> The encrypted file – if The Register understands the paper correctly – embeds actions that are permitted on that file (for example, the ability to read and write to parts or all of the file. The Evaluate function is able to use the combination of the public key and permitted actions (described as circuits) to operate on the file without decrypting it.
I'm pretty sure that this has nothing to do with permissions. Homomorphic encryption maintains certain properties of the plaintext (through some isomorphism) to allow pre-defined operations (operations that the isomorphism are designed for).
I was semi-joking. I would not have been surprised in the least if he had invented them at some point. Between him and Alan Kay, you've got about 90% of everything covered. :-)
>> The encrypted file – if The Register understands the paper correctly – embeds actions that are permitted on that file (for example, the ability to read and write to parts or all of the file. The Evaluate function is able to use the combination of the public key and permitted actions (described as circuits) to operate on the file without decrypting it.
> I'm pretty sure that this has nothing to do with permissions. Homomorphic encryption maintains certain properties of the plaintext (through some isomorphism) to allow pre-defined operations (operations that the isomorphism are designed for).
I've read 'permitted' as 'operations that can be performed on the ciphertext when using this encryption scheme'. While it might be ambiguous, I don't think they're incorrect in saying that.
How about patents? I remember having read that IBM holds patents for homomorphic encryption. Does the open sourcing also include a royalty free license to IBMs patents?
EDIT: Just saw GPL2 or later, so choosing GPL3 would mean patent license included, right?
The above poster was specifically referring to IBM's patents. IBM licensing this code under the GPL also extends a patent license for all of their own patents. This comes from the word "contributors" in section 11.
They obviously can't grant a patent license for patents they don't hold, but that's life.
Does anyone know whether one can host open source crypto code on GitHub without risking violations of the US Export Administration Regulations? One issue could for example be that GitHub doesn't block access from countries under US embargo, AFAIK.
Yes you can. BIS effectively decontrolled open source encryption software a few years ago, essentially admitting that attempts to control the export of something that was already available world-wide was a waste of time.
There are still some restrictions on exporting cryptography. For example, under US law you can't export strong crypto to Iran, North Korea, and a few other countries.
Actually you can, you just need a license. That you'll never get one is assumed, however. You need a license to export anything to the AT (Anti-terrorism) countries but for some items you probably can get the license, at least for certain items to certain end users.
Is there some simple description of the operations supported and the space and time complexity of them, as well as their effects on "hidden" parameters of the ciphertexts anywhere?
All the available documentation seems to focus on the underlying implementation and mathematical proofs without clearly stating the user-visible performance behavior.
For example, if I have N encrypted signed B-bit integers (treated as modulo 2^B), and add them all with homomorphic encryption, how much time does that take and how large is the resulting cyphertext?
What if I have two N-dimensional vectors called v and w of B-bit integers (treated as modulo 2^B), and want to compute the value v^T . M . w where M is an NxN matrix?
What if they are floating point instead? Is that supported? Are integers modulo M supported for any M?
Is the sign(x) operation available or just addition and multiplication?
Regarding the last question, if you have an encryption method that can encrypt 0 and 1 and has (efficient) algorithms for multiplying and adding the plaintexts corresponding to encrypted messages then you can efficiently compute any boolean circuit.
So any fast algorithm that can be computed without encryption can be computed efficiently by a homomorphic encryption scheme (in time that is some low degree polynomial of the time needed for the unencrypted algorithm).
20 comments
[ 0.25 ms ] story [ 57.2 ms ] threadI'm pretty sure that this has nothing to do with permissions. Homomorphic encryption maintains certain properties of the plaintext (through some isomorphism) to allow pre-defined operations (operations that the isomorphism are designed for).
Also, why theregister? Why not link to the actual article (http://eprint.iacr.org/2011/277) or the github project (https://github.com/shaih/HElib) They're much, much more informative.
Besides, the article includes links to more technical materials, including the project page should the reader want to find out more.
> I'm pretty sure that this has nothing to do with permissions. Homomorphic encryption maintains certain properties of the plaintext (through some isomorphism) to allow pre-defined operations (operations that the isomorphism are designed for).
I've read 'permitted' as 'operations that can be performed on the ciphertext when using this encryption scheme'. While it might be ambiguous, I don't think they're incorrect in saying that.
So many technical articles just get the facts wrong and pass them off as correct. I appreciate the honesty in this case.
EDIT: Just saw GPL2 or later, so choosing GPL3 would mean patent license included, right?
They obviously can't grant a patent license for patents they don't hold, but that's life.
http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_U...
All the available documentation seems to focus on the underlying implementation and mathematical proofs without clearly stating the user-visible performance behavior.
For example, if I have N encrypted signed B-bit integers (treated as modulo 2^B), and add them all with homomorphic encryption, how much time does that take and how large is the resulting cyphertext?
What if I have two N-dimensional vectors called v and w of B-bit integers (treated as modulo 2^B), and want to compute the value v^T . M . w where M is an NxN matrix?
What if they are floating point instead? Is that supported? Are integers modulo M supported for any M?
Is the sign(x) operation available or just addition and multiplication?
So any fast algorithm that can be computed without encryption can be computed efficiently by a homomorphic encryption scheme (in time that is some low degree polynomial of the time needed for the unencrypted algorithm).