MIT's Bitcoin-Inspired 'Enigma' Lets Computers Mine Encrypted Data 46
Guy Zyskind, Oz Nathan, and the MIT Media Lab have developed a system to encrypt data in a way that it can still be shared and used without being decrypted. "To keep track of who owns what data—and where any given data’s pieces have been distributed—Enigma stores that metadata in the bitcoin blockchain, the unforgeable record of messages copied to thousands of computers to prevent counterfeit and fraud in the bitcoin economy." Enigma needs a fairly large base of users to operate securely, so its creators have proposed requiring a fee for anyone who wants data processed in this way. That fee would then be split among the users doing the processing. Those with encrypted datasets on the Enigma network could also sell access to datamining operations without letting the miners see the unencrypted data.
420 (Score:1)
A similar system was used to create this planet.
Re: Cryptography is for cows. (Score:3, Funny)
One less moo and you would have made first post.
Hmm... (Score:2, Informative)
Kind of confusing summary? If I'm reading the article correctly...
They found a way to distribute a computationally expensive technique known as homomorphic encryption using some of the technology we already use with bitcoins. The homomorphic encryption technique itself allows you to perform calculations on/with encrypted data without ever decrypting it.
Re: (Score:1)
Kind of confusing summary? If I'm reading the article correctly...
They found a way to distribute a computationally expensive technique known as homomorphic encryption using some of the technology we already use with bitcoins. The homomorphic encryption technique itself allows you to perform calculations on/with encrypted data without ever decrypting it.
So, it's an "encryption" technique by where you use data without ever decrypting it.
And you thought the summary was confusing?
Re: (Score:3)
Homomorphic encryption isn't new at all.
It's just that we used to think it's uselessly slow. I believe it was in the millions times slower than a normal application without this kind of encryption.
But in more recent years people have been able to build practical systems with it by mixing different kinds and more specialized forms of encryption:
https://www.youtube.com/watch?... [youtube.com]
There are companies that also build products: Cloud Encryption Gateways
But I doubt that really solves the problem, if the application
Re: (Score:2)
How can homomorphic encryption ever work on integer math? It's easy to acquire "1" (X/X) and therefore "N" (1 + 1 + 1 ... etc).
That's not what the blockchain is for (Score:5, Interesting)
The blockchain is already close to 40 GB in size, and now people want to store all sorts of other data (or metadata) in it. I can see this getting out of hand rather quickly.
Miners won't be able to store the entire chain anymore, so only a few archival nodes will still have it. Just how secure and accessible will your metadata be then?
Didn't you notice the latest drama in bitcoinland? (Score:1)
It's not too difficult to put an upper bound on the growth under the current rules. There is a block size cap and a target block generation rate, which is kept to over the long run. Six blocks per hour, one megabyte each, makes for about 51 GB added per year, tops.
Now for the obligatory drama: There's this guy that thinks one megabyte isn't enough and keeps on pretending he can manufacture "concencus" for his plans to enlarge the maximum block size to twentyfold the current limit and then double it every ye
Re: (Score:2)
Nevermind the arguments why: The current 40 GB came to be under a cap of at most one megabyte added to the blockchain every ten minutes. If 40GB is too rich for you already, under a 1 MB per 10 mins cap, then a 20 MB cap certainly is, and a doubling of the cap every year even moreso.
BIP 100 and 101 request no such change as you are representing. The limit will likely be raised to 8MB in the final revision of the proposals and this is more of a temporary measure to allow more time to test for sidechains and interpayment channels like the lightning network - https://lightning.network/ligh... [lightning.network] which allow bitcoin to scale to VISA level tps without bloating the blockchain.
Additionally, remember that merkle tree pruning has already been merged in as of 4/24 which allows for full nodes with
Re:That's not what the blockchain is for (Score:5, Insightful)
Then configure your miners to not accept these transactions.
Essentially the blockchain is exactly this: A way to record information in an unforgeable way, for a fee to the miner. Bitcoin works, and the only way it can work, is by being a system that behaves in a desired way when each player maximizes their own benefit. (To a small extent this can be affected in a centralized fashion because the community can develop the reference implementation to a desired direction, but that may or may not turn to be anathema and may or may not be a powerful enough tool.)
