Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday July 01 2015, @04:04PM   Printer-friendly
from the hi-ho,-hi-ho dept.

The cryptography behind bitcoin solved a paradoxical problem: a currency with no regulator, that nonetheless can't be counterfeited. Now a similar mix of math and code promises to pull off another seemingly magical feat by allowing anyone to share their data with the cloud and nonetheless keep it entirely private.

On Tuesday, a pair of bitcoin entrepreneurs and the MIT Media Lab revealed a prototype for a system called Enigma, designed to achieve a decades-old goal in data security known as "homomorphic" encryption: A way to encrypt data such that it can be shared with a third party and used in computations without it ever being decrypted. That mathematical trick—which would allow untrusted computers to accurately run computations on sensitive data without putting the data at risk of hacker breaches or surveillance—has only become more urgent in an age when millions of users constantly share their secrets with cloud services ranging from Amazon and Dropbox to Google and Facebook. Now, with bitcoin's tricks in their arsenal, Enigma's creators say they can now pull off homomorphically encrypted computations more efficiently than ever.

http://www.wired.com/2015/06/mits-bitcoin-inspired-enigma-lets-computers-mine-encrypted-data/

[Paper]: http://enigma.media.mit.edu/enigma_full.pdf


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Justin Case on Wednesday July 01 2015, @05:58PM

    by Justin Case (4239) on Wednesday July 01 2015, @05:58PM (#203868) Journal

    I can usually grok crypto stuff -- not to the level that I'm going to write my own, or spot NSA-introduced math flaws -- but I can usually get how it is advertised to work and how to deploy it. I even think I have a fairly good grasp of the Bitcoin blockchain concept.

    But I cannot figure out what these blokes are on about. Anyone?

    They give an example of splitting my age into 10 parts and storing them all over. So a credit card firm wants to do a mass mailing: SELECT SUCKER WHERE AGE > 18 and my record comes back. Hrm, I think they know something about my age now, no? A few more SELECTs and they could pretty much pin it down, no?

    But this sounds slightly like something that's been on my impossible-wish-list for some time now. I have this quaint idea that data about me belongs to me.

    So suppose I want to buy something from Amazon but I don't want them sharing my mailing address with 200 junk mail firms. (I'm not saying they would, this is just an example.) I'd like to give Amazon a URL which resolves to an encrypted representation of my address. The web site/service requires authentication, so only Amazon can fetch the URL, subject to permissions I can change any time ('cause it's my data, remember?). But if they fetch the URL and decrypt it they have my address and now the data is out of the bag. I want it to stay opaque to them even as they use it the one time I've authorized. (If I buy again, I may authorize them to use it one more time.)

    Does this get us any closer to that?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Wednesday July 01 2015, @06:38PM

    by Anonymous Coward on Wednesday July 01 2015, @06:38PM (#203884)

    Maybe yes. maybe no. Maybe yes and no. Maybe yes or no.

  • (Score: 2) by RobotMonster on Wednesday July 01 2015, @06:58PM

    by RobotMonster (130) on Wednesday July 01 2015, @06:58PM (#203898) Journal

    Does this get us any closer to that?

    Nah. Never going to happen. Once Amazon has decrypted the data, the cat is out of the bag - as you said. Nothing can be done about that, except not giving Amazon decryptable data in the first place, but somebody still needs it otherwise who can deliver your package?
    If Amazon has been paid, they could happily "deliver" their package to (say) FedEx, with instructions of deliver to this encrypted address. Amazon won't know where its going, but FedEx would. Somebody needs to know, otherwise how can they deliver it? At that point it's pretty hard to ensure there isn't a digital trail to connect all the dots.

    But you know, Amazon still needs to be paid, so you'd need a middle-man to hide the fact that you've bought Justin Bieber CDs. I guess this is where the psuedo-anonymous nature of bitcoin would come in. Does Amazon accept bitcoin? If you're after Justin Beiber CDs, I'd recommend a VPN, a torrent client, and a lobotomy.

  • (Score: 4, Informative) by VortexCortex on Wednesday July 01 2015, @07:27PM

    by VortexCortex (4067) on Wednesday July 01 2015, @07:27PM (#203918)

    I cannot figure out what these blokes are on about. Anyone?

    Homeomorphic encryption will, in theory, allows you to encrypt some data and send it to a second party; Then, while still encrypted the second party can perform computation with the encrypted data as input and with a new encrypted payload as output.

    For example, imagine a blob of data. Now imagine that the task I want done is to sum two fields of the blob and store the result into a third region. With unencrypted data this is a simple operation in computer science. Simply load the values, sum them (modulo some word size, such as the field size or CPU's word size), then store the values. For this example let's use a very simple encryption: A one time pad. Let's say all data in the blob has a uniform field width (bit length). We populate a one time pad with random bits. This OTP can be seen as as a "biased" version of "zero" for the entire blob. To encrypt the blob, we simply add each field of data to the corresponding OTP value (modulo data field capacity). To decrypt we take the ciphered blob and subtract the OTP values (modulo data field capacity). Now say you store the number 25 into a field and let's say the fields are modulo 8bits (0-255 decimal). Let's say the corresponding OTP value is 253, so to encrypt it we do the following:
    (25 + 240) % 256 = 9;
    (where % is an unsigned modulus, thus "n % 256" is like an unsigned "n & 255" in C, so, 25 + 240 = 265; 265 % 256 = 9.
    Now, let's say I want a 2nd party to do the work of adding the value 17 to this field. They don't know what my input value is, it could be any value 0-255, but it doesn't matter, they perform the operation:
    (9 + 17) % 256 = 26
    This value can be stored back into the same register. Now the 2nd party has done work without knowing what the input data was. When we get our modified blob back we decrypt it:
    (26 - 240) % 256 = 42;
    Indeed 17 + 25 = 42;
    This is a (vastly simplified) form of homeomorphic encryption. It takes increasingly complicated mathematics to perform addition by an arbitrary fields or multiplication on two fields, typically requiring storage in a different format than the "positive biased zero" one time pad I explained above.

