Could they use a homomorphic encryption scheme where it's still possible to verify a hash without getting access to the encrypted data?