Slashdot Mirror

← Back to Stories (view on slashdot.org)

MIT's Bitcoin-Inspired 'Enigma' Lets Computers Mine Encrypted Data

Posted by Soulskill on from the mine-your-own-business dept.

Guy Zyskind, Oz Nathan, and the MIT Media Lab have developed a system to encrypt data in a way that it can still be shared and used without being decrypted. "To keep track of who owns what data—and where any given data’s pieces have been distributed—Enigma stores that metadata in the bitcoin blockchain, the unforgeable record of messages copied to thousands of computers to prevent counterfeit and fraud in the bitcoin economy." Enigma needs a fairly large base of users to operate securely, so its creators have proposed requiring a fee for anyone who wants data processed in this way. That fee would then be split among the users doing the processing. Those with encrypted datasets on the Enigma network could also sell access to datamining operations without letting the miners see the unencrypted data.

46 comments

  1. 420 by Anonymous Coward · · Score: 1

    A similar system was used to create this planet.

    1. Re:420 by Anonymous Coward · · Score: 0

      A similar system was used to create this planet

      The system which was used to create the entire universe is many magnitudes higher in tranquil perfectness than the quantum computer which is under intense research nowadays

  2. Re: Cryptography is for cows. by Anonymous Coward · · Score: 3, Funny

    One less moo and you would have made first post.

  3. Hmm... by Anonymous Coward · · Score: 2, Informative

    Kind of confusing summary? If I'm reading the article correctly...

    They found a way to distribute a computationally expensive technique known as homomorphic encryption using some of the technology we already use with bitcoins. The homomorphic encryption technique itself allows you to perform calculations on/with encrypted data without ever decrypting it.

    1. Re:Hmm... by Anonymous Coward · · Score: 1

      Kind of confusing summary? If I'm reading the article correctly...

      They found a way to distribute a computationally expensive technique known as homomorphic encryption using some of the technology we already use with bitcoins. The homomorphic encryption technique itself allows you to perform calculations on/with encrypted data without ever decrypting it.

      So, it's an "encryption" technique by where you use data without ever decrypting it.

      And you thought the summary was confusing?

    2. Re:Hmm... by Lennie · · Score: 2

      Homomorphic encryption isn't new at all.

      It's just that we used to think it's uselessly slow. I believe it was in the millions times slower than a normal application without this kind of encryption.

      But in more recent years people have been able to build practical systems with it by mixing different kinds and more specialized forms of encryption:
      https://www.youtube.com/watch?...

      There are companies that also build products: Cloud Encryption Gateways

      But I doubt that really solves the problem, if the application gets an update the proxy will probably start to leak data.

      --
      New things are always on the horizon
    3. Re:Hmm... by Anonymous Coward · · Score: 0

      Yeah, no idea how it actually works, clearly there's maths and wizards involved.

      One other thing I wasn't sure of is whether or not they solved the problem of malleability mentioned in the Wikipedia link for the technique (https://en.wikipedia.org/wiki/Homomorphic_encryption).

      Lets say I was a bank with two customers and I want to transfer some money from one to another.

      Customer A: encrypted($100 bank balance)
      Customer B: encrypted($100 bank balance)
      Transaction: transfer( encrypted($50) ) from B to A

      If I don't know each customers bank balance and the amount being transferred is also encrypted (for the customers privacy). How can I know if the distributed transfer action was completed appropriately by the person it was distributed to? What if they accidentally (or maliciously) performed the transfer twice - unless I perform the transaction myself or decrypt the bank balances before and after I can't know can I? But then, if I have performed the transaction myself why distribute it? Likewise if I have to decrypt the balances to be sure a transaction was completed appropriately, why encrypt them in the first place... :/

    4. Re:Hmm... by Actually,+I+do+RTFA · · Score: 1

      How can homomorphic encryption ever work on integer math? It's easy to acquire "1" (X/X) and therefore "N" (1 + 1 + 1 ... etc).

      --
      Your ad here. Ask me how!
  4. That's not what the blockchain is for by michelcolman · · Score: 5, Interesting

    The blockchain is already close to 40 GB in size, and now people want to store all sorts of other data (or metadata) in it. I can see this getting out of hand rather quickly.

    Miners won't be able to store the entire chain anymore, so only a few archival nodes will still have it. Just how secure and accessible will your metadata be then?

