not have to install software to manage my finances.” Cloud Service Provider “I don’t want the data I store to make me a target.” “I can protect my business methods by not redistributing my code.”
to be (quite) Turing complete Conditional branching and loops, of a sort Cannot perform conditional jumps based on (encrypted) user input Fully Homomorphic Encryption
> 1: .. result *= n .. n -= 1 .. return result > def my_factorial_less_than_20(n): .. result = 1; .. for i in range(2, 20): .. result *= 1 if i > n else i .. return result > my_factorial_less_than_20(4) => 24 > my_factorial_less_than_20(100) => 121645100408832000L > my_factorial_less_than_20(1000) => 121645100408832000L
making this scheme practical remains an open problem.” “There exist well known solutions for secure computation of any function… It seems hard to apply these methods to complete continuous functions or represent Real numbers, since the methods inherently work over finite fields.” “An encryption scheme with these two properties is called a homomorphic encryption scheme. The Paillier system is one homomorphic encryption scheme, but more ones [sic] exist.” Patent Encumbrance
to third parties Some fully homomorphic cryptosystems are relatively untested and security not proven. (Both in terms of algorithms and implementation.) Space issues Algorithms which operate on homomorphically encrypted data are, for now, anyway, computationally expensive Client complexity and deployment Not always clear when to choose fully homomorphic algorithms. Not a cure-all. Metadata and side-channels still a problem Moving target! Patent encumbered
Computes and sends c’ = E(f(x,y)), ZKP of c’ correctness to Alice Decrypt c’, compute ZKP of valid decryption, and return both to Bob HELLO M y N ame I s Alice HELLO M y N ame I s Bob
Communications of the ACM, Vol. 53, No.3 Building the Swiss Army Knife, by Boaz Barak and Zvika Brakerski HElib (source code) CryptDB: Processing Queries on an Encrypted Database, by Raluca Ada Popa, Catherine M.S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan Further reading