IBM's homomorphic encryption accelerated to run 75 times faster

Re: It's the future given the eagerness of TLA's to spy on people.

In principle this may be true but there are good reasons to think that in practice HE queries will remain many orders of magnitude slower than using plaintext. Getting HE to execute meaningful, useful queries only a million times slower than plain ones would be an improbable and amazing breakthrough.

And since most serious businesses can afford the kit to keep data and do analysis in-house - whatever the beancounters and cloudy marketurds say - I would respectfully suggest that the only way to work on confidential data securely is not to let it off the premises.

Re: It's the future given the eagerness of TLA's to spy on people.

By itself, it doesn't keep anyone from 'spying' on you or intercepting and attacking the encryption.

HE is about not having to decrypt the data in-transit and then re-encrypting; like when data is passed through perimeter security devices. Or when data is stored at rest, an application doesn't have to decrypt the data before processing it.

You still have to maintain a small modulus to noise ratio (in the key-switching matrices) and manage the field for security.

Switching to low-dimensional fields speeds up the homomorphic process at the cost of security/increased risk. Something we are all familiar with already. We can switch from TLS to SSL, but we also increase risk.

Re: It's the future given the eagerness of TLA's to spy on people.

does that mean you can run a query on the DB underlying your line of business system, get the correct records back and decrypt them on site?

Encrypted databases and encrypted database search are big research areas. The Morning Paper has done a bunch of papers on them. See for example:

Why your encrypted database is not secure (which also has links to three other related papers)

SoK: Cryptographically protected database search

Note that there are encrypted DBMSes and cryptographically-protected-search DBMSes available for production use, if you can accommodate the performance hit (which is much less than that of HE), and if their security guarantees (which aren't that great, per the papers cited in those articles) are useful. They do not use homomorphic encryption.

"So, 100 trillion times slower, speeded up by 2 million times, then by 75 times, isn't that still 666k times slower?"

Yes, it's still a bit slower than plaintext operations. However, it probably doesn't look quite so bad once you add in the overhead of having to decrypt and then re-encrypt every time you want to carry out said plaintext operations. Throw in the added security of never having a plaintext version lying around to be potentially stolen, and it's believable that this is reaching the realms of practical use.

No wonder it's still in research!

And god forbid we research things that aren't immediately practical.

Re: Am I the only one who read that as

Yup. Me too. I put it down to needing stronger coffee in the morning.

#MeToo

Am I the only one who read that as

"IBM's homophobic encryption" at first? Anyone? ...No? OK, mine's the nice black one on the left.

I'm glad it is not just me.

Re: Am I the only one who read that as

I think quite a lot of us did that - bit like the old shopfitting/shoplifting one.

Raises an interesting idea though. How would homophobic encryption work? What would it do? Would it be the encryption system of choice for the DUP?

Re: Am I the only one who read that as

Strangely, I read it as "homeopathic."

Re: Am I the only one who read that as

No, I read it as homoerotic, as in photos / videos of cute lesbians, or things with men in them if that's what you prefer.

Re: Am I the only one who read that as

"IBM's homophobic encryption" at first? Anyone/

Actually I read it as "Homoerotic".

Re: What sort of operations can be done?

No, it's having to decrypt the data before you can change it that defeats the whole point of encryption, because that means plaintext copies of it are being left around on your system.

I assume

the trick is that it can only be applied to suitably structured data. So you have an array in which the content of each element is encrypted but its meaning is known. The content is one secret and is still protected. Protection against modification is protection of a different secret and will therefore require its own encryption.

Re: I'm still none the wiser

I think (disclaimer:I'm NO crypto geek, so this is a poorly educated guess) you're missing the point.

Homomorphic cryptosystems are used to enable mathematical operations in ciphertext which then have regular effects on ciphertext.

So my understanding is its purpose is not to enable you to change words, but rather to enable you to send databases to India / the cloud etc. .... and enable them to "calculate stuff", "look for patterns" etc.

There's an example of this in the financial world, Numerai (https://numer.ai/). They release "otherwise expensive data" to the the open internet, protected by homomorphic encryption. This enables every man and his dog to "have a go" in a competition to win prizes for the best "data science".

Re: I'm still none the wiser

Might as well be witchcraft - the Wikipedia entry contains both mathematical notation and English sentences that I can't make head nor tail of:

https://en.m.wikipedia.org/wiki/Homomorphic_encryption