Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday July 01 2015, @04:04PM   Printer-friendly
from the hi-ho,-hi-ho dept.

The cryptography behind bitcoin solved a paradoxical problem: a currency with no regulator, that nonetheless can't be counterfeited. Now a similar mix of math and code promises to pull off another seemingly magical feat by allowing anyone to share their data with the cloud and nonetheless keep it entirely private.

On Tuesday, a pair of bitcoin entrepreneurs and the MIT Media Lab revealed a prototype for a system called Enigma, designed to achieve a decades-old goal in data security known as "homomorphic" encryption: A way to encrypt data such that it can be shared with a third party and used in computations without it ever being decrypted. That mathematical trick—which would allow untrusted computers to accurately run computations on sensitive data without putting the data at risk of hacker breaches or surveillance—has only become more urgent in an age when millions of users constantly share their secrets with cloud services ranging from Amazon and Dropbox to Google and Facebook. Now, with bitcoin's tricks in their arsenal, Enigma's creators say they can now pull off homomorphically encrypted computations more efficiently than ever.

http://www.wired.com/2015/06/mits-bitcoin-inspired-enigma-lets-computers-mine-encrypted-data/

[Paper]: http://enigma.media.mit.edu/enigma_full.pdf


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by Tramii on Wednesday July 01 2015, @04:16PM

    by Tramii (920) on Wednesday July 01 2015, @04:16PM (#203814)

    This sounds like a neat idea... until you real the whole article.

    Enigma’s creators say their decentralized encryption process... multiplies the computing requirements for a calculation by less than 100 fold.

    If enough Enigma nodes work together, they can team up to decrypt and steal the user’s data.

    To keep Enigma nodes honest and ensure that the nodes’ computations are accurate, the system also includes a “security deposit” that each must pay in bitcoin to join the network.

    Suddenly, Enigma got a lot less appealing.

    • (Score: 4, Funny) by RobotMonster on Wednesday July 01 2015, @04:47PM

      by RobotMonster (130) on Wednesday July 01 2015, @04:47PM (#203822) Journal

      Yeah, if you like the sound of this, I have some swampland on the moon to sell you...

  • (Score: 3, Informative) by frojack on Wednesday July 01 2015, @04:57PM

    by frojack (1554) on Wednesday July 01 2015, @04:57PM (#203828) Journal

    I've been aware of this area of research for some time, (although not MIT's project) and it has always had a different focus that either TFS or TFA seems to suggest.

    Safely Decoding the data has never been difficult in cloud computing. All that is important is client side encryption, and ONLY client side.
    There are only a few services willing to give you that, such as SpiderOak. Most cloud vendors want to hold your encryption keys for you, or allow no encryption at all.

    The focus of "homomorphic" encryption has always been on allowing use of data without revealing actual values.

    Example: doing a database hit to find all the credit cards that have been used to purchase Pot in Colorado which had billing addresses in Minnesota, where you don't want to reveal who's card, the actual card number, the vendor's name, address, or any other details. The data in the database must remain encrypted.

    I don't think this project gets anyone closer that goal.

    --
    No, you are mistaken. I've always had this sig.
  • (Score: 0) by Anonymous Coward on Wednesday July 01 2015, @05:19PM

    by Anonymous Coward on Wednesday July 01 2015, @05:19PM (#203840)

    so this is a promo for the sub-government agency responsible for spying's "FRONT-looking BACKDOOR EVERYWHERE" program?

    maybe if we can change the three letters "MIT" to maybe four letters they will be less inclined to be such an attractive recruiting pool for other 3 letter ..uhm .. outfits?

    • (Score: 2) by DECbot on Wednesday July 01 2015, @05:28PM

      by DECbot (832) on Wednesday July 01 2015, @05:28PM (#203847) Journal

      FEMA? NASA? NOAA? FDIC?.... I'm not quite sure where you're going with this. Some insight into what 4-letter acronym you're thinking of would help.

