Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Provide New Encryption Algorithm For the Healthcare Sector

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes: The healthcare sector gets a hand from Microsoft, who will release a new encryption algorithm which will allow developers to handle genomic data in encrypted format, without the need of decryption, and by doing so, minimizing security risks. The new algorithm is dubbed SEAL (Simple Encrypted Arithmetic Library) and is based on homomorphic encryption, which allows mathematical operations to be run on encrypted data, yielding the same results as if it would run on the cleartext version. Microsoft will create a new tool and offer it as a free download. They've also published the theoretical research. For now, the algorithm can handle only genomic data.

3 of 85 comments (clear)

  1. Don't Use This! by Anonymous Coward · · Score: 5, Funny

    It is based on homophobic encryption!

  2. Re:Initial Thought by CaptainJeff · · Score: 5, Informative

    Your initial thoughts are wrong.

    This is a type of encryption algorithm known as homomorphic encryption, which allows one to do operate on encrypted data without decrypting it.

    This has no bearing on the strength of the encryption against an adversary.

  3. Re:Initial Thought by tlhIngan · · Score: 5, Informative

    My initial thought was that if Math can be performed that produces the same results Encrypted vs Unencrypted, is that it isn't very well encrypted. My understanding is that the better encryption techniques approaches what looks like static (randomness).

    It's strong. Very strong.

    Problem is, there's a tradeoff in time/speed and operations you can do. There are general algorithms that let you do a wide variety of operations, but they are very slow - on the order of a million times slower than unencrypted.

    Faster algorithms usually restrict the operations you can do. on the data, and performance is almost equal that of unencrypted.

    Note that you don't simply say "I want to add these two numbers" , encrypt them, then just do a simple add - no, the operation after encryption may be a multiplication, or other operation.

    And this is actually very useful - because it lets you store critical data in the cloud, and perform manipulations of that data in the cloud, without the cloud provider having to have the encryption key. If the data is stolen, the hacker gets encrypted garbage.

    So the current operation is database - you put up an encrypted data in the cloud, and the cloud provider runs an encrypted database service. You can perform limited queries, and the cloud provider will return you the encrypted rows as encrypted blobs to you. You use the key (kept onsite for security), and marvel that you just did a transaction in the cloud, the cloud provider executed the operation, and you got back the rows that you wanted, and at no time other than on your PC was it ever in plaintext.

    You could be more fancy - say you want to add up a column - you tell the database server to add it up (encrypted), and the final result is sent back, as encrypted data. You use your key and get your answer.

    That's the primary use case for this sort of encryption. Do it right and even in house database can be completely encrypted. So stuff like health information and banking records will never be in plain text until you need it so breaches won't be as harmful.