    1. Re:That's not what the blockchain is for by Anonymous Coward · · Score: 0

      The blockchain is already close to 40 GB in size, and now people want to store all sorts of other data (or metadata) in it. I can see this getting out of hand rather quickly.

      Miners won't be able to store the entire chain anymore, so only a few archival nodes will still have it. Just how secure and accessible will your metadata be then?

      And how much larger will it end up growing without interventions like this?

      With the blockchain the size that it is, it makes me question if it's even being used "properly" today. 40GB is already out of hand.

    2. Re:That's not what the blockchain is for by SLi · · Score: 4, Insightful

      Then configure your miners to not accept these transactions.

      Essentially the blockchain is exactly this: A way to record information in an unforgeable way, for a fee to the miner. Bitcoin works, and the only way it can work, is by being a system that behaves in a desired way when each player maximizes their own benefit. (To a small extent this can be affected in a centralized fashion because the community can develop the reference implementation to a desired direction, but that may or may not turn to be anathema and may or may not be a powerful enough tool.)

      True, blockchain bloat causes problems, and it's a limited resource. The bitcoin solution is to sell the space to the highest bidder, because generally that maximizes the seller's benefit. In a sense, someone saying "that's not what the blockchain is for" is very similar to someone complaining that people are using lithium to make these stupid batteries, driving its price up, and "that's not what lithium is for".

      Whether Bitcoin can survive all the technical challenges in the long term is not at all obvious. For all we know, it might be that the entire model is game-theoretically self-destructive if analyzed thoroughly enough. In fact, it has provided quite a few surprises where the incentives have turned out to be something different than anticipated, causing weird scenarios where e.g. in some situations it's advantageous for a miner to not immediately report a found block. So far none of these have been such that they would cause a death spiral, but that's far from a given. (Arvind Narayanan's blog posts on the topic are quite insightful; you might want to start from https://freedom-to-tinker.com/...).

    3. Re:That's not what the blockchain is for by bill_mcgonigle · · Score: 1

      The bitcoin solution is to sell the space to the highest bidder

      'A', not 'the'. Sidechains are a much better bitcoin approach (the blockchain need only record the entry and exit points). Marc Andresson's company has been working on just this for a year or more.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    4. Re:That's not what the blockchain is for by delt0r · · Score: 1

      I have 10T of personal disk space right now at home for nothing more than the crap i can't be bothered deleting. How is 40GB even considered a lot? Do you think visa transaction history fits in 40GB?

      --
      If information wants to be free, why does my internet connection cost so much?
  5. What's the next project? by circletimessquare · · Score: 3, Informative

    Ultra?

    I'm joking of course but considering the historical significance of the name Enigma as a cypher that was spectacularly hacked to divulge crucial war secrets, it might not have been the best PR to call their project that name.

    Rename.

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:What's the next project? by Anonymous Coward · · Score: 0

      Suggested rename:

      Enigma (tm).

      Then the courts will order all prior use of the word, at least as applied to cryptographic techniques, removed from the record. Profit!

    2. Re:What's the next project? by guruevi · · Score: 1

      Some Engima messages have thus far been undecrypted. Enigma was an awesome encryption tool and in theory (especially at the time) unhackable. The issue came in, as most/all encryption systems are vulnerable to the famous PEBKAC. A device was stolen/recovered by the allies allowing for the discovery of it's mechanism which was based around a one-time-pad rotating ciphers every so often (it would be similar to getting your hands on the source code of the algorithm of more modern encryptions and the rotating key was a frequently changing 'private key'). Later on, code books were stolen/recovered as well which were not/improperly destructed (similar to getting your hands on the set of private keys). Substantiating those compromises were the fact that some officers used the same key over and over opening the door to linguistic analysis. Later on, versions of Enigma machines had rotators removed in order to cut costs.

      The problems wasn't with the tool but with the PHB's in charge (much like current encryption systems).

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    3. Re:What's the next project? by circletimessquare · · Score: 1

      you can't claim a system is excellent while at the same time enumerating its major failures. of course an inside man or inside knowledge can do major damage to any system, but a truly robust system would safeguard against user carelessness and there would be ways to identify sabotage or major breaches and adjust around the damage. enigma was a brittle system where all of the failures you list were inevitable and foreseeable. and no plans, or weak late plans, were made for the inevitable and foreseeable

      --
      intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    4. Re:What's the next project? by Anonymous Coward · · Score: 0

      You need to re-learn your history. The only reason Enigma (the cypher) was cracked was because some dumbass broke the #1 rule in cryptography: never use the same key twice! Enigma was and is so powerful that it was still largely classified until the 1970's.