      --
      cats~$ sudo chown -R us /home/base
      • (Score: 1, Touché) by Anonymous Coward on Wednesday July 01 2015, @05:41PM

        by Anonymous Coward on Wednesday July 01 2015, @05:41PM (#203858)

        ʎƃoʃouɥɔǝʇ °081⊥Oᴚ ƃuısn pǝʇdʎɹɔuǝ sı ƃıs sıɥ⊥

        .ereht evah uoy erutangis tearG

      • (Score: 2) by TK on Thursday July 02 2015, @05:04PM

        by TK (2760) on Thursday July 02 2015, @05:04PM (#204317)

        Why isn't the degrees sign in your sig upside down?

        --
        The fleas have smaller fleas, upon their backs to bite them, and those fleas have lesser fleas, and so ad infinitum
    • (Score: 2) by ikanreed on Wednesday July 01 2015, @05:39PM

      by ikanreed (3164) Subscriber Badge on Wednesday July 01 2015, @05:39PM (#203856) Journal

      Sorry engineering skills don't necessarily grant morals. We're not better people than anyone else.

      • (Score: 2) by skullz on Wednesday July 01 2015, @07:36PM

        by skullz (2532) on Wednesday July 01 2015, @07:36PM (#203925)

        Lies! I wrote a program that says I'm the best. IN ASSEMBLY.

  • (Score: 2) by MichaelDavidCrawford on Wednesday July 01 2015, @05:37PM

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Wednesday July 01 2015, @05:37PM (#203854) Homepage Journal

    Ive been bookmarking a lot of articles on my ipad lately. I want to link them from the website Im building on my linux box. So how to transfer them?

    Oh thats easy there are lots of tutorials. Just register for iCloud, sync my bookmarks with the cloud, then use a windows iCloud client to transfer them to my PC.

    NO.

    Why cant I just transfer my bookmarks directly?

    Im going to jailbreak my iPad, I expect my bookmarks will be in there somewhere but my fear is that theyre stored in Core Data, a complex and undocumented file format that Apple frequently changes to discourage recerse enginnering.

    --
    Yes I Have No Bananas. [gofundme.com]
    • (Score: 2) by RobotMonster on Wednesday July 01 2015, @05:50PM

      by RobotMonster (130) on Wednesday July 01 2015, @05:50PM (#203864) Journal

      Off topic much?

      You could always email yourself each link you wanted to share, using, you know, the sharing button.

      Jailbreak? Good luck running random code off the internet. I'm sure there's nothing nefarious in there, at all.

      • (Score: 2) by MichaelDavidCrawford on Wednesday July 01 2015, @06:24PM

        by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Wednesday July 01 2015, @06:24PM (#203876) Homepage Journal

        The security and privacy of the cloud is not a concern if one does not use it. If Apple werent a cloud provider I expect there would be a simple, direct way to transfer my bookmarks.

        That is, unless some other cloud provider paid Apple for sending customers their way.

        --
        Yes I Have No Bananas. [gofundme.com]
        • (Score: 2) by RobotMonster on Wednesday July 01 2015, @06:41PM

          by RobotMonster (130) on Wednesday July 01 2015, @06:41PM (#203886) Journal

          If Apple werent a cloud provider I expect there would be a simple, direct way to transfer my bookmarks.

          Curious logic. It has more to do with Apple giving preferential treatment to their own ecosystem. I have common bookmarks between my iPad, iPhone, Mac Pro and MacBookPro. I can see what tabs I've left open on each device from every other device. (I wonder if Safari for Windows, if that still exists, supports this?)

          I remember using FoxMarks back in the day to sync firefox bookmarks between multiple machines. Mozilla wasn't a "cloud provider" at the time. A 3rd party solution was required...

          Still don't see what this has to do with MIT's dubious claims of being able to do useful computation on encrypted data without decrypting it.

          • (Score: 2) by MichaelDavidCrawford on Wednesday July 01 2015, @07:08PM

            by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Wednesday July 01 2015, @07:08PM (#203905) Homepage Journal

            If one did not use the cloud then ones data could not be mined despite MIT's best efforts.

            Its easy to export your firefox bookmarks just look in your profile folder.

