Slashdot Mirror
New Encryption Scheme Could Protect Your Genome
sciencehabit writes "As the cost of genetic sequencing plummets, experts believe our genomes will help doctors detect diseases and save lives. But not all of us are comfortable releasing our biological blueprints into the world. Now cryptologists are perfecting a new privacy tool that turns genetic information into a secure yet functional format. Called homomorphic encryption, the method could help keep genomes private even as genetic testing shifts to cheap online cloud services."
This isn't new, although the application with gene sequencing might be.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
If I were not constantly releasing millions of copies of my DNA in the form of dead skin cells everywhere I go. Either my cells need to also adopt this encryption standard, or I need a lifestyle where I am completely self sufficient (including my waste disposal), never having to leave my home.
Even then, a gust of wind while I am in the backyard might be all that is required one day for someone's reader to catch my DNA and run a simulation to match with facial recognition.
Sdelat' Ameriku velikoy Snova!
Hi. I'm a theoretical cryptographer.
Encryption can be broken,
Some implementations have been broken. Encryption itself is generally fine (as long as you go with well-studied, standardized methods). There is a point that encryption is always subject to real-world factors, but the most common libraries are pretty good. Whenever you read about a data breach in the news, it's not because encryption was broken--something else went wrong (and, frequently, exposed data that wasn't encrypted in the first place).
especially the kind that exposes useful information about the plaintext as this one does.
Homomorphic encryption does not expose useful information about the plaintext, although the article doesn't make that clear. You start with an encrypted input, perform an operation, and get an encrypted output. Only the person with the key--who is not the person performing the computation--can decrypt the result.
There is a somewhat-related but distinct concept, called "functional encryption", in which one can distribute a key associated with a function f. That key allows a user to take an encryption of x and obtain f(x)--but nothing else about x other than f(x), where "nothing else" has a mathematical formalization. So you could (conceptually) encrypt your entire medical record and give your doctor a key for the function that calculates the probability that you'll have a heart attack in the next five years. Then they'll be able to calculate that probability, but nothing else about you.
A much simpler alternative is to keep your genetic information in your own control, processing it on your own computer with open source software. You know, just what we already do with other sensitive information like passwords.
This I agree with, in an ideal world. Will we be living in such a world, 5, 10, or 20 years down the line? I don't know. Right now, the trends are largely in outsourcing everything--more and more, your data and computation live on the cloud. For medical information, your doctor doesn't do all the tests himself--he outsources them to a lab. For genetic information, 23andMe doesn't sell software that lets you analyze your own genetic markers--they take your information and perform the analysis on it themselves. So these trends will need to change before the above takes place.
It would be great to keep one's own data and get all the various analysis tools via FOSS. But someone needs to write and distribute those tools--as well as make it feasible to obtain one's own data in the first place (I don't know about you, but I don't have an MRI machine in my house). So until that world exists, homomorphic encryption is a potentially useful tool in this area.
[It also has uses beyond securely outsourcing computation, but that's somewhat off-topic.]
Right, because I have the knowledge and equipment to sequence my own DNA make sense of the results.
Sure, encryption can be broken, and I don't know how far I'd trust IBMs 1st-generation homomorphic encryption, much less this "streamlined, high performance" version adapted by medical researchers, but it's a hell of a lot better than nothing.
Also, while I'm not an encryption expert, it sounds like homomorphic encryption doesn't actually expose useful information (at least not intentionally, I'm sure it opens up some new attack vectors, everything does). Encrypt A to get B. Apply operations f(B) to get C, decrypt C to get f(A). C is still encrypted gibberish.
So, assuming it's possible to do public/private key homomorphic encryption, my doctor could send a sample for sequencing along with a public key. DNA gets sequenced and encrypted (ideally both on the same non-networked hardware so that the plaintext data is never accessible to anyone), and the encrypted sequence is sent back to my doctor, archived in a public database, whatever.. Doc can then send it to a third-party DNA analysis firm in Nigeria, who perform all manner of analysis on it and send the reams of gibberish test results back. He then calls me in, the only holder of the private key, and I can then decrypt the results on my secure, open-source computer and present them for his interpretation and advice.
--- Most topics have many sides worth arguing, allow me to take one opposite you.