    5. Re:What's the next project? by circletimessquare · · Score: 1

      if enigma was such a great system, it would have protected from or gracefully readjusted after such an obvious and easily foreseeable failure. that no one foresaw such an obvious failure or didn't have any contingency for the fucking obvious simply means that enigma was extremely brittle and therefore a weak system

      and even though it was broken, the breaking remained classified *exactly because* the brittle weak system could be sold to countries that uk, usa wanted to spy on easily. so yes: you need to re-learn your history, moron

      --
      intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    6. Re:What's the next project? by guruevi · · Score: 1

      But that is the case with any security project. You cannot keep the stupid from doing stupid things and they're the weakest link. Only by removing THEM do you remove the threats to any security system.

      If your private keys are compromised, would you keep using them? Some in this world think it would be acceptable simply because the cost of replacement ($25-150 for a new certificate). Eventually the PHB's take over a perfectly working project and cause it to be declared insecure.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    7. Re:What's the next project? by circletimessquare · · Score: 1

      there's identifying and knowing your weaknesses, planning for them, and failing over swiftly and gracefully

      then there's not doing a damn thing about the weaknesses, and using the same damn set up forever

      also, we're not talking about exchanging product keys for cracked software. we're talking about a system used in a wold war where thousands of lives and the prestige of nations depended upon a good implementation plan

      --
      intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  6. I'd always just assumed. by Anonymous Coward · · Score: 0

    I'd always just assumed Bitcoin was doing the same thing. I mean they are sitting on what is effectively the largest distributed processing network of all time. So it just seemed logical that someone somewhere was using all that raw processing power to do .... ya know .... a thing? Still seems counter intuitive to me to think that they aren't tho maybe that is just the tinfoil talking :P

  7. Didn't you notice the latest drama in bitcoinland? by Anonymous Coward · · Score: 1

    It's not too difficult to put an upper bound on the growth under the current rules. There is a block size cap and a target block generation rate, which is kept to over the long run. Six blocks per hour, one megabyte each, makes for about 51 GB added per year, tops.

    Now for the obligatory drama: There's this guy that thinks one megabyte isn't enough and keeps on pretending he can manufacture "concencus" for his plans to enlarge the maximum block size to twentyfold the current limit and then double it every year, making for exponential maximum block size growth. He's a "core committer" and believes he only needs to --and still can-- convince his fellow half a dozen or so core committers, when lots of people in the wider community already burned the idea down to cinders, repeatedly.

    Nevermind the arguments why: The current 40 GB came to be under a cap of at most one megabyte added to the blockchain every ten minutes. If 40GB is too rich for you already, under a 1 MB per 10 mins cap, then a 20 MB cap certainly is, and a doubling of the cap every year even moreso.

  8. data-mining encrypted data? by mornfall · · Score: 1

    The proposed applications are rather incoherent. Claiming that something is 'encrypted' while it is also possible to data-mine is nonsense. A real homomorphic encryption scheme would only allow the owner of the encrypted data (i.e. the party that knows the encryption key) to decrypt the results, definitely not some third party. How these folks make the leap from 'homomorphic encryption' (which they don't even have) to 'secure, privacy-preserving data mining' is less than clear. I call BS.

    1. Re:data-mining encrypted data? by Anonymous Coward · · Score: 0

      What's nonsense is your knowledge about the field cryptography.

      You sound like one of those idiots from back in the day making fun of Einstein for his crazy ideas about "curved" "spacetime". You know what? You just don't know what you're talking about.

    2. Re:data-mining encrypted data? by WOOFYGOOFY · · Score: 2

      Sorry, but this time you're just wrong without stipulation. The whole point of homomorphic encryption and computation is the computor never has the key and the data is never decrypted. It remains encrypted throughout the computation.

      They are doing this and then they're also doing a second thing, distributing the computation which is an ortho. concern to the homomorphic encryption and computation, in theory at least, if not in this implementation.

      Homomorphic encryption is counter-intutitve to most of us. I had never heard about it until a few months ago. At first glance, it seems like a thing that can't be true; like relativity.

    3. Re:data-mining encrypted data? by ACE209 · · Score: 1

      I think the original poster meant that doing operations on encrypted data is something else than data-mining.

