## Microsoft Demonstrates Practical Homomorphic Computing 141

Posted
by
timothy

from the garbage-looking-in-garbage-looking-out dept.

from the garbage-looking-in-garbage-looking-out dept.

holy_calamity writes

*"Homomorphic computing makes it possible to compute with encrypted data and get an encrypted result, something that could make cloud services more secure. Such systems have so far been mathematical proofs, but researchers at Microsoft now say that stripped down versions able to only compute certain mathematical functions are efficient enough to be used today. They built prototype software capable of calculating statistical functions using encrypted data and say it could be used for processing medical data while protecting privacy."*
## Re:performance (Score:4, Informative)

Well, MS research publishes pretty regularly. The problem is just that MS proper does not listen to them at all. MS research has time and again demonstrated that something was stupid, only to have MS proper do it later or continue to do it.

## Re:How does this voodoo work? (Score:5, Informative)

Here is a simple example (leaks way more information than the real system). Let's say that the two numbers that you want are elements on a ring (or in CS terms they are numbers modulo some N). You have two numbers, x mod N and y mod N. You want me to perform the modulo addition without learning x and y.

1. You pick two random numbers, p mod N and q mod N.

2. You send me (x+p) mod N and (y+q) mod N. As long as your selections were really random this provides no information about x or y.

3. I compute (x+p) + (y+q) mod N and send you the result. This leaks nothing about the sum.

4. You then compute r - (q+p) mod N to recover the real sum.

There are two problems with this simple scheme (which is why the real scheme took many years to discover and is quite hard to implement). The first problem is that you do as much work blinding and unblinding the numbers as you would computing the real sum. The second problem is that this scheme leaks some information (can't remember what, it's been quite a while).

A Somewhat Homomorphic encryption scheme will solve both of these issues for addition (for some value of solve and some value of efficiency), while a Fully Homomorphic will also allow you to perform multiplications in the ring.

## I hope no one believes this makes it more secure (Score:4, Informative)

The problem isn't potential leaks in data by sniffing the machine's data as it flows, it's invariably the machine's data as it's stored... especially on flash drives at a bar.

Any encryption weak enough to be processed with any amount of reasonable execution time would also be weak enough to be cracked within reasonable execution time.

I find it amazing that people continue to seek out technological solutions to problems that are not generally technological. The real holes are the people and the stupid things they do. Those holes are the ones that most often get exploited and the ones that are not being closed effectively.

I just have to shake my head and wonder why... I have a company executive where I work who maintains more than 200GB of email history on his laptop. It's frikken ridiculous. It's against company policy but no one will call him out on it. So you want to see where the REAL holes in security lie? Look no further than a company's leadership.

## Re:performance (Score:5, Informative)

http://research.google.com/pubs/papers.html [google.com]

That's some serious hording going on there.

## Re:Microsoft? (Score:5, Informative)

This is Microsoft Research we are talking about. They are probably one of the best computational research centers around. I'd trust their security research quite a bit. These are the same people that made a managed code kernel with a native code compiler for .Net just to study how to make OSes in a different, more secure way. It actually did a lot of process isolation in a similar way to how Android does it, but actually predated Android development. As far as I know, that project is still ongoing (it's called Singularity if you are interested and it is quite interesting imho.)

They have many other very innovative and ground breaking research credits to their name, but as other people have mentioned, they are unfortunately more think tank than product development so a lot of times what they come up with isn't really used, at least not by Microsoft. (Note they were also doing multi-touch interaction with their "Surface" research a long time ago too. Some of that actually appears to be getting worked in to Windows 8.)