True, blockchain bloat causes problems, and it's a limited resource. The bitcoin solution is to sell the space to the highest bidder, because generally that maximizes the seller's benefit. In a sense, someone saying "that's not what the blockchain is for" is very similar to someone complaining that people are using lithium to make these stupid batteries, driving its price up, and "that's not what lithium is for".
Whether Bitcoin can survive all the technical challenges in the long term is not at all obvious. For all we know, it might be that the entire model is game-theoretically self-destructive if analyzed thoroughly enough. In fact, it has provided quite a few surprises where the incentives have turned out to be something different than anticipated, causing weird scenarios where e.g. in some situations it's advantageous for a miner to not immediately report a found block. So far none of these have been such that they would cause a death spiral, but that's far from a given. (Arvind Narayanan's blog posts on the topic are quite insightful; you might want to start from https://freedom-to-tinker.com/... [freedom-to-tinker.com]).
Re: (Score:2)
The bitcoin solution is to sell the space to the highest bidder
'A', not 'the'. Sidechains are a much better bitcoin approach (the blockchain need only record the entry and exit points). Marc Andresson's company has been working on just this for a year or more.
Re: (Score:2)
What's the next project? (Score:4, Informative)
Ultra?
I'm joking of course but considering the historical significance of the name Enigma as a cypher that was spectacularly hacked to divulge crucial war secrets, it might not have been the best PR to call their project that name.
Rename.
Re: (Score:2)
Some Engima messages have thus far been undecrypted. Enigma was an awesome encryption tool and in theory (especially at the time) unhackable. The issue came in, as most/all encryption systems are vulnerable to the famous PEBKAC. A device was stolen/recovered by the allies allowing for the discovery of it's mechanism which was based around a one-time-pad rotating ciphers every so often (it would be similar to getting your hands on the source code of the algorithm of more modern encryptions and the rotating k
Re: (Score:2)
you can't claim a system is excellent while at the same time enumerating its major failures. of course an inside man or inside knowledge can do major damage to any system, but a truly robust system would safeguard against user carelessness and there would be ways to identify sabotage or major breaches and adjust around the damage. enigma was a brittle system where all of the failures you list were inevitable and foreseeable. and no plans, or weak late plans, were made for the inevitable and foreseeable
Re: (Score:2)
But that is the case with any security project. You cannot keep the stupid from doing stupid things and they're the weakest link. Only by removing THEM do you remove the threats to any security system.
If your private keys are compromised, would you keep using them? Some in this world think it would be acceptable simply because the cost of replacement ($25-150 for a new certificate). Eventually the PHB's take over a perfectly working project and cause it to be declared insecure.
Re: (Score:2)
there's identifying and knowing your weaknesses, planning for them, and failing over swiftly and gracefully
then there's not doing a damn thing about the weaknesses, and using the same damn set up forever
also, we're not talking about exchanging product keys for cracked software. we're talking about a system used in a wold war where thousands of lives and the prestige of nations depended upon a good implementation plan
Re: (Score:2)
if enigma was such a great system, it would have protected from or gracefully readjusted after such an obvious and easily foreseeable failure. that no one foresaw such an obvious failure or didn't have any contingency for the fucking obvious simply means that enigma was extremely brittle and therefore a weak system
and even though it was broken, the breaking remained classified *exactly because* the brittle weak system could be sold to countries that uk, usa wanted to spy on easily. so yes: you need to re-le
data-mining encrypted data? (Score:1)
Re: (Score:3)
Sorry, but this time you're just wrong without stipulation. The whole point of homomorphic encryption and computation is the computor never has the key and the data is never decrypted. It remains encrypted throughout the computation.
They are doing this and then they're also doing a second thing, distributing the computation which is an ortho. concern to the homomorphic encryption and computation, in theory at least, if not in this implementation.
Homomorphic encryption is counter-intutitve to most of us. I h
Re: (Score:2)
I think the original poster meant that doing operations on encrypted data is something else than data-mining.
For data-mining you need to know the data. But the point here is that actually the one doing the operations does never see the results.
How can you data-mine that?
