IBM Releases Fully Homomorphic Encryption Toolkit For iOS and MacOS (zdnet.com) 46
New submitter IBMResearch shares a report from ZDNet: IBM's new toolkit aims to give developers easier access to fully homomorphic encryption (FHE), a nascent technology with significant promise for a number of security use cases. "Today, files are often encrypted in transit and at rest but decrypted while in use, creating a security vulnerability," reports ZDNet. "This often compels organizations to make trade-offs and go through long vetting processes in order to ensure they can keep their valuable data protected while still gaining some value out of it. FHE aims to resolve that issue."
"While the technology holds great potential, it does require a significant shift in the security paradigm," the report adds. "Typically, inside the business logic of an application, data remains decrypted, [Flavio Bergamaschi, FHE pioneer and IBM Researcher] explained. But with the implementation of FHE, that's no longer the case -- meaning some functions and operations will change."
The toolkit is available today in GitHub for MacOS and iOS, and it will soon be available for Linux and Android.
"While the technology holds great potential, it does require a significant shift in the security paradigm," the report adds. "Typically, inside the business logic of an application, data remains decrypted, [Flavio Bergamaschi, FHE pioneer and IBM Researcher] explained. But with the implementation of FHE, that's no longer the case -- meaning some functions and operations will change."
The toolkit is available today in GitHub for MacOS and iOS, and it will soon be available for Linux and Android.
Re: (Score:2)
I read it as homeopathic and was wondering how they planned to co-opt the term.
Re:Fully Homomorphic (Score:4, Funny)
Homepathic encryption is what people mostly use already.
Re: (Score:2)
Re: (Score:3)
I think it involves secret hand signals.
With one hand I make a circle with my thumb and index finger. With the other hand I insert my pinky finger into the circle repeatedly.
See, slight variation on the original symbol, but the meaning is clear!
This means loan me 20 dollars.
Re: (Score:2)
Actually, it involves hankies [wikipedia.org].
Re: Fully Homomorphic (Score:1)
Very simple: It encrypts your data into a sequence of different redneck misspellings of the word "faggot". :D
Re: Fully Homomorphic (Score:1)
Re: (Score:2)
Re: (Score:2)
Isn't Homermorphic where you turn into a Simpson's character?
Re: (Score:3)
Re: (Score:2)
Well without a car analogy, I'm completely lost.
Re: (Score:3, Informative)
Uh oh (Score:2)
I predict there will be a shitload of "oopsie I forgot" moments if this ever enters mainstream use.
Speed is the question (Score:3)
Cracking the base problem was an impressive feat, but the question now is how long actually a multiplication, an exponentiation or a comparison takes. (Linear operations are usually not a problem, if I remember the details correctly.)
Re: (Score:1)
The individual operations are fast, the issue before was that your noise parameter got big too fast.
Yes, I'm the guy who's been posting about this shit (the ONLY one posting about this shit, it seems) for the past 10+ years. I'm glad Slashdot finally ponied up an article about it...
Re: (Score:1)
Re: (Score:2)
Thanks.
Do I see this right that it is "limited" to any operation based on binary circuits? (I did some research in secure multi-party computations wayyyy back and have not kept up with things.)
Also, does the noise limit circuit depth or can this do arbitrary depth computations?
Also, the security sucks (Score:2)
Over the last 20 years or so, cryptographers have developed crypto systems which can be mathematically proven to be secure. There are various definitions of "secure", and we can prove that a crypto system is or is not secure to given degree, a given definition.
Contrast this with the earlier practice of hoping that nobody figures out how to attack it. Now, we can prove there is no attack possible, under appropriate definitions.
Because homomorphic encryption is by its nature "malleable", not only is it lackin
Re: (Score:2)
Oh really. Here ya go, compute this addition:
https://pastebin.com/cq93aFrP [pastebin.com]
Take your time. I'll wait.
Re: (Score:2)
You are unable to do addition and you're calling ME stupid?
You said you could, so go ahead. I'll give you a hint - it's two single-digit numbers. Come on, smarty, you can add two single digit numbers, can't you?
Here's the thing. There are surely topics you know a lot about. You might wnjoy talking about those topics, and listening and learning about topics you don't know about. When you PRETEND to know everything about a topic that you only kinda heard about once, then someone will call your bluff like I
Re: (Score:3)
According to Wikipedia ( https://en.wikipedia.org/wiki/... [wikipedia.org] ), unpadded RSA has the property C(x)*C(y) = C(x*y). I think is not exploitable with your scheme because you need it to be homomorphic for the inverse operation as well, i.e. division.
Regarding your challenge, I say the sum is 9. I did the addition and decrypted it as well. :-)
You used padded RSA; otherwise we could calculate the encrypted product of the (ascii values of) the digits. RSA implementation use padding specifically to address that weakn
Re: (Score:2)
> Regarding your challenge, I say the sum is 9.
Sorry, nope. :)
That is almost true if don't pad - you always pad.
The bit you left off is the mod. Since the exponent is often 3, that definitely matters. The exponent should be 3, 5, 17, 257 or 65537.
Re: (Score:2)
Sorry, nope. :)
It was worth the try. :) Food for thought: the probability distirbution of numbers picked by a human that anticipates educated guesses by an adversarial.
