Craig Stuntz
February 27, 2014
220

# Cloud Security for Real This Time: Homomorphic Encryption and the Future of Data Privacy

## Craig Stuntz

February 27, 2014

## Transcript

1. What If?

2. {
Cloud Security for Real This Time:
Homomorphic Encryption and the
Future of Data Privacy
Craig Stuntz
Improving Enterprises

3. https://speakerdeck.com/craigstuntz

4. TLS Changed the Internet

5. Browser
Server Application
TLS: Safe (mostly!), but

6. What if it’s stolen?

7. Consumer
“I don’t want my
personal information
stolen.”
“I’d rather not have
to install software to
manage my
finances.”
Cloud Service
Provider
“I don’t want the
data I store to make
me a target.”
“I can protect my
not redistributing
my code.”

8. Homomorphic Encryption
In a Nutshell
Client
Server
Data Cyphertext
Result Cyphertext
Computation
Homomorphic
Data
Plaintext
Result
Plaintext

9. Rot-13!

10. Awesoma Powa!

11. Let’s launch a startup!
concatenatr

12. (Using Goldwasser and
Micali’s algorithm developed
20 years earlier)

= mod
1
∙ 2
= 1
mod ∙ (2
mod )
= (1
∙ 2
) mod
= 1
∙ 2
mod
= E(1
∙ 2
)

14. Pivot!
multiplir
We make products
Awesome!
Uhhh….

15.  Multiply
 Doesn’t have to be (quite) Turing complete
 Conditional branching and loops, of a sort
 Cannot perform conditional jumps based on
(encrypted) user input
Fully Homomorphic
Encryption

16. Functional Completeness
and Universal Gates
 NAND
 NOR
 AND and NOT
 XOR and AND

Over GF(2)
+ 0 1
0 0 1
1 1 0
* 0 1
0 0 0
1 0 1

18. > def choose(first, second, choose_first):
.. return first if choose_first else second
..
> choose(True, False, True)
=> True
> choose(True, False, False)
=> False
first
choose_first
second

19. > def my_factorial(n):
.. result = 1
.. while n > 1:
.. result *= n
.. n -= 1
.. return result
> def my_factorial_less_than_20(n):
.. result = 1;
.. for i in range(2, 20):
.. result *= 1 if i > n else i
.. return result
> my_factorial_less_than_20(4)
=> 24
> my_factorial_less_than_20(100)
=> 121645100408832000L
> my_factorial_less_than_20(1000)
=> 121645100408832000L

20. Fast!
Turing
Complete*
Strong Encryption
Practical Homomorphic
Encryption

21. Craig Gentry
IBM Research

22. Result
Cyphertext
Output
Homomorphic
reencryption
algorithm
Bootstrap
Lossy
Multiply
Lossless
Data
Cyphertext
Input

23. E(E(E(plaintext)))
E(E(plaintext))
E(plaintext)
Plaintext
Bootstrappable Encryption

24.  “Nevertheless, the authors of this method to concede that making
this scheme practical remains an open problem.”
 “There exist well known solutions for secure computation of any
function… It seems hard to apply these methods to complete
continuous functions or represent Real numbers, since the methods
inherently work over finite fields.”
 “An encryption scheme with these two properties is called a
homomorphic encryption scheme. The Paillier system is one
homomorphic encryption scheme, but more ones [sic] exist.”
Patent Encumbrance

25. Limitations
 Server doesn’t have data to, e.g. hand off to third parties
 Some fully homomorphic cryptosystems are relatively untested
and security not proven. (Both in terms of algorithms and
implementation.)
 Space issues
 Algorithms which operate on homomorphically encrypted data are,
for now, anyway, computationally expensive
 Client complexity and deployment
 Not always clear when to choose fully homomorphic algorithms.
 Not a cure-all. Metadata and side-channels still a problem
 Moving target!
 Patent encumbered

26. CryptDB
 Query-based encryption
 Requires no changes to DB server
 Tested on phpBB, OpenEMR, TPC-C, etc.
 Only 14-26% slower than unmodified apps.

27. Zero Knowledge Proof
Image: Wikimedia Commons / User:Dake

28. 2 Party Secure Computation
Sends c = E(x) to Bob
Computes and sends c’ = E(f(x,y)),
ZKP of c’ correctness to Alice
Decrypt c’, compute ZKP of valid
decryption, and return both to Bob
HELLO
M y N ame I s
Alice
HELLO
M y N ame I s
Bob

29. The Future?

30.  Computing Arbitrary Functions of Encrypted
Data, by Craig Gentry. Communications of the
ACM, Vol. 53, No.3
 Building the Swiss Army Knife, by Boaz Barak
and Zvika Brakerski
 HElib (source code)
 CryptDB: Processing Queries on an Encrypted
Database, by Raluca Ada Popa, Catherine M.S.
Redfield, Nickolai Zeldovich, and Hari
Balakrishnan