Browsing Tag

# security ## Cryptography – the Basics

Often described as a holy security politician, measured in encrypted data or rather delimited in the literature as safe computing, raises the question: how can we calculate a function in hidden inflows? In other words, how can we process information that we can not see and at the same time have a comprehensible result?

Like a chef who prepares a meal without seeing the ingredients, the safe calculation presents a seemingly impossible problem. How can anyone, even if this person is the most advanced supercomputer in the world, give meaning to data they do not see? Fortunately, cryptography has some tricks that are ordered to defy intuition.

Encrypted data computing shows many interesting applications. Conceptually, if we can keep the information private and secure even when used, maintaining security and privacy becomes a much more manageable problem.

As a result, there are several ways of calculating the encrypted data, each with a unique approach and different engagements. In the rest of the release we will look at the various options available.

Fully Homomorphic Encryption (FHE)

Before explaining what a (fully) homomorphic encryption scheme is, it seems appropriate, to complete, to remember how a simple encryption scheme is defined. An encryption scheme is given by two encryption and decryption algorithms, which work as follows:

•  ciphertext = Encrypt (key, message): given a secret key and a simple text message, you can get an encrypted text that reveals nothing (by itself) about the message
• message = Decrypt (key, encrypted text): given a secret key and an encrypted text, you can get the text message without original formatting.
• In the case of public-key cryptography, the encryption and decryption keys are different. For the sake of this article, this distinction is not important.

In simpler terms, an encryption allows us to hide data in a way that does not make sense to anyone, except for those who have access to the secret decryption key. Without the key, the data is meaningless. One drawback of encryption is that, in general, performing a calculation on the encrypted text space does not affect the encrypted texts in the same way as when calculating on simple text data. However, if it does, then we call this homomorphic scheme.

For example, imagine that we have two values ​​a and b, and using a homomorphic encryption algorithm we obtain the encrypted values ​​ea and eb. If we try to add ec = ea + eb together, ec would be equal to an encryption of the sum of a + b. In other words, when deciphering ec, it would result in the sum of the two integers.

To complicate things further, keep in mind that, in general, the assignment from the plain text space to the encrypted space may involve different operations. In the commonly used Paillier cipher system, a multiplication of encrypted texts in the encrypted space results in an addition of the underlying plain text values.

The Paillier cryptosystem is an example of an additional homomorphic encryption scheme. An encryption scheme that admits the sum and the sum of computation over encrypted data. It is therefore a partially homomorphic encryption scheme. To obtain a completely homomorphic scheme, one needs to find an encryption that supports both addition and multiplication in the encrypted texts. These two operations are complete in the sense that any other computational task could be constructed from these two operators alone.

Therefore, it seems that finding a fully homomorphic encryption scheme (FHE) should not be a difficult task. However, up to Gentry’s excellent work in 2009, we only theorized that such schemes existed, but we did not know any in practice. Unfortunately, despite many refinements and improvements, FHE is still a theoretical breakthrough, and making these schemes practical is as difficult as finding a solution to the strong problem of AI. The schemes currently proposed are so impractical that only very simple calculations can be made in a reasonable time.

Deterministic and Order-preserving Encryption (OPE)

Deterministic and Order-preserving Encryptions are types of encryption that allow certain types of functions (not all). These encryption methods have been used in the academic area of ​​CryptDB and, more recently, in production systems such as Numer.ai. Unlike the methods mentioned above, these techniques are not really secure in the way we define acceptable encryption security and MPC and provide weaker guarantees. They are also limited to functionality. However, they are much easier to implement and are significantly faster.

To understand why these systems are unsafe, we must realize that a significant part of the data is still leaking. For example, OPE is defined as an encryption that maintains the order of the article. In particular, by giving two figures c1, c2, corresponding to the messages m1, m2, then if c1 <c2 causes m1 <m2. Now imagine that you have an encrypted column that represents the age of the people. Ages are whole types with a small range, typically 0-100. Since there are several rows (even up to 1000 should be sufficient), we could easily map the values ​​to whole numbers with great accuracy and probability of being correct. Therefore, although they are motivated in terms of application, these techniques are discouraged and come here only to complete them.

In general, the encrypted data computing is an exciting topic that presents the way in which cryptography faces the most difficult of all: data protection in use. This review is not entirely complete, but should give you an initial insight about what space you should offer.