The bit you left off is the mod. Since the exponent is often 3, that definitely matters. The exponent should be 3, 5, 17, 257 or 65537.
My understanding of cryptography is rather limited, but I don't see any such disclaimers (related to homomorphicity) on either the Wikipedia RSA [wikipedia.org] or FHC [wikipedia.org] articles. I only read that the RSA weaknesses are mainly for small messages, where the threshold of 'small' depends on the exponent.
In your original argument a few posts up, you wrote C(x)+y=C(z); did you
Re: (Score:2)
> My understanding of cryptography is rather limited, but I don't see any such disclaimers
That it's mod, or that particular exponents are better?
Wikipedia shows the mod. I bet you can figure out why "2" would be really bad choice of exponent. From that, you can probably see why even numbers are a bad idea. Then you'll see that for the same reason, squares are weak. Etc. Start with 2 as the exponent and see what attack you can come up with.
> C(x)+y=C(z); did you intend to write that and not someth
Re: (Score:2)
That it's mod, or that particular exponents are better?
I'm confused. I think our conversation went like this:
ac: RSA is actually homomorphic.
rm: show it! Here is my C(x) and C(y) for RSA, give me C(x+y).
h: Wikipedia says that unpadded RSA has the property C(x)*C(y)=C(x*y), so if you used that RSA flavor we could do the multiplication version of your challenge.
rm: The bit you left off is the mod. Since the exponent is often 3, that definitely matters.
h: I don't see how the homomorphic property only applies to a particular choice of exponents.
rm: It's obvious tha
Re: (Score:2)
Thanks for clearing that up. There are a few different sub threads going here.
h: Wikipedia says that unpadded RSA has the property C(x)*C(y)=C(x*y)
What Wipedia says correctly is that unpadded RSA over a multiplicative integer group has the property:
C(x) mod e * C(y) mod e =C(x*y) mod e
In actual usage, e is often 3.
mod n (Score:2)
I shouldn't have typed that in a hurry at a stoplight. It's mod n, not mod e.
Anyway, you'll find you cannot in fact do homomorphic addition in even if you remove the padding from RSA over an integer group. You can do modular multiplication.
Re: (Score:3)
Re: (Score:2)
The expected use case for homomorphic encryption shouldn't provide either of those features.
In other words, it can be perfectly secure as long as you don't try to apply it to any real-world problem.
Not having access to simple math limits the possible applications considerably. Can you name a sample 'expected use case' that makes sense under such constraints?
Plus and minus are invertible (Score:2)
> Your example assumes operator invertibility and privileges to execute that invertible computation
The expected use case is performing the same types of operations you'd perform on any data base. Operations like addition. Addition is invertible.
> and privileges to execute that invertible computation against the encrypted material
The most talked-about use case is cloud computing, with the idea that the encryption prevents the cloud provider from reding your data. Or, any hacker in the cloud environme
"mathematically proves" (Score:1)
Yeah, but math is always based on themselves unproven axioms. So in actual reality, it isn't "proven" at all, unless science comes in, and gets you your six sigma statistical reliabiliy of observations *following* your prediction there!
Which is what Gödel's uncompleteness theorem was all about.
Re: (Score:2)
GÃdel's uncompleteness theorem says there are things which are true and cannot be proven. It does NOT say "nothing can be proven". It says that at least one thing cannot be proven.
As for science, science is concerned with what physical objects do in the real world. 1+0=1 doesn't HAVE to correspond to anything in the real world. There are no physical objects in the world involved with that statement. Plus is DEFINED for that to be true. That is, the definition of the symbol "+" is such that x + 0 = x
Re: (Score:2)
Ps there is a way "around" Godel. Nothing is Godel's theorem stops you from defining a system in which the unprovable statement is something like:
1=1
In such a system, we can prove anything else in the system, but we can never prove that 1=1. Yet, we can look at 1=1 and say "duh, yeah obviously that's true". :)
They wrote a movie about subverting homomorphism (Score:2)
It involved a guy who was on the run from federal law enforcement for siphoning money from Richard Nixon's checking account. He was asked to recover a device which could decrypt any encryption algorithm. Even the Russians were involved [imdb.com]. In the end, it was all about who controls the information. Very prescient.
Re: (Score:2)
Re: They wrote a movie about subverting homomorphi (Score:1)
It's a mechanical Turk that sends off people on the backend, to recover the code books. :D
So... (Score:2)
Everything is encrypted, all the time, but readable at the same time?
Weird, or I have been taking in too much Corona.
Re: So... (Score:2)
It means that you can perform certain operations on the data, without being able to know what the starting value is. The simplest example is addition/subtraction, and there is a trivial example of a system like this:
Imagine a database that has two columns: name and balance. In a homomorphic system the name column would be encrypted, but the balance would not start with 0, but rather would start with a value derived from the name column.
So users without the ability to decrypt the name column would still be a
Nwo plot to turn our youth gay (Score:2)
Someone tell Alex Jones! Keep your homo off my ipad!
Well, if they don't at least offer ... (Score:2)
... a fully heteromorphic encryption toolkit for iOS and MacOS, they'll lose the Christian IT community.
It's homophobic! (Score:2)
Awaiting a Twitter storm of outrage about homomorphism in 3...2...1