Homomorphic encryption offload for lightweight devices

What is claimed is: 1. A method comprising: receiving, at an edge node of a cellular network, a first network request from a client device to a cloud platform, the request including unencrypted data; retrieving, by the edge node, a homomorphic encryption (HE) key associated with an identifier of the client device, wherein the HE key is stored in a secure computing environment of the edge node and is synchronized with at least one other edge node in the cellular network; encrypting, by the edge node, the unencrypted data using an algorithm generating homomorphically encrypted data and the HE key; issuing, by the edge node, a second network request to an application programming interface (API) of the cloud platform, the second network request including the encrypted data; receiving, by the edge node, a response from the cloud platform in response to the second network request; and transmitting, by the edge node in response to the first network request, a result to the client device based on the response, the result obtained by decrypting an encrypted output returned by the cloud platform. 2. The method of claim 1 , further comprising generating the second network request by populating a uniform resource locator (URL) associated with the API with parameters included in the first network request. 3. The method of claim 1 , wherein encrypting the unencrypted data using the algorithm comprises executing the algorithm in a secure computing environment. 4. The method of claim 3 , wherein encrypting the unencrypted data using the algorithm comprises accessing one or more keys stored in the secure computing environment. 5. The method of claim 1 , further comprising: receiving one or more HE keys from the client device before receiving the first network request; and sealing the one or more HE keys in a secure computing environment, the one or more HE keys used during the encrypting the unencrypted data and decrypting the encrypted output. 6. The method of claim 1 , further comprising: receiving a third network request to provision one or more HE keys from the client device before receiving the first network request; generating the one or more HE keys in response to the third network request; and sealing the one or more HE keys in a secure computing environment, the one or more HE keys used during the encrypting the unencrypted data and decrypting the encrypted output. 7. The method of claim 1 , wherein receiving a response from the cloud platform comprises receiving the encrypted output as part of the response, the encrypted output generated using an HE operation. 8. The method of claim 1 , wherein receiving a response from the cloud platform comprises: receiving a response URL from the cloud platform; assigning the response URL to the result before returning the result; receiving a fourth network request including the response URL; accessing the response URL in response to the fourth network request; receiving the encrypted output in response to accessing the response URL, the encrypted output generated using an HE operation; decrypting the encrypted output obtain decrypted data; and returning the decrypted data to the client device. 9. The method of claim 1 , wherein issuing the second network request comprises initiating a subscription with the cloud platform and wherein receiving the response from the cloud platform comprises receiving a notification via the subscription. 10. The method of claim 1 , wherein receiving a response from the cloud platform comprises receiving a response code and using the response code as the result, the method further comprising: receiving an out-of-band request for the result from a computing device; confirming that the computing device is authorized to receive the result; obtaining the encrypted output from the cloud platform; decrypting the encrypted output to obtain a decrypted result; and transmitting the decrypted result to the computing device. 11. The method of claim 10 , wherein receiving an out-of-band request for the result from a computing device comprises receiving the out-of-band request from the client device. 12. The method of claim 1 , further comprising: receiving the second network request at a cloud platform; executing one or more HE operations on the encrypted data included in the second network request to obtain the encrypted output; and returning the encrypted output in response to the second network request. 13. The method of claim 12 , wherein executing one or more HE operations on the encrypted data further comprises receiving third encrypted data from at least one other client device and using the third encrypted data in the one or more HE operations. 14. A device comprising: a processor configured to execute program logic at an edge node of a cellular network, the program logic comprising: logic, executed by the processor, for receiving a first network request from a client device to a cloud platform via a secure application programming interface (API), the request including unencrypted data; retrieving, by the edge node, a homomorphic encryption (HE) key associated with an identifier of the client device, wherein the HE key is stored in a secure computing environment of the edge node and is synchronized with at least one other edge node in the cellular network; logic, executed by the processor, for encrypting the unencrypted data using an algorithm generating homomorphically encrypted data and the HE key; logic, executed by the processor, for issuing a second network request to an application programming interface (API) of the cloud platform, the second network request including the encrypted data; logic, executed by the processor, for receiving a response from the cloud platform in response to the second network request; and logic, executed by the processor, for transmitting, in response to the first network request, a result to the client device based on the response, the result obtained by decrypting an encrypted output returned by the cloud platform. 15. The device of claim 14 , wherein the processor is implemented in a secure computing environment. 16. The device of claim 14 , wherein the logic for receiving a response from the cloud platform comprises logic, executed by the processor, for receiving the encrypted output as part of the response, the encrypted output generated using an HE operation. 17. The device of claim 14 , wherein the logic for receiving a response from the cloud platform comprises: logic, executed by the processor, for receiving a response URL from the cloud platform; logic, executed by the processor, for assigning the response URL to the result before returning the result; logic, executed by the processor, for receiving a fourth network request including the response URL; logic, executed by the processor, for accessing the response URL in response to the fourth network request; logic, executed by the processor, for receiving the encrypted output in response to accessing the response URL, the encrypted output generated using an HE operation; logic, executed by the processor, for decrypting the encrypted output obtain decrypted data; and logic, executed by the processor, for returning the decrypted data to the client device. 18. The device of claim 14 , wherein the logic for issuing the second network request comprises logic, executed by the processor, for initiating a subscription with the cloud platform and wherein the logic for receiving the response from the cloud platform comprises logic, executed by the processor, for