            --
            Yes I Have No Bananas. [gofundme.com]
            • (Score: 2) by RobotMonster on Wednesday July 01 2015, @07:34PM

              by RobotMonster (130) on Wednesday July 01 2015, @07:34PM (#203923) Journal

              If one did not use the cloud then ones data could not be mined

              While you are correct -- if you're harvesting these bookmarks to publish, I'm not really sure why you're worried about them being mined.

              Anything I do that I want hidden, it's hidden.
              Anything seriously secret, gets stored encrypted.
              Most things -- doesn't matter. That way I look normal to the NSA :-).

              Hi NSA. Here is a secret message I'm passing to another in my cell: pat8af3o3knuemm0i3at6i5ov0os4ok7in4hem0ry5witsh2odlu7gez9dic8oij0shayz4ci5frid1be8hois8bep5coin0lim1. Unfortunately for you it has been encrypted with a One Time Pad, so you can never decrypt it. Hint: the plaintext does not say "i love the NSA".

              • (Score: 3, Informative) by MichaelDavidCrawford on Wednesday July 01 2015, @07:42PM

                by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Wednesday July 01 2015, @07:42PM (#203933) Homepage Journal

                I helped get the green party on the california ballot, and campaigned for jerry brown in 1992.

                Since then i have drifted quite far to the left, i will be helping bernie sanders soon.

                Now I dont use the cloyd myself but Occupy was brutally repressed in large part as a result if irganizing on FaceBook and Gmail.

                9-1-1

                Emergency Dispatch, what are you reporting?

                This is Mike Crawford from occupy salmon creek. Tomorrow morning we will firm a human chain across Interstate 5.

                The state patrol will be there to meet you. Thanks for calling.

                Glad to be of service.

                --
                Yes I Have No Bananas. [gofundme.com]
    • (Score: 2) by skater on Wednesday July 01 2015, @05:54PM

      by skater (4342) on Wednesday July 01 2015, @05:54PM (#203866) Journal

      If you're going to go to that trouble, you at least used to be able to browse through your iPad's backups on your computer and find what you needed there. I was able to extract my text messages from my iPhone several years ago. Newer iOSs might be locked down more, but it used to be pretty easy. You just needed a database reader and an extractor for the backup files, and I was able to find both quickly, for free, online (that was for an OS X laptop, though - maybe Windows clients would be harder).

      Or you could use Firefox or Chrome to save your bookmarks on the iPad, then just use Firefox/Chrome on your computer to access them.

    • (Score: 0) by Anonymous Coward on Thursday July 02 2015, @01:34PM

      by Anonymous Coward on Thursday July 02 2015, @01:34PM (#204225)

      Well, the solution to this is easy: Don't use iWalledGarden.

  • (Score: 2) by Justin Case on Wednesday July 01 2015, @05:58PM

    by Justin Case (4239) on Wednesday July 01 2015, @05:58PM (#203868) Journal

    I can usually grok crypto stuff -- not to the level that I'm going to write my own, or spot NSA-introduced math flaws -- but I can usually get how it is advertised to work and how to deploy it. I even think I have a fairly good grasp of the Bitcoin blockchain concept.

    But I cannot figure out what these blokes are on about. Anyone?

    They give an example of splitting my age into 10 parts and storing them all over. So a credit card firm wants to do a mass mailing: SELECT SUCKER WHERE AGE > 18 and my record comes back. Hrm, I think they know something about my age now, no? A few more SELECTs and they could pretty much pin it down, no?

    But this sounds slightly like something that's been on my impossible-wish-list for some time now. I have this quaint idea that data about me belongs to me.

    So suppose I want to buy something from Amazon but I don't want them sharing my mailing address with 200 junk mail firms. (I'm not saying they would, this is just an example.) I'd like to give Amazon a URL which resolves to an encrypted representation of my address. The web site/service requires authentication, so only Amazon can fetch the URL, subject to permissions I can change any time ('cause it's my data, remember?). But if they fetch the URL and decrypt it they have my address and now the data is out of the bag. I want it to stay opaque to them even as they use it the one time I've authorized. (If I buy again, I may authorize them to use it one more time.)

