DARPA Taps Intel To Help Build the Holy Grail of Encryption (techrepublic.com) 54
The Defense Advanced Research Projects Agency, or DARPA, has signed an agreement with Intel to add it to its Data Protection in Virtual Environments project, which aims to create a practically useful form of fully homomorphic encryption. From a report: Fully homomorphic encryption has been described as the "holy grail" of encryption because it allows encrypted data to be used without ever having to decrypt it. Fully homomorphic encryption isn't fantasy -- it already exists and is usable, but it is incredibly impractical. "FHE adoption in the industry has been slow because processing data using fully homomorphic encryption methods on cryptograms is data intensive and incurs a huge 'performance tax' even for simple operations," Intel said in a press release.
The potential benefits of fully homomorphic encryption make creating a practical way to use it a cybersecurity imperative. Intel succinctly describes the biggest problem in data security as being caused by "encryption techniques [that] require that data be decrypted for processing. It is during this decrypted state that data can become more vulnerable for misuse." The goal of the Data Protection in Virtual Environments program is to develop an accelerator for fully homomorphic encryption that will make it more practical and scalable, which is where Intel comes in. The chip manufacturer's role in the project will be academic research and the development of an application-specific integrated circuit that will accelerate fully homomorphic encryption processing. Intel said that, when fully realized, its accelerator chip could reduce processing times by five orders of magnitude over existing CPU-driven fully homomorphic encryption systems.
The potential benefits of fully homomorphic encryption make creating a practical way to use it a cybersecurity imperative. Intel succinctly describes the biggest problem in data security as being caused by "encryption techniques [that] require that data be decrypted for processing. It is during this decrypted state that data can become more vulnerable for misuse." The goal of the Data Protection in Virtual Environments program is to develop an accelerator for fully homomorphic encryption that will make it more practical and scalable, which is where Intel comes in. The chip manufacturer's role in the project will be academic research and the development of an application-specific integrated circuit that will accelerate fully homomorphic encryption processing. Intel said that, when fully realized, its accelerator chip could reduce processing times by five orders of magnitude over existing CPU-driven fully homomorphic encryption systems.
Meltdown (Score:3)
How long until THIS one melts down!?
Re: (Score:2)
How long until THIS one melts down!?
Ahh sure they're not calling it DPriVE for nothing!
Re: (Score:2)
Re: Homomorphic? (Score:1)
No, that's called non-binary or NBE.
This is more about Intel using the H word in a tone deaf attempt to get cancelled on Twitter.
Re:Homomorphic? (Score:4, Funny)
And at the other end of the spectrum, with homoerotic encryption, everybody knows exactly what they're looking at!
Re: (Score:1)
Re: Homomorphic? (Score:1)
No, it's like Odo, but only for sexual prefernces. ;)
Skunkworks? (Score:2)
Why not just pick 5-10 celebrity cryptographers, give them 100 million, and actually get a better result in the end?
Re: (Score:3)
Because we already know how to do homomorphic encryption. Now it is a computation problem. When in doubt, throw more hardware at it. Intel probably could do a good job with it. However, if it was such a munchy nugget, how is it they need DARPA funds to do it?
Now every chip designer will be racing to be up first at bat to beat Intel. Which company wants to be beholden to Intel if they can avoid it?
DRMworks? (Score:3)
Well will this help us game faster, or play videos smoother? And more importantly since no one seems to have noticed. What does this mean for DRM?
Re: (Score:3)
Re: Skunkworks? (Score:1)
Who said they /need/ them?
Whould you reject an offer to put your arm deep into the pork barrel?
Re: (Score:2)
If doing the same old thing faster is cheating, but a 1e5 speedup is attainable, hey, let's cheat.
Re: (Score:2)
Re: (Score:1)
I'm stupid, I didn't read the thing.
Re: (Score:2)
If you can read the data while it's encrypted... (Score:2)
Re: (Score:2)
I think ROT13 is a form of homomorphic encryption: you can process the contents without ever having to decrypt them as a whole (just add 13 to each character before printing it!).
Now if only someone could develop a chip able to add 13 to every character going through it... That's where Intel's extensive expertise comes in!!!!
Re: (Score:2)
ROT13 is not homomorphic encryption. If you have a number (eg 1) and ROT13 it you get 14. If you had another number (eg 2) and ROT13 it you get 15. Add them together and you get 29. Un-ROT13 that and you get 16, which is not 1+2.
Re: If you can read the data while it's encrypted. (Score:1)
Yes it is. You need the homomorphic version of the algorithm too.
Re: (Score:2)
So, if you have two encrypted numbers, a and b, with homomorphic encryption, you can do operations on them like a + b = c. You still don't know what a, b or c is but you can pass c back to the person who has the encryption key and they can read it.
Re:If you can read the data while it's encrypted.. (Score:5, Insightful)
I want to use a cloud service like AWS to host my application, but I don't trust AWS to not read my data. So I encrypt my data before storing it in AWS. Right now, in order to feasibly process and manipulate that encrypted data, I first need to decrypt it. If I could instead process and manipulate that encrypted data in the cloud without ever decrypting it, that would be the Holy Grail.
Re: (Score:1)
with the highest respect for personal privacy we feel its necessary to be able to sca
Re: (Score:2)
The idea is that you can't read it while it's encrypted but you can work on it while it's encrypted. So imagine you could take an encrypted data set, perform an operation on it, get an encrypted result, and decrypt that to see what the result is without the computer that did the operation ever having access to the decrypted data at all. That would be an example of homomorphic encryption. In a sufficiently advanced form this could let you do something like run a VM on a computer that could not get data out o
Re: If you can read the data while it's encrypted. (Score:2)
Thatâ(TM)s a good description.
