do not have to be merged centrally, only encrypted calculations are made." Only the results of the study are disclosed. The cryptography specialist and his team have already demonstrated this with their concept of the so-called "CoronaHeatMap": In principle, this application interlocks the mobile phone numbers of Covid cases with the location data of these people from the last few days made available by mobile phone providers. The result of the calculation shows where those who tested positive were before the diagnosis and which regions are therefore heavily affected. This should help the health authority to understand the regional spread of the virus and to take specific effective measures.

The patient data is protected with homomorphic encryption, which allows calculations without decrypting the data. In addition, the movement profiles are summarized so that no individual monitoring is possible. This should also prevent conclusions about individual persons.

Heat map

The finished concept for the "CoronaHeatMap" is available, but it has not yet been used. In general, it should be seen in addition to contact tracing methods, as Rechberger emphasized. It cannot be used for 'contact tracing', since the position data of the mobile operators are not precise enough and evaluations of individual persons or small groups are mathematically excluded for data protection reasons, and it cannot be used to monitor quarantines.

According to Rechberger, setting up a "CoronaHeatMap" would be quickly possible: mobile phone providers and representatives of the health system would have to install the Graz University of Technology program and communicate with each other - accompanied by the Graz University of Technology experts. In any case, according to the Graz researcher, the involvement of the data protection authority would be recommended.

In general, this encryption technology is not yet in use in Austria for evaluating various databases. Unlike in Estonia, for example, where education data and income data have already been evaluated in this way. According to the Graz-based expert, the now planned data collection for pandemic management should take this innovation in the cryptography sector into account. (APA, May 20, 2021)