Re: (Score:2)
Datamining is just a computation, an arbitrary computation. It has input value(s) and an algorithm which depends on computed intermediate values and finally an output(s). There is nothing special about the data that datamining works on which differentiates it from any other kind of data within that framework I described. This is the wonder of homomorphic encryption. It DOES let you do aribitrary computation without decrypting the data.
That's not the same as doing arbitrary computation on data whose general
Re: (Score:2)
The one applying the data-mining computations will still not see the result, because it is still encrypted.
or can you do some forms of statistical analysis on the encrypted data, which gets unencrypted results?
Re: (Score:2)
Perhaps they meant that the data is available but it's origin isn't. So you can safely publish your customer data for analysis because (in theory) the data source is anonymized.
Homomorphic encryption is a pipe dream thus far.
Is bitcoin sustainable? (Score:4, Insightful)
Bitcoin already uses 5000 times the energy visa does to record a financial single transaction. If parasites learn to use the bitcoin network for their own computations, that will get even worse.
http://motherboard.vice.com/re... [vice.com]
Re: Is bitcoin sustainable? (Score:2)
Mod parent up
Re: (Score:2)
Bitcoin already uses 5000 times the energy visa does to record a financial single transaction. If parasites learn to use the bitcoin network for their own computations, that will get even worse. http://motherboard.vice.com/re... [vice.com]
The cited study is flawed as it doesn't account for the massive investment in call centers, offices, employees, auditors, and regulators that are needed to sustain the VISA payment rails network and the massive energy use and environmental impact those variables demand.
Re: (Score:2)
The cited study is flawed as it doesn't account for the massive investment in call centers, offices, employees, auditors, and regulators that are needed to sustain the VISA payment rails network and the massive energy use and environmental impact those variables demand.
That is insightful.
Re: (Score:2)
That is insightful.
Thank you. Despite bitcoin being more efficient than traditional payment rails networks, there is some truth to what the article you mention is possibly alluding to. Decentralized network security is indeed expensive and much more costly than a few shared database ledgers. This is especially true for bitcoin at the moment with only 118k transactions per day and the massive overhead being spent to secure those transactions. There are two important reasons for this one must consider:
1) Bitcoin having a marke
Re: (Score:2)
Yeah but your counter argument doesn't account for the sheer scale of what VISA and the banking system do compared to Bitcoin. OK the banking system uses more electricity, but what is the amortized cost on a per transaction basis? That's the question. Accoring to TFA the answer is VISA is HUGELY more environmentally friendly and cost effective than Bitcoin and, and this is the point, always will be because by design Bitcoin makes it harder to obtain coins depending on how much processing power (energy) is
Re: (Score:2)
Yeah but your counter argument doesn't account for the sheer scale of what VISA and the banking system do compared to Bitcoin. OK the banking system uses more electricity, but what is the amortized cost on a per transaction basis? That's the question. Accoring to TFA the answer is VISA is HUGELY more environmentally friendly and cost effective than Bitcoin and, and this is the point, always will be because by design Bitcoin makes it harder to obtain coins depending on how much processing power (energy) is being expended to obtain those coins at any given time.
http://motherboard.vice.com/re... [vice.com]
If all bitcoin machines went solar however, then we might have a different outcome. The practicalities of that, given that Bitcoin assumes distribution of computing power, are not in Bitcoin's favor either.
Proof of work through ASICs is a very good security mechanism as attackers must spend real money on machines and electricty to attack the network and create 2-3 double spends before being caught and shutdown, but not the only method.
Already there are inter-channel payment protocols (https://lightning.network/lightning-network-paper-DRAFT-0.5.pdf and http://impulse.is/impulse.pdf [impulse.is] are two examples among many) and off the chain transactions (Coinbase/circle/changetip are a few examples where there is no fee
From the whitepaper... (Score:2)
"..on different nodes, and
they compute functions together without leaking information to other nodes. Specifically, no single
party ever has access to data in its entirety; instead, every party has a meaningless (i.e., seemingly
random) piece of it."
Because there is no Naurus node in ay ATT room anywhere sucking up all internet traffic, duplicating it and sending it off to the NSA before sending it to its intended destination.
Don't get me wrong; the blockchain is fascinating and makes possible very interestin