News IBM develops crypto-peeking tech

[CardJoe]

http://www.bit-tech.net/news/bits/20...peeking-tech/1

An IBM researcher has cracked the problem of processing private data with a technique for working with encrypted data without ever having access to the unencrypted versions.

[mclean007]

Quote:

Does the thought that systems can peek inside your encrypted data stores without your knowledge give you the heebie-jeebies

Surely the whole point is they CAN'T - this is about a technology that allows the manipulation of encrypted data without decryption. At the most basic level, this might involve an encryption system that preserves the ordinality of numbers - so E(3) (the result of encrypting the number 3) is less than E(5), E(10) < E(20) etc., and for any x < y, E(x) < E(y). That way you could sort encrypted data without decrypting it.

As a simple example, you could do this with a very simple but very weak encryption algorithm and very poor data efficiency (encrypted files would be larger than plaintext) - pick a large number as your key (k). Then to encrypt, E(x) = x * k + a random integer between 0 and (k-1). Because an attacker doesn't know k, he can't decrypt. The use of the random number prevents an attacker deducing k by factoring E(x). To decrypt, just round down E(x)/k to give an integer, x. This is flawed because the encryption is ludicrously weak, and also because if you encrypt two equal plaintexts there is no way to predict which will give a higher value after encryption, so sorting would not preserve the order of equal values, but it is an illustration.

I don't know what sort of operations you'd want to perform on encrypted data, but I guess sorting might be one of them. Addition and subtraction might be another. In any event, it will entail a different encryption algorithm to the usual suspects (RSA, AES etc.).

I look forward to reading about this in more detail.

[mjm25]

^ wow. not sure i understood more than 30 percent of that

[_DTM2000_]

“enabling a layperson to perform flawless neurosurgery while blindfolded, and without later remembering the episode”

Hmm, sounds like an episode of Dollhouse.

[B1GBUD]

Quote:

Originally Posted by mjm25

^ wow. not sure i understood more than 30 percent of that

Agreed, now my head hurts.... thanks

[mclean007]

Sorry, I tend not to explain myself very well! Basically the idea is to allow some (presumably fairly basic) manipulation of encrypted data without needing to decrypt it and re-encrypt it. I'm sure it has applications, not sure exactly what!

[Jenny_Y8S]

Very sceptical of the security within this one. Searching is one area where encryption is a barrier to function and for good reason.

I build fundraising systems for some of the big name charities and you have to be clever to work around the FACT!! that you cannot search within encypted data without either A) compromising your encryption methods or B) decrypting everthing before you search.

Any technique that allows basic manipulation (even sorting) poses a potential risk of exposing the contents or content distribution of your encrypted data.

It also has it's flaws, as you will see here: http://portal.acm.org/citation.cfm?doid=1536414.1536440

[nicae]

Quote:

Originally Posted by mclean007

Sorry, I tend not to explain myself very well! Basically the idea is to allow some (presumably fairly basic) manipulation of encrypted data without needing to decrypt it and re-encrypt it. I'm sure it has applications, not sure exactly what!

I understood your first post. It was very clear, actually. Thanks!

Quote:

Originally Posted by Jenny_Y8S

I build fundraising systems for some of the big name charities and you have to be clever to work around the FACT!! that you cannot search within encypted data without either A) compromising your encryption methods or B) decrypting everthing before you search.

It's your FACT!!s that are being challenged by this man's discovery.

[thehippoz]

homo encryption huh

[boggsi]

A quick look at wikipedia sheds plenty of light on this subject. Homomorphic encryption in the past has existed but only allowed one of two operations on the encrypted data, addition or multiplication. I'm assuming this IBM breakthrough allows both.

To do this as an example, if you were the only one that could decrypt information from your bank. Homorphic encryption would allow you to pass this encrypted data on to a third party and they could for example add up all the debits and credits returning you a balance. But they would do this purely with the encrypted information from your bank and return the answer to you encrypted in the same way. They would never need (or be able to) to decrypt and see the actual amounts of money you transacted.

Obviously this is a limited example, but you can imagine the possibilities for third parties processing your personal information without ever having access to its actual details.