Entries Tagged "homomorphic encryption"



Thisis really clever:

谜的技术——密码学家称之为“安全多方计算”-- works by mimicking a few of the features of bitcoin's decentralized network architecture: It encrypts data by splitting it up into pieces and randomly distributing indecipherable chunks of it to hundreds of computers in the Enigma network known as "nodes."Each node performs calculations on its discrete chunk of information before the user recombines the results to derive an unencrypted answer.Thanks to some mathematical tricks the Enigma creators implemented,这些节点能够集体执行计算机通常执行的各种计算,但除了分配给他们的小数据块之外,没有访问数据的任何其他部分。

To keep track of who owns what data -- and where any given data's pieces have been distributed -- Enigma stores that metadata in the bitcoin blockchain,在比特币经济中,为了防止伪造和欺诈而复制到数千台计算机上的不可原谅的信息记录。

这不是同态加密。But it is really clever.Paperhere.

Posted on July 3,2015 at 6:38 AM查看评论

Homomorphic Encryption Breakthrough

Last month,IBM made some pretty brash claims about homomorphic encryption and the future of security.我不想对整个事情泼冷水——就像新发现一样酷——但重要的是要将理论与实践分开。

同态密码系统是密文上的数学运算对明文有规律影响的密码系统。A normal symmetric cipher -- DES,AES,or whatever -- is not homomorphic.Assume you have a plaintext P,and you encrypt it with AES to get a corresponding ciphertext C.If you multiply that ciphertext by 2,然后解密2c,你会得到随机的胡言乱语而不是P。如果你还有别的东西,like 2P,that would imply some pretty strong nonrandomness properties of AES and no one would trust its security.

RSA算法不同。Encrypt P to get C,multiply C by 2,and then decrypt 2C -- and you get 2P.That's a homomorphism: perform some mathematical operation to the ciphertext,这一操作反映在明文中。The RSA algorithm is homomorphic with respect to multiplication,something that has to be taken into account when evaluating the security of a security system that uses RSA.

This isn't anything new.RSA's homomorphism was known in the 1970s,and other algorithms that are homomorphic with respect to addition have been known since the 1980s.But what has eluded cryptographers is a fully homomorphic cryptosystem: one that is homomorphic under both addition and multiplication and yet still secure.And that's what IBM researcher Craig Gentry hasdiscovered.

This is a bigger deal than might appear at first glance.任何计算都可以表示为布尔电路:一系列加法和乘法。你的电脑由无数个布尔电路组成,你可以运行程序在你的电脑上做任何事情。This algorithm means you can perform arbitrary computations on homomorphically encrypted data.More concretely: if you encrypt data in a fully homomorphic cryptosystem,you can ship that encrypted data to an untrusted person and that person can perform arbitrary computations on that data without being able to decrypt the data itself.Imagine what that would mean for cloud computing,or any outsourcing infrastructure: you no longer have to trust the outsourcer with the data.

Unfortunately -- you knew that was coming,正确的?--绅士的计划完全不切实际。It uses something called an ideal lattice as the basis for the encryption scheme,and both the size of the ciphertext and the complexity of the encryption and decryption operations grow enormously with the number of operations you need to perform on the ciphertext -- and that number needs to be fixed in advance.And converting a computer program,even a simple one,into a Boolean circuit requires an enormous number of operations.These aren't impracticalities that can be solved with some clever optimization techniques and a few turns of Moore's Law;this is an inherent limitation in the algorithm.在one article,Gentry估计,使用加密关键字进行谷歌搜索——这是一个完全合理的简单算法应用——将使计算时间增加约1万亿。Moore's law calculates that it would be 40 years before that homomorphic search would be as efficient as a search today,and I think he's being optimistic with even this most simple of examples.

Despite this,IBM的公关机器对这一发现一直处于超速状态。Its新闻稿makes it sound like this new homomorphic scheme is going to rewrite the business of computing: not just cloud computing,but "enabling filters to identify spam,即使是在加密邮件中,or protection information contained in electronic medical records."Maybe someday,但在我的有生之年。

This is not to take anything away anything from Gentry or his discovery.三十年来,完全同态密码系统的幻象一直在密码学家的头脑中舞动。I never expected to see one.需要几年时间,才能有足够数量的密码学家检查算法,我们才能对该方案的安全性有任何信心,但是——实用性可恶——这是一项令人惊叹的工作。

Posted on July 9,2009 at 6:36 AM查看评论

Sidebar photo of Bruce Schneier by Joe MacInnis.