    Does this get us any closer to that?

    • (Score: 0) by Anonymous Coward on Wednesday July 01 2015, @06:38PM

      by Anonymous Coward on Wednesday July 01 2015, @06:38PM (#203884)

      Maybe yes. maybe no. Maybe yes and no. Maybe yes or no.

    • (Score: 2) by RobotMonster on Wednesday July 01 2015, @06:58PM

      by RobotMonster (130) on Wednesday July 01 2015, @06:58PM (#203898) Journal

      Does this get us any closer to that?

      Nah. Never going to happen. Once Amazon has decrypted the data, the cat is out of the bag - as you said. Nothing can be done about that, except not giving Amazon decryptable data in the first place, but somebody still needs it otherwise who can deliver your package?
      If Amazon has been paid, they could happily "deliver" their package to (say) FedEx, with instructions of deliver to this encrypted address. Amazon won't know where its going, but FedEx would. Somebody needs to know, otherwise how can they deliver it? At that point it's pretty hard to ensure there isn't a digital trail to connect all the dots.

      But you know, Amazon still needs to be paid, so you'd need a middle-man to hide the fact that you've bought Justin Bieber CDs. I guess this is where the psuedo-anonymous nature of bitcoin would come in. Does Amazon accept bitcoin? If you're after Justin Beiber CDs, I'd recommend a VPN, a torrent client, and a lobotomy.

    • (Score: 4, Informative) by VortexCortex on Wednesday July 01 2015, @07:27PM

      by VortexCortex (4067) on Wednesday July 01 2015, @07:27PM (#203918)

      I cannot figure out what these blokes are on about. Anyone?

      Homeomorphic encryption will, in theory, allows you to encrypt some data and send it to a second party; Then, while still encrypted the second party can perform computation with the encrypted data as input and with a new encrypted payload as output.

      For example, imagine a blob of data. Now imagine that the task I want done is to sum two fields of the blob and store the result into a third region. With unencrypted data this is a simple operation in computer science. Simply load the values, sum them (modulo some word size, such as the field size or CPU's word size), then store the values. For this example let's use a very simple encryption: A one time pad. Let's say all data in the blob has a uniform field width (bit length). We populate a one time pad with random bits. This OTP can be seen as as a "biased" version of "zero" for the entire blob. To encrypt the blob, we simply add each field of data to the corresponding OTP value (modulo data field capacity). To decrypt we take the ciphered blob and subtract the OTP values (modulo data field capacity). Now say you store the number 25 into a field and let's say the fields are modulo 8bits (0-255 decimal). Let's say the corresponding OTP value is 253, so to encrypt it we do the following:
      (25 + 240) % 256 = 9;
      (where % is an unsigned modulus, thus "n % 256" is like an unsigned "n & 255" in C, so, 25 + 240 = 265; 265 % 256 = 9.
      Now, let's say I want a 2nd party to do the work of adding the value 17 to this field. They don't know what my input value is, it could be any value 0-255, but it doesn't matter, they perform the operation:
      (9 + 17) % 256 = 26
      This value can be stored back into the same register. Now the 2nd party has done work without knowing what the input data was. When we get our modified blob back we decrypt it:
      (26 - 240) % 256 = 42;
      Indeed 17 + 25 = 42;
      This is a (vastly simplified) form of homeomorphic encryption. It takes increasingly complicated mathematics to perform addition by an arbitrary fields or multiplication on two fields, typically requiring storage in a different format than the "positive biased zero" one time pad I explained above.

      • (Score: 2) by Justin Case on Wednesday July 01 2015, @07:43PM

        by Justin Case (4239) on Wednesday July 01 2015, @07:43PM (#203936) Journal

        OK, thank you, that at least I can follow.

        Is it any good for anything beyond simple arithmetic... which you wouldn't "outsource" when you can do it yourself for way less than the cost of the crypto?