      For data-mining you need to know the data. But the point here is that actually the one doing the operations does never see the results.

      How can you data-mine that?

      --
      "we are all atheists about most of the gods that societies have ever believed in. Some of us just go one god further."
    4. Re:data-mining encrypted data? by WOOFYGOOFY · · Score: 1

      Datamining is just a computation, an arbitrary computation. It has input value(s) and an algorithm which depends on computed intermediate values and finally an output(s). There is nothing special about the data that datamining works on which differentiates it from any other kind of data within that framework I described. This is the wonder of homomorphic encryption. It DOES let you do aribitrary computation without decrypting the data.

      That's not the same as doing arbitrary computation on data whose general semantics you are totally ignorant of. Is it numeric data? Is it text processing? What is its format. Sure, you have to know that level of detail but that's like saying "this string is a pssword". Does it get you any closer to knowing what that specific encrypted password is? It does not.

    5. Re:data-mining encrypted data? by guruevi · · Score: 1

      Perhaps they meant that the data is available but it's origin isn't. So you can safely publish your customer data for analysis because (in theory) the data source is anonymized.

      Homomorphic encryption is a pipe dream thus far.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    6. Re:data-mining encrypted data? by ACE209 · · Score: 1

      Still can't wrap my head around that.

      The one applying the data-mining computations will still not see the result, because it is still encrypted.

      or can you do some forms of statistical analysis on the encrypted data, which gets unencrypted results?

      --
      "we are all atheists about most of the gods that societies have ever believed in. Some of us just go one god further."
  9. Re:Didn't you notice the latest drama in bitcoinla by codebonobo · · Score: 1

    Nevermind the arguments why: The current 40 GB came to be under a cap of at most one megabyte added to the blockchain every ten minutes. If 40GB is too rich for you already, under a 1 MB per 10 mins cap, then a 20 MB cap certainly is, and a doubling of the cap every year even moreso.

    BIP 100 and 101 request no such change as you are representing. The limit will likely be raised to 8MB in the final revision of the proposals and this is more of a temporary measure to allow more time to test for sidechains and interpayment channels like the lightning network - https://lightning.network/ligh... which allow bitcoin to scale to VISA level tps without bloating the blockchain.

    Additionally, remember that merkle tree pruning has already been merged in as of 4/24 which allows for full nodes with only 1.3 GB of storage.

  10. DOS attack by Anonymous Coward · · Score: 0

    It looks to me like MIT is engaged in a DDOS attack on the bitcoin blockchain.

    1. Re:DOS attack by Anonymous Coward · · Score: 0

      So you're saying they're doing something useful for a change?

  11. Is bitcoin sustainable? by doug141 · · Score: 3, Insightful

    Bitcoin already uses 5000 times the energy visa does to record a financial single transaction. If parasites learn to use the bitcoin network for their own computations, that will get even worse.
    http://motherboard.vice.com/re...

    1. Re: Is bitcoin sustainable? by Esteanil · · Score: 1

      Mod parent up

      --
      I'm a dreamer, the world is my playpen. But hey, I'm a serious person, I can't dream all the time.
    2. Re:Is bitcoin sustainable? by Anonymous Coward · · Score: 0

      Yet they manage to do so for a fraction of the cost that visa charges.

    3. Re:Is bitcoin sustainable? by Anonymous Coward · · Score: 0

      I wonder if vice included the energy cost of reporting every transaction to the government and making sure only approved people can use the network in their visa budget?

    4. Re:Is bitcoin sustainable? by codebonobo · · Score: 1

      Bitcoin already uses 5000 times the energy visa does to record a financial single transaction. If parasites learn to use the bitcoin network for their own computations, that will get even worse. http://motherboard.vice.com/re...

      The cited study is flawed as it doesn't account for the massive investment in call centers, offices, employees, auditors, and regulators that are needed to sustain the VISA payment rails network and the massive energy use and environmental impact those variables demand.

    5. Re:Is bitcoin sustainable? by doug141 · · Score: 1

      The cited study is flawed as it doesn't account for the massive investment in call centers, offices, employees, auditors, and regulators that are needed to sustain the VISA payment rails network and the massive energy use and environmental impact those variables demand.

      That is insightful.

    6. Re:Is bitcoin sustainable? by Anonymous Coward · · Score: 0

      This article has been debunked from vice already.

