Beware the hype. It's mathematically impossible to have homomorphic encryption that is secure by any definition used by the cryptography community.
Which isn't to say it's not better than plaintext. If you absolutely must process sensitive data on the cloud, because your office has no power outlets, it's better to use homomorphic encryption than nothing. Slightly better.
For example, all homomorphic schemes are necessarily "malleable". That's the crypto term for "the bad guy can change the data, without nee
I theory the inference attacks are avoidable. I suspect in practice exposing information that does not allow people to back into the data they are looking for is going to be extremely challenging.
lets say I know my salary and I get access to the cipher texts. There are two records in the system. Mine and Alice. I can see the salary total cipher text but I havent got the key. I can see my cipher text is X, my salary the plain-text is 250,000, and Alice's salary ciphertext is Y. The total is Z
This means I know 250,000, + decipher(Y) = decipher(Z) I know that X + Y = Z I should be able to do operations like Z - X and obtain Y I can't do Z - 250,000 and get Y
If this is really all I know I actually can't get to Alice's salary number. In reality the case will be for most useful applications I'll have a lot of other data points that are knows. About two decades ago now I worked on MOLAP project. There were all kinds of requirements around various classes of business users being able to see certain data. Think you can see facts about departments within your store as a store manager but not about other stores in your region; you are also allowed to national trends. Can you work out the information you are supposed to be denied by policy. Turns out maybe when you start slicing on other dimensions because cold weather stuff for example is carried in different regions at different times. So if you are a MA store and you want to know if your tactics for pushing certain products work better than your regional competitors well you can figure it out if you only look at April because your fellow NE region managers are still selling those products but the MA and SE regions have pulled that stuff..
So we got in to a really complex system of rules, needless to say and lots of frantic calls from business principles as they realized certain others were could back into something they are not supposed to be privy to this way or that.
You keep leaving out the part where you need a computation key to do those calculations. A HME scheme has 3 keys, public (encrypts), private (decrypts) and computation. You need the computation key to do computation. If it gets stolen, thieves can do calculations on the encrypted data as you propose. But if the private key gets stolen, its a whole lot worse. You seem to know what you are talking about, so why don't you mention the computation key? Now, maybe IBM hasn't actually succeeded in making a F
I was mainly considering multi tenant ASP situations. An attacker is going to target the ASP. The computation keys are that point are no longer secrets (if the attack is successful). The private key should be held by the data owner and presumably be much harder to obtain.
The road to ruin is always in good repair, and the travellers pay the
expense of it.
-- Josh Billings
Its IBM. (Score:5, Interesting)
Re: (Score:2)
Can you crack RSA? RSA supports homomorphic operations.
Homomorphic is crackable by definition (Score:5, Informative)
Beware the hype. It's mathematically impossible to have homomorphic encryption that is secure by any definition used by the cryptography community.
Which isn't to say it's not better than plaintext. If you absolutely must process sensitive data on the cloud, because your office has no power outlets, it's better to use homomorphic encryption than nothing. Slightly better.
For example, all homomorphic schemes are necessarily "malleable". That's the crypto term for "the bad guy can change the data, without nee
Re:Homomorphic is crackable by definition (Score:2)
I theory the inference attacks are avoidable. I suspect in practice exposing information that does not allow people to back into the data they are looking for is going to be extremely challenging.
lets say I know my salary and I get access to the cipher texts. There are two records in the system. Mine and Alice. I can see the salary total cipher text but I havent got the key. I can see my cipher text is X, my salary the plain-text is 250,000, and Alice's salary ciphertext is Y. The total is Z
This means I know 250,000, + decipher(Y) = decipher(Z)
I know that X + Y = Z
I should be able to do operations like Z - X and obtain Y
I can't do Z - 250,000 and get Y
If this is really all I know I actually can't get to Alice's salary number. In reality the case will be for most useful applications I'll have a lot of other data points that are knows. About two decades ago now I worked on MOLAP project. There were all kinds of requirements around various classes of business users being able to see certain data. Think you can see facts about departments within your store as a store manager but not about other stores in your region; you are also allowed to national trends. Can you work out the information you are supposed to be denied by policy. Turns out maybe when you start slicing on other dimensions because cold weather stuff for example is carried in different regions at different times. So if you are a MA store and you want to know if your tactics for pushing certain products work better than your regional competitors well you can figure it out if you only look at April because your fellow NE region managers are still selling those products but the MA and SE regions have pulled that stuff..
So we got in to a really complex system of rules, needless to say and lots of frantic calls from business principles as they realized certain others were could back into something they are not supposed to be privy to this way or that.
Re: (Score:0)
Re: (Score:2)
I was mainly considering multi tenant ASP situations. An attacker is going to target the ASP. The computation keys are that point are no longer secrets (if the attack is successful). The private key should be held by the data owner and presumably be much harder to obtain.