Slashdot Mirror
The Beginnings of Encrypted Computing In the Cloud
eldavojohn writes "A method of computing from a 2009 paper allows the computing of data without ever decrypting it. With cloud computing on the rise, this may be the holy grail of keeping private data private in the cloud. It's called Fully Homomorphic Encryption, and if you've got the computer science/mathematics chops you can read the thesis (PDF). After reworking it and simplifying it, researchers have moved it away from being true, fully homomorphic encryption, but it is now a little closer to being ready for cloud usage. The problem is that the more operations performed on your encrypted data, the more likely it has become 'dirty' or corrupted. To combat this, Gentry developed a way to periodically clean the data by making it self-correcting. The article notes that although this isn't prepared for use in reliable systems, it is a quick jump to implementation just one year after the paper was published — earlier encryption papers would take as much as half a decade until they were implemented at all."
I never did see the big draw of cloud computing without this. Hopefully this will also provide some needed knowledge to better something like Freenet
A libertarian shat on my carpet once. Claimed the free market would sort it out. -Ford Prefect(8777)
Practical homomorphic encryption is a fantasy, or at the very least it is so far off that it won't impact any of us any time soon.
If you want to cloudsource sensitive information processing, you will need a highly-secured vendor (most aren't even close). Sorry!
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Fantastic - now we can envisage using the cloud for sensitive documents. Law firms such as ours are look forward to this development. www.1p.com.au
"First Post" lol
The idea that my data is on the "cloud" and I have to pay a monthly fee (or watch some ads) to access it is really not very interesting to me.
Yet another case of someone's impractical research being posted on Slashdot. Must be seeking fame or a job.
The idea that my grandmother's data is on her own equipment that she has no idea how to operate and is at risk of becoming a spambot-zombie isn't all that interesting to me either.
Also, are we talking about enterprise cloud or consumer cloud with this article?
The World Wide Web is dying. Soon, we shall have only the Internet.
So, I've got this encrypted data, and I can do these operations to it and it'll still be encrypted blah blah blah. I want to alphabetically sort some data. If I'm reading this right, you're screwed. Not seeing the utility, if that's the case.
Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.
The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.
And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.
My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.
Thank God someone has come up with a theoretical method of computing private data on a VM running in an old beige box full of dust bunnies in an Amazon.com datacenter.
This is just Gödel numbering using an "encrypting" algorithm.
Set your phasers on "funky"!
Because it threatens your job as someone who programs exclusively for locked down desktops. If cloud computing blows up more, you are out of a job.
a botnet ?
Thanks in advance.
Yours In Akademgorodok,
K. Trout
I am a Freenet user (posting anonymously for obvious reasons) and I use it for Freenet Messaging System (FMS) which is a web forums on top of Freenet. The key thing about Freenet is that it is an anonymous data store. Even if you are offline, someone can fetch the data that is spinning around in the network.
You use a lot of CPU in my experience to retransmit lots of requests from other users, it's not obvious to your node whether or not you actually requested a piece of data. Even better is to make a darknet with people you trust.
Correct me if I'm wrong but couldn't you just use something like Encfs and fuse and just access your encrypted files as if they were a mounted file system right on your local system with all that implies?
The soylentnews experiment has been a dismal failure.
svefg cbfg
FYP
The whole point of cloud computing is to give corporations access to all your files and all your computing behavior so they can analyze it, sell it, broadcast it, trade it, and make it into a product for governments and corporations around the world.
Fully Homomorphic Encryption
oooooooooo, oooooOOOooooo, ooooooohhhhhhh....
This has been tried for at least 3 decades. It could never be made to work efficiently and this approach is also not really going to help. It may have some valid crypto application this time (it never got that far before), but you will have to pump in so many more CPU cycles, that it will be a lot cheaper to just spend then directly on you own PC for any non-crypto stuff.
Side note: The things people will claim to make this mostly BS idea of the cloud seem to work never cease to amaze me.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The whole point of cloud computing is to give corporations access to all your files and all your computing behavior so they can analyze it, sell it, broadcast it, trade it, and make it into a product for governments and corporations around the world.
Where do you get that from?
It seems as though you are thinking about the wrong layer of the 'cloud'.
This is about high availability, to where the hardware operators can have many servers on standby and seemlessly (via VMotion or similar technologies) change hardware without a hiccup. If a node goes down then just bring up the same resource on an alternate server.
The issue with clouds is for the most part they are using commodity hardware and the method for data reliability is replication. Given the hard error rate of disk drives after about 7 PB of data the failure rate of disk drives will exceed the ability of an OC-48 channel to move the data to replicate failed drives.
There's been some progress since this paper.
It's not there yet, but there's hope.
