Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Security for Real This Time: Homomorphic Encryption and the Future of Data Privacy

56e5c49368a2e0ab999848a8d9e3c116?s=47 Craig Stuntz
February 27, 2014

Cloud Security for Real This Time: Homomorphic Encryption and the Future of Data Privacy

56e5c49368a2e0ab999848a8d9e3c116?s=128

Craig Stuntz

February 27, 2014
Tweet

Transcript

  1. None
  2. None
  3. None
  4. What If?

  5. { Cloud Security for Real This Time: Homomorphic Encryption and

    the Future of Data Privacy Craig Stuntz Improving Enterprises
  6. https://speakerdeck.com/craigstuntz

  7. TLS Changed the Internet

  8. Browser Server Application TLS: Safe (mostly!), but must decrypt to

    do business
  9. What if it’s stolen?

  10. Consumer “I don’t want my personal information stolen.” “I’d rather

    not have to install software to manage my finances.” Cloud Service Provider “I don’t want the data I store to make me a target.” “I can protect my business methods by not redistributing my code.”
  11. Homomorphic Encryption In a Nutshell Client Server Data Cyphertext Result

    Cyphertext Computation Homomorphic Data Plaintext Result Plaintext
  12. Rot-13!

  13. Awesoma Powa!

  14. Let’s launch a startup! concatenatr Join us!

  15. (Using Goldwasser and Micali’s algorithm developed 20 years earlier)

  16. Unpadded RSA = mod 1 ∙ 2 = 1 mod

    ∙ (2 mod ) = (1 ∙ 2 ) mod = 1 ∙ 2 mod = E(1 ∙ 2 )
  17. Pivot! multiplir We make products Awesome! Now add. Uhhh….

  18.  Multiply  Add, subtract, exponents, etc.  Doesn’t have

    to be (quite) Turing complete  Conditional branching and loops, of a sort  Cannot perform conditional jumps based on (encrypted) user input Fully Homomorphic Encryption
  19. Functional Completeness and Universal Gates  NAND  NOR 

    AND and NOT  XOR and AND
  20. Addition, Multiplication Over GF(2) + 0 1 0 0 1

    1 1 0 * 0 1 0 0 0 1 0 1
  21. > def choose(first, second, choose_first): .. return first if choose_first

    else second .. > choose(True, False, True) => True > choose(True, False, False) => False first choose_first second
  22. > def my_factorial(n): .. result = 1 .. while n

    > 1: .. result *= n .. n -= 1 .. return result > def my_factorial_less_than_20(n): .. result = 1; .. for i in range(2, 20): .. result *= 1 if i > n else i .. return result > my_factorial_less_than_20(4) => 24 > my_factorial_less_than_20(100) => 121645100408832000L > my_factorial_less_than_20(1000) => 121645100408832000L
  23. Fast! Turing Complete* Strong Encryption Practical Homomorphic Encryption

  24. None
  25. Craig Gentry IBM Research

  26. Result Cyphertext Output Homomorphic reencryption algorithm Bootstrap Lossy Multiply Lossless

    Add Data Cyphertext Input
  27. E(E(E(plaintext))) E(E(plaintext)) E(plaintext) Plaintext Bootstrappable Encryption

  28.  “Nevertheless, the authors of this method to concede that

    making this scheme practical remains an open problem.”  “There exist well known solutions for secure computation of any function… It seems hard to apply these methods to complete continuous functions or represent Real numbers, since the methods inherently work over finite fields.”  “An encryption scheme with these two properties is called a homomorphic encryption scheme. The Paillier system is one homomorphic encryption scheme, but more ones [sic] exist.” Patent Encumbrance
  29. Limitations  Server doesn’t have data to, e.g. hand off

    to third parties  Some fully homomorphic cryptosystems are relatively untested and security not proven. (Both in terms of algorithms and implementation.)  Space issues  Algorithms which operate on homomorphically encrypted data are, for now, anyway, computationally expensive  Client complexity and deployment  Not always clear when to choose fully homomorphic algorithms.  Not a cure-all. Metadata and side-channels still a problem  Moving target!  Patent encumbered
  30. CryptDB  Query-based encryption  Requires no changes to DB

    server  Tested on phpBB, OpenEMR, TPC-C, etc.  Only 14-26% slower than unmodified apps.
  31. Zero Knowledge Proof Image: Wikimedia Commons / User:Dake

  32. 2 Party Secure Computation Sends c = E(x) to Bob

    Computes and sends c’ = E(f(x,y)), ZKP of c’ correctness to Alice Decrypt c’, compute ZKP of valid decryption, and return both to Bob HELLO M y N ame I s Alice HELLO M y N ame I s Bob
  33. The Future?

  34.  Computing Arbitrary Functions of Encrypted Data, by Craig Gentry.

    Communications of the ACM, Vol. 53, No.3  Building the Swiss Army Knife, by Boaz Barak and Zvika Brakerski  HElib (source code)  CryptDB: Processing Queries on an Encrypted Database, by Raluca Ada Popa, Catherine M.S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan Further reading