    7. Re:Is bitcoin sustainable? by WOOFYGOOFY · · Score: 1

      Yeah but your counter argument doesn't account for the sheer scale of what VISA and the banking system do compared to Bitcoin. OK the banking system uses more electricity, but what is the amortized cost on a per transaction basis? That's the question. Accoring to TFA the answer is VISA is HUGELY more environmentally friendly and cost effective than Bitcoin and, and this is the point, always will be because by design Bitcoin makes it harder to obtain coins depending on how much processing power (energy) is being expended to obtain those coins at any given time.

      http://motherboard.vice.com/re...

      If all bitcoin machines went solar however, then we might have a different outcome. The practicalities of that, given that Bitcoin assumes distribution of computing power, are not in Bitcoin's favor either.

    8. Re:Is bitcoin sustainable? by codebonobo · · Score: 1

      That is insightful.

      Thank you. Despite bitcoin being more efficient than traditional payment rails networks, there is some truth to what the article you mention is possibly alluding to. Decentralized network security is indeed expensive and much more costly than a few shared database ledgers. This is especially true for bitcoin at the moment with only 118k transactions per day and the massive overhead being spent to secure those transactions. There are two important reasons for this one must consider:

      1) Bitcoin having a market cap of 3.7 billion and having immutable transactions needs to be extra vigilant on protecting the network and ledger from attacks whether coming from gangs of hackers or governments. There are some fixed costs here that are needed to superseded the hashpower of an attack and that once a certain level is reached the network will scale more cheaply.

      2) Bitcoin primarily uses PoW(proof of work) as a security mechanism but other protocols are being layered upon it like sidechains and payment channels (lightning network) which dont require more hashing done by ASICs and add other security mechanisms like mutisig and ricardian contracts to add different layers of security which supplement bitcoin and allow it to scale past VISA in transactions per second while not adding blockchain bloat or more wasteful energy use.

    9. Re:Is bitcoin sustainable? by codebonobo · · Score: 1

      Yeah but your counter argument doesn't account for the sheer scale of what VISA and the banking system do compared to Bitcoin. OK the banking system uses more electricity, but what is the amortized cost on a per transaction basis? That's the question. Accoring to TFA the answer is VISA is HUGELY more environmentally friendly and cost effective than Bitcoin and, and this is the point, always will be because by design Bitcoin makes it harder to obtain coins depending on how much processing power (energy) is being expended to obtain those coins at any given time.

      http://motherboard.vice.com/re...

      If all bitcoin machines went solar however, then we might have a different outcome. The practicalities of that, given that Bitcoin assumes distribution of computing power, are not in Bitcoin's favor either.

      Proof of work through ASICs is a very good security mechanism as attackers must spend real money on machines and electricty to attack the network and create 2-3 double spends before being caught and shutdown, but not the only method.

      Already there are inter-channel payment protocols (https://lightning.network/lightning-network-paper-DRAFT-0.5.pdf and http://impulse.is/impulse.pdf are two examples among many) and off the chain transactions (Coinbase/circle/changetip are a few examples where there is no fee and wildly used). Right now there is ~118k transactions per day - https://blockchain.info/charts... but in reality the number of bitcoin transactions per day is much much higher as those numbers represent on the chain transactions. with the lighting network Bitcoin will be able to scale to higher levels of transactions per day than VISA , and without having to similarity increase the amount of ASIC's because those payment channels use multisig and ricardian contracts to secure while being ultimately backed up by PoW on the main chain.

      Additionally, be aware that wasted electricity will start to be recycled as heaters(Whether hot water or space heaters). I already have some friends doing this to save on their heating bills and make money at the same time.

  12. From the whitepaper... by WOOFYGOOFY · · Score: 1

    "..on different nodes, and
    they compute functions together without leaking information to other nodes. Specifically, no single
    party ever has access to data in its entirety; instead, every party has a meaningless (i.e., seemingly
    random) piece of it."

    Because there is no Naurus node in ay ATT room anywhere sucking up all internet traffic, duplicating it and sending it off to the NSA before sending it to its intended destination.

    Don't get me wrong; the blockchain is fascinating and makes possible very interesting applications with far reaching societal implications. My own opinion is much blockchain applications will overshadow even the IoT in terms of revolutionary effect on society. Irrefutable verifiability is like a philosopher's dream.

    But anything operating under the assumption that there is no entity that "has access to all of X" is just wrong out of the box, which is not to say it's useless out of the box or uninteresting, just wrong on that *very* significant detail