Re: (Score:2)
The idea is that the calculation produces an encrypted result from the encrypted input. Apparently that is mathematically possible. A trivial example: say your encryption xor's the input data with a key-generated pattern. You can easily compute the xor of the data with any constant, producing the encrypted result, by doing the same xor to the encrypted data.
I do wonder exactly what operations are permitted by this. It would seem like any operation that changes the size of the data based on it's value would
Re: (Score:2)
I do wonder exactly what operations are permitted by this. It would seem like any operation that changes the size of the data based on it's value would not be allowed as checking the resulting size would leak information about the data.
A very accessible introduction to the subject is, Computing Arbitrary Functions of Encrypted Data [stanford.edu] by Craig Gentry, at the time, of IBM's T.J. Watson Research Center.
Re: (Score:2)
>I do wonder exactly what operations are permitted by this.
In one system, Yao Garbled Circuits, and the more efficient derivatives can model basic logic gates. You need to build you algorithm from those things.
Re: (Score:2)
A functioning FHE algorithm will be able to do a computation on your computer. You will be able to see every operation, every bit, every transition. But you will not be able to determine the data values.
The details are not simple. You can look up "Yao Garbled Circuits" for a classic example of such a scheme. This maps your algorithm to logic primitves (ands, ors, nots) and then replaces each logic gate with (if I remember right) 6 block cipher operations. That's around 90,000 factor increase in compute
effor
Re: If you can read the data while it's encrypted. (Score:1)
Every reply here says why and what for. And not a single one says HOW. Which is what OP asked.
Seems we got the curent crop of college finishers here. Confusing memorized patterns with actual understanding. ;)
They will make great MS support hotline workers and code monkeys.
Re: (Score:2)
That's because homomorphic encryption is hard. It was only a few years ago that it was proven that it was possible to do any operation you want if the cipher meets certain requirements.
Then it was to prove a cipher meeting those requirements was still secure and not have an inadvertent backdoor.
Then it was to find such a cipher. We know of many homomorphic ciphers that allowed for limited operations - there were on
Re: (Score:2)
It will never hit the streets (Score:1)
Until they can break it, and then they can sell it as the Next Big Thing®
Does that include (Score:3)
Does that include a backdoor like Intel ME ?
Five Orders of Magnitude?? (Score:1)
So, does that mean 2^5 (32x) or 10^5 (100000x)?
Re: (Score:2)
So, does that mean 2^5 (32x) or 10^5 (100000x)?
10,000 to 100,000 for the systems I've tried implementing.
It's like using an 8 bit computer to do number crunching, only slower.
Re: (Score:2)
100000x
What it is: (Score:2)
Fully homomorphic encryption isn't fantasy -- it already exists and is usable, but it is incredibly impractical
FHE has existed for a while but what it really does is generate a series of logical operations that execute on a virtual machine of sorts, while keeping everything encrypted. The problem is that it is so slow that it cannot be used for anything. FHE is the ultimate DRM (impossible to read, only possible to execute), so it's no wonder it's desired.
Businesses would see FHE instructions as a panacea to keep their secrets but the reality is that antivirus would become all but impossible. It would be buyer's
Re: What it is: (Score:2)
This also allows host-proof computing--you can execute code on cloud servers without revealing the data, and decrypt it on-prem.
Re: (Score:2)
FHE has existed for a while but what it really does is generate a series of logical operations that execute on a virtual machine of sorts, while keeping everything encrypted.
In the simplest form, you take encrypted data and perform a series of multiplies and additions. These each have an equivalent effect of acting as a logic gate on the input value(s). Thus, you construct your typical VM of these gates, translated back to adds and multiplies. The issue here is that the numbers get extremely large, extremely quickly, as you may imagine. Thus, a large chunk of the problem is scaling those values back into a workable range every so often (or using a more advanced method than this
Re: What it is: (Score:1)
No it is useless as DRM.
What good is a movie, if you can never watch it?
Watching it ALWAYS requires decryption and sending signals to a display unit to light up lights. Wheter you put a CCD on top of the OLED or you just open it and grab the signals going to the LEDs, you will always end up with a unprotected uncompressed signal that you can compress and copy at will.
Also, what good is thar snake oil, even if it would work as hallicinated, if nobody's willing to let the obsolete Content Mafia steal from the
Re: (Score:2)
No it is useless as DRM.
What good is a movie, if you can never watch it?
spoken like a fool who doesn't understand neither HFE nor DRM.
Re: (Score:2)
All it really does is allow companies that have data that they want or need to keep pr
Re: (Score:1)
Stop being homomorphicphobic.
My unicorn farm could also use free tax money (Score:2)
if it were only for putting some thinfilm solar sheet on the barn.
Or any other of those holy grails that we have been chasing for the past decades.
Reminds me of DigiCash (Score:1)
Doesn't make economic sense (Score:1)
You have two alternatives for where to invest new hardware:
1. Use additional hardware to make computation more secure, but not faster.
2. Use additional hardware to make computation faster, but not more secure (except where additional speed offers additional security).
As long as there's a need for additional speed, I can't see anyone going for option 1.
Of course, this path led us to Spectre and Meltdown, so perhaps the decision isn't always so cut and dried.
But excepting big flaws like that, I don't see this