The good news is this will eventually stop the botnets. One all that computing power is reliably usable, there's profit motive to defend it.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Funny, I read " Fully Homomorphic Encryption" as Fully Homophobic Erections
who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
Comment removed based on user account deletion
with offline mode in html 5 can users now store all their data offline, basically effectively creating a backup?
Side note: The things people will claim to make this mostly BS idea of the cloud seem to work never cease to amaze me.
If I know anything about \subsection{Motivation}, they're using cloud computing to make fully homomorphic encryption seem* worthwhile.
(* appearances may be true or false but not both).
Academic cryptography has developed the theory necessary for all the important problems people want solved in practice (i.e. public key encryption). That's why we work on the (apparently) less important problems now, and that's why the "motivation" part of our articles are a little... stretched ;-)
You can argue that someone ought to work on building and deploying technology based on the good ol' cryptographic theory (i.e. an internet with end-to-end public key cryptography). I won't argue against you, but I think it requires solving problems of internet governance first.
Old dupe is old
On the impossibility of cryptography alone for privacy-preserving cloud computing
If you can sort your data by plaintext, while still in ciphertext form (ie, without decrypting it on the cloud's hardware AT ALL), then what's stopping your cloud provider from doing it, too?
Nothing. The result will be a list of ciphertexts which won't reveal anything about the plaintexts.
See also the thesis, page 5 (5 on paper, 15 in pdf):
At a high-level, the essence of fully homomorphic encryption is simple: given ciphertexts that encrypt pi_1, ..., p_t fully homomorphic encryption should allow anyone (not just the key-holder) to output a ciphertext that encrypts f(pi_1, ..., p_t) for any desired function f, as long as that function can be efficiently computed. No information about pi_1, ..., p_t or ..., pi_t), or any intermediate plaintext values, should leak; the inputs, output and intermediate values are always encrypted.
f(pi_1,
So if I give you pi_1 and pi_2, you'll know that E(min(pi_1, pi_2)) = 42 and E(max(pi_1, pi_2)) = 17. What do their encryptions tell you about pi_1 and pi_2?
You're leaking information about your data to your provider, and if they wanted to, they could perform a process of elimination and discover your plaintext.
I don't think it's possible; I must admit I haven't read Gentry's thesis, but I assume he proves what he advertises---that he has a fully homomorphic encryption scheme. In that case, it is indeed possible to carry out any computation on encrypted values without revealing information about neither the plaintext nor the result of the computation.
Of course, if I'm wrong, I would very much like to see your algorithm for discovering the plaintext.
The thing to keep in mind here is that the idea is to make it so your cloud provider has no way to read, or infer information about, your data. I'm in the camp that believes it's not possible, but even if it is possible, known methods (like this one) are neither plausible nor secure.
Gentry's approach uses lattices; his approach should be secure against people whose computational resources are polynomial in the plaintext size, even (I think we think*) if they have quantum computers.
(* I haven't looked closely, so I'm randomly guessing his use of lattices is of the kind where no publicly known quantum attacks exist).
Security isn't an on/off thing. There's a stricter security property Gentry's system either satisfies or doesn't satisfy---that no one can know anything about the plain texts, even if computing on the ciphertexts "forever".
But in-use technology such as SSL, ssh, PGP/GPG doesn't live up to this standard, yet in practical security it's never the *crypto* that's broken.
To say that Gentry's work is not only wrong (not secure) but not plausible I think implies that the PhD committee at Stanford is doing a piss-poor job. Is that really what you mean?
(This is one of the reasons I'm doing my PhD in cryptography: in algorithms, or languages, or $subfield, when there's something you don't know you just know that you don't know how to do X; in cryptography, when there's stuff you don't know, it seems like magic is possible)
Quoting from your linked article:
Single-client private computing is realizable via FHE, as we explain below
FHE is Fully Homomorphic Encryption, exactly what Gentry has shown to exist.
(Note, I haven't read your linked article fully, nor have I read Gentry's thesis fully; I may be wrong, but a first guess would suggest that your linked article isn't in conflict with Gentry).
Encrypted data manipulation? Just write the manipulation software in Malbolge.
Anonymous does not necessarily mean "has no name", although I can see how slashdotters are being conditioned to think so. Anonymous merely means to keep ones identities separate from and unconnected to one another.
You can have a perfectly anonymous identity with assorted social perks such as a recognizable name and verifiability/accountability; just disconnected from any other identities you might have. The tricky part is *keeping* them separated (plain human sloppiness is what got most old-school hackers caught).
"Good news, everyone!"
No homo, at least in our lifetime.
I thought one of the big uses being touted for the upcoming new CPU-GPU processors like AMD's Fusion, is that they'll be able to do things like virus-checking concurrently on the side. Why not similarly try it for homomorphic encryption on the side, and then the computational complexity won't slow things down too badly.