    • (Score: 2) by Justin Case on Wednesday July 01 2015, @07:43PM

      by Justin Case (4239) on Wednesday July 01 2015, @07:43PM (#203936) Journal

      OK, thank you, that at least I can follow.

      Is it any good for anything beyond simple arithmetic... which you wouldn't "outsource" when you can do it yourself for way less than the cost of the crypto?

      This seems like it might be headed toward massively parallel protein folding or some such thing, where I don't want "the cloud" to patent my new drug before I can, but I want "the cloud" to do the work for me.

      • (Score: 2) by No Respect on Wednesday July 01 2015, @08:55PM

        by No Respect (991) on Wednesday July 01 2015, @08:55PM (#203959)

        I have seen an application of this as a component of an online voting system. People submit encrypted ballots and the server is able to tally the ballots without being able to see the details of each ballot individually. The computational requirements are relatively heavy. There are also probablistic tests that can be run to verify the authenticity of the submitted ballots. I probably have some of the terminology wrong here, but that's the general idea. Each run of the tests provides an indication that the results are correct with 51% probability. After a significant number of runs one can say with high probability that the results are mathematically correct.

        • (Score: 0) by Anonymous Coward on Thursday July 02 2015, @01:39PM

          by Anonymous Coward on Thursday July 02 2015, @01:39PM (#204227)

          But couldn't you reveal the content of a ballot by simply running the whole algorithm on that single ballot, and then looking who won that one-voter "election"?

    • (Score: 3, Informative) by VortexCortex on Wednesday July 01 2015, @07:58PM

      by VortexCortex (4067) on Wednesday July 01 2015, @07:58PM (#203944)

      OTP value is 253

      Oops, should be 240, I changed the example but forgot that part.

      Also the division of labor is sometimes used in "homeomorphic encryption" in order to leverage this the buzzword by proving that multiple parties alone do not know what the data is. In my purist view true homeomorphic encryption needs no division of labor to ensure the data remains encrypted while the 2nd party / parties are processing it, as the example above demonstrates is possible. Discovering a uniform and efficient storage and encryption method for data fields that allows any operation is an ongoing puzzle. It seems TFA researchers haven't cracked the nut just yet, but have applied a hive organization in order to provide work checking and division of labor. In some (older, and experimental newer) distributed online game networks a similar approach is sometimes used with star network topology -- The client reporting significantly divergent values than the group's redundant processing is disconnected for cheating.

      I wouldn't trust my data to such schemes yet, the field of homeomorphic encryption is still in its infancy, and the general wisdom to "Never be an early adopter" applies. For another example of a distributed division of labor attempting to provide forced ignorance, and failing, see The Onion Router.

      • (Score: 0) by Anonymous Coward on Wednesday July 01 2015, @09:19PM

        by Anonymous Coward on Wednesday July 01 2015, @09:19PM (#203964)

        Bonus points for making your answer come out "42" !

    • (Score: 2) by aristarchus on Wednesday July 01 2015, @11:21PM

      by aristarchus (2645) on Wednesday July 01 2015, @11:21PM (#204013) Journal

      Homeomorphic encryption will, in theory, allows you to encrypt some data and send it to a second party; Then, while still encrypted the second party can perform computation with the encrypted data as input and with a new encrypted payload as output.

      Or, we could use homeopathic encryption! You just encode a single bit in a half Gig file, and it's power will be increased by orders of magnitude, so no one will be able to crack it! And, the upside, everyone will still be able to read the file! It's almost like . . . magic!

      • (Score: 2) by VortexCortex on Thursday July 02 2015, @01:13AM

        by VortexCortex (4067) on Thursday July 02 2015, @01:13AM (#204031)

        Or, we could use homeopathic encryption!

        Ah, yes. With homeophathic encryption you merely use that data itself as the key and XOR the plain text with the key. Thus the output is all zeros, and incredibly compressible. The only way to decrypt the data is via the key, which one simply XORs with a string of zeros to produce the original input.

        Though the transmission of zeros seems weaker the more you send, it is actually a stronger encryption requiring an even stronger key to crack.

        • (Score: 2) by aristarchus on Thursday July 02 2015, @04:32AM

          by aristarchus (2645) on Thursday July 02 2015, @04:32AM (#204089) Journal

          But, you know, I am a bit uneasy with relying on the placebo effect for data security. Maybe we could come up with something like eTrust, or Windows share your wireless password with everyone including Michael David Crawford Galaxy. I dunno.