|Published (Last):||2 August 2007|
|PDF File Size:||18.85 Mb|
|ePub File Size:||3.45 Mb|
|Price:||Free* [*Free Regsitration Required]|
A couple of weeks ago I polled readers for the subjects that they were interested in. Before I get started, I want to make a few important stipulations. Moreover, plenty of real experts have already published highly accessible introductory pieces. Alternatively, you can go directly to some of the recent papers on FHE. My last warning is that this subject is kind of involved. People love to use analogies to talk about encryption.
Consider this one:. The locked safe is a great teaching example because cryptography and physical safes usually serve the same purpose: they ensure the confidentiality of sensitive data. In practice, they also share many of the same drawbacks. Consequently, people tend to remove useful documents from safe storage at the first chance they get.
Typically the same principle holds for encryption. People decrypt their data so they can use it. But analogies are never perfect. And this is a good thing! This may seem like an exotic property. Without those protections, both schemes are homomorphic with respect to modular multiplication. Homomorphic encryption has some immediate practical applications. Paillier is homomorphic with respect to addition. Now imagine: each voter encrypts their their ballot as a number 0 or 1 and publishes it to the world.
Anyone can now tally up the results into a final ciphertext, which makes it hard for a corrupt election judge to throw away legitimate votes. Homomorphic encryption is hardly a new discovery, and cryptographers have long been aware of its promise. Regrettably, those first attempts kind of sucked. To be interesting, a homomorphic encryption scheme should at very least permit the evaluation of useful mathematical functions, e.
But no computer scientist in history has ever been satisfied with mere polynomials. More practically, a technology like this would eliminate a very real weakness in many security systems — the need to decrypt before processing data.
For researchers this was frustrating. Keeping in mind that all arithmetic is binary i. Why the excitement? To a theoretical computer scientist this is a Big Deal. Break the input into single bits and process them one gate at a time?
Well, yes. Consider, for example, a loop like this one:. Just try converting that into a circuit. Not to mention that evaluating those logic gates is going to require some pretty serious computing.
By combining these with other less-general techniques, we could accomplish something pretty useful. See, for example, this paper for some of the complexity.
For example, consider a scheme that encrypts arbitrary integers say, a finite ring. Great post. I'm not an academic person however I will try to skim those papers. I only read the abstract and section 3 and the conclusion of the paper. Notes from a course I teach. Pictures of my dachshunds. Matthew Green in fundamentals January 2, August 29, 1, Words. Craig Gentry on board the mothership.
Why encryption is not like a safe credit People love to use analogies to talk about encryption. Anyway, it was a beautiful dream.
In theory, the existence of an appropriate encryption scheme would give us everything we need to, for example, play Halo on encrypted inputs. This would obviously be a poor gaming experience. But it would be possible.
A couple of weeks ago I polled readers for the subjects that they were interested in. Before I get started, I want to make a few important stipulations. Moreover, plenty of real experts have already published highly accessible introductory pieces. Alternatively, you can go directly to some of the recent papers on FHE.
Implementing Gentry’s Fully-Homomorphic Encryption Scheme
Homomorphic encryption is a form of encryption that allows computation on ciphertexts , generating an encrypted result which, when decrypted, matches the result of the operations as if they had been performed on the plaintext. Homomorphic encryption can be used for privacy-preserving outsourced storage and computation. This allows data to be encrypted and out-sourced to commercial cloud environments for processing, all while encrypted. In highly regulated industries, such as health care, homomorphic encryption can be used to enable new services by removing privacy barriers inhibiting data sharing. For example, predictive analytics in health care can be hard to apply due to medical data privacy concerns, but if the predictive analytics service provider can operate on encrypted data instead, these privacy concerns are diminished.
Craig Gentry (computer scientist)