        This seems like it might be headed toward massively parallel protein folding or some such thing, where I don't want "the cloud" to patent my new drug before I can, but I want "the cloud" to do the work for me.

        • (Score: 2) by No Respect on Wednesday July 01 2015, @08:55PM

          by No Respect (991) on Wednesday July 01 2015, @08:55PM (#203959)

          I have seen an application of this as a component of an online voting system. People submit encrypted ballots and the server is able to tally the ballots without being able to see the details of each ballot individually. The computational requirements are relatively heavy. There are also probablistic tests that can be run to verify the authenticity of the submitted ballots. I probably have some of the terminology wrong here, but that's the general idea. Each run of the tests provides an indication that the results are correct with 51% probability. After a significant number of runs one can say with high probability that the results are mathematically correct.

          • (Score: 0) by Anonymous Coward on Thursday July 02 2015, @01:39PM

            by Anonymous Coward on Thursday July 02 2015, @01:39PM (#204227)

            But couldn't you reveal the content of a ballot by simply running the whole algorithm on that single ballot, and then looking who won that one-voter "election"?

      • (Score: 3, Informative) by VortexCortex on Wednesday July 01 2015, @07:58PM

        by VortexCortex (4067) on Wednesday July 01 2015, @07:58PM (#203944)

        OTP value is 253

        Oops, should be 240, I changed the example but forgot that part.

        Also the division of labor is sometimes used in "homeomorphic encryption" in order to leverage this the buzzword by proving that multiple parties alone do not know what the data is. In my purist view true homeomorphic encryption needs no division of labor to ensure the data remains encrypted while the 2nd party / parties are processing it, as the example above demonstrates is possible. Discovering a uniform and efficient storage and encryption method for data fields that allows any operation is an ongoing puzzle. It seems TFA researchers haven't cracked the nut just yet, but have applied a hive organization in order to provide work checking and division of labor. In some (older, and experimental newer) distributed online game networks a similar approach is sometimes used with star network topology -- The client reporting significantly divergent values than the group's redundant processing is disconnected for cheating.

        I wouldn't trust my data to such schemes yet, the field of homeomorphic encryption is still in its infancy, and the general wisdom to "Never be an early adopter" applies. For another example of a distributed division of labor attempting to provide forced ignorance, and failing, see The Onion Router.

        • (Score: 0) by Anonymous Coward on Wednesday July 01 2015, @09:19PM

          by Anonymous Coward on Wednesday July 01 2015, @09:19PM (#203964)

          Bonus points for making your answer come out "42" !

      • (Score: 2) by aristarchus on Wednesday July 01 2015, @11:21PM

        by aristarchus (2645) on Wednesday July 01 2015, @11:21PM (#204013) Journal

        Homeomorphic encryption will, in theory, allows you to encrypt some data and send it to a second party; Then, while still encrypted the second party can perform computation with the encrypted data as input and with a new encrypted payload as output.

        Or, we could use homeopathic encryption! You just encode a single bit in a half Gig file, and it's power will be increased by orders of magnitude, so no one will be able to crack it! And, the upside, everyone will still be able to read the file! It's almost like . . . magic!

        • (Score: 2) by VortexCortex on Thursday July 02 2015, @01:13AM

          by VortexCortex (4067) on Thursday July 02 2015, @01:13AM (#204031)

          Or, we could use homeopathic encryption!

          Ah, yes. With homeophathic encryption you merely use that data itself as the key and XOR the plain text with the key. Thus the output is all zeros, and incredibly compressible. The only way to decrypt the data is via the key, which one simply XORs with a string of zeros to produce the original input.

          Though the transmission of zeros seems weaker the more you send, it is actually a stronger encryption requiring an even stronger key to crack.

          • (Score: 2) by aristarchus on Thursday July 02 2015, @04:32AM

            by aristarchus (2645) on Thursday July 02 2015, @04:32AM (#204089) Journal

            But, you know, I am a bit uneasy with relying on the placebo effect for data security. Maybe we could come up with something like eTrust, or Windows share your wireless password with everyone including Michael David Crawford Galaxy. I dunno.