Re: Working on encrypted data without decrypting it
The idea itself is 30+ years old (apparently) by now, but it's only recently been made more usable by the fact it doesn't take half an hour to perform a single operation.
Fully homomorphic encryption (FHE) is only six years old, and HE wasn't practical before then, regardless of performance considerations. Prior to the invention of FHE, no one had figured out an HE scheme that permitted both addition and multiplication operations, so its applicability was extremely limited. When you can do both addition and multiplication (in GF(2)), you can perform arbitrary computations - because in GF(2) addition is XOR and multiplication is AND, so you can implement any Boolean circuit.
As for how it works, it's actually not conceptually all that difficult. You encode plaintext chunks as polynomials in one ring. Encryption maps them to polynomials in a second ring. Addition and multiplication operations on that second set of polynomials changes them, but as long as you don't do too much of it, you can be sure that when you do the reverse mapping (decryption) you get back to the polynomials that represent those same operations performed on the plaintext.
It's a bit like error-correcting codes based on groups: as long as the error ("noise") doesn't get too large, you stay in the neighborhood of where you want to be.
Typically, for generality, FHE schemes employ "bootstrapping": they do some operations, decrypt, and re-encrypt to clear out the noise. This paper shows how to tweak the settings beforehand, if you know what you might want to do to the encrypted data, so you can avoid that.
At any rate, that's my understanding. I looked at this stuff a bit more closely a few years back, and I've just skimmed this paper.