Slashdot Mirror
Microsoft To Provide New Encryption Algorithm For the Healthcare Sector
An anonymous reader writes: The healthcare sector gets a hand from Microsoft, who will release a new encryption algorithm which will allow developers to handle genomic data in encrypted format, without the need of decryption, and by doing so, minimizing security risks. The new algorithm is dubbed SEAL (Simple Encrypted Arithmetic Library) and is based on homomorphic encryption, which allows mathematical operations to be run on encrypted data, yielding the same results as if it would run on the cleartext version. Microsoft will create a new tool and offer it as a free download. They've also published the theoretical research. For now, the algorithm can handle only genomic data.
Your initial thoughts are wrong.
This is a type of encryption algorithm known as homomorphic encryption, which allows one to do operate on encrypted data without decrypting it.
This has no bearing on the strength of the encryption against an adversary.
It's strong. Very strong.
Problem is, there's a tradeoff in time/speed and operations you can do. There are general algorithms that let you do a wide variety of operations, but they are very slow - on the order of a million times slower than unencrypted.
Faster algorithms usually restrict the operations you can do. on the data, and performance is almost equal that of unencrypted.
Note that you don't simply say "I want to add these two numbers" , encrypt them, then just do a simple add - no, the operation after encryption may be a multiplication, or other operation.
And this is actually very useful - because it lets you store critical data in the cloud, and perform manipulations of that data in the cloud, without the cloud provider having to have the encryption key. If the data is stolen, the hacker gets encrypted garbage.
So the current operation is database - you put up an encrypted data in the cloud, and the cloud provider runs an encrypted database service. You can perform limited queries, and the cloud provider will return you the encrypted rows as encrypted blobs to you. You use the key (kept onsite for security), and marvel that you just did a transaction in the cloud, the cloud provider executed the operation, and you got back the rows that you wanted, and at no time other than on your PC was it ever in plaintext.
You could be more fancy - say you want to add up a column - you tell the database server to add it up (encrypted), and the final result is sent back, as encrypted data. You use your key and get your answer.
That's the primary use case for this sort of encryption. Do it right and even in house database can be completely encrypted. So stuff like health information and banking records will never be in plain text until you need it so breaches won't be as harmful.
You fundamentally don't understand homomorphic encryption.
The results you get are encrypted results. You can't fish with them.
In your example, ABC runs the tests, and gets encrypted results. These are useful only to the person who has the key to understand Joe's DNA in the first place.
What this allows is the people who process data to not always have to be the same people who have the data. So if you build a server that does really hard math on DNA results, you can be given the encrypted data, perform your math on the encrypted data, and hand back the encrypted result. You never understand the data.
"SEAL" is the name of a patented cipher from 1994.
Let me introduce you to my new encryption algorithm, Alien Encoding System (AES). Because that won't conflict at all with existing ciphers...
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Ever seen it used that way? Seriously?
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Or, more importantly, you can take your encrypted data and smash out the results on AWS infrastructure that you've rented and retrieve the results without ever having compromised the privacy of the individual to whom the data belongs.