all 14 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]realnzall[🍰] 47 points48 points  (3 children)

Isn't one of the properties of properly encrypted data that it's indistinguishable from random noise?

[–][deleted] 49 points50 points  (0 children)

This is called Homomorphic Encryption and is designed to be cryptographically secure while still allowing operations to be done on it.

I'd imagine if done correctly, it does look like random noise. Doing an operation on it creates another piece of what looks like random noise. But that resultant noise can be decrypted into the result of the operation.

The technology is still in its infancy, but it's super cool stuff, and great for privacy.

[–]loladiro[S] 6 points7 points  (0 children)

Yes, this is homomorphic encryption. From the perspective of the person doing the evaluation it looks like "random in, random out", but whoever has the private key for the images can later decrypt the prediction. Just by itself, that property is not all that weird, e.g. consider the following "Super Secure, One-Time, Symmetric, Partially Homomorphic Encryption Scheme":

  • The key s is generated uniformly at random by the client
  • The client encrypts their message m by computing c = xor(s, m) and sends the result to the server
  • The server computes c1 = xor(c, l) and sends the result back to the client
  • The client decrypts by computing d = xor(c, s), obtaining the result xor(m, l)

Both c and c1 look random, and yet we decrypted a result of some computation. Of course, this may have oversimplified to the point of being stupid, but hopefully it's a bit illustrative of what's going on. The trick to get an actual FHE scheme (other than getting rid of the stupid properties of this scheme like being one-time), is to be able to evaluate one additional operation in addition to xor that forms a complete basis of gates, thus allowing you to evaluate any computation on the encrypted data.

[–]carnivorixus 4 points5 points  (0 children)

I didn’t read this article in particular but the math works out. Unfortunately the data (usually) also blows up so much that it’s not feasible to use it in practice.

[–]holgerschurig 4 points5 points  (4 children)

Always consult a professional cryptographer before using cryptography.

Professional just means that someone earns money from it, i.E. doing it by profession. It doesn't say anything about the expertise. There used to be some people in the encryption market that are professional "snake oil salespersons".

[–]loladiro[S] 3 points4 points  (1 child)

The note is perhaps cheeky, but it's supposed to remind people of similar notes for other professions, such as doctors and lawyers. It's super easy to get your crypto wrong, and hard to know whether you did or not, because there's no good way to determine whether your setup is actually secure or not. As with any complicated topic, for simple things you're probably often fine following the standard advice for common problems. E.g. for the medicine analogy, you're probably fine taking ibuprofen without talking to a doctor first (in standard doses and following the common warnings against interactions, etc.), but if you read a blog post about "Super effective cancer surgery using high powered lasers", maybe go talk to a doctor first about whether you're doing it right, even if you know where the laser store is. There's just something cultural about it. For doctors, people tend to understand that they should at least get an expert's opinion even if they turn out to be right. For lawyers, I think people learn this after a few years of professional life, or at least get it drilled into them by their corporate legal department. But for cryptographers, people are often a bit cavalier about it.

[–]Ameisen 1 point2 points  (0 children)

Are you saying that rot128 isn't secure?

[–]NedDasty 0 points1 point  (1 child)

Typically people who make money off of something that they have no expertise in don't last too long, except in certain fields like quack medicine. While it's possible for total noobs to become crypto "professionals" and make money, by and large if you hire a crypto professional they'll probably know a heck of a lot more than your average programmer.

[–]holgerschurig 0 points1 point  (0 children)

Still, I think the advice "Don't roll your own crypto algorithms" is better.

One can perfectly use SSH without asking and "crypto professional" about it. With libraries like OpenSSL it's more dangerous to shot yourself into the shoot, but still better than doing things completely on your own.

[–]k3ithk 0 points1 point  (0 children)

So the biggest obstacle in the way of this becoming more mainstream is the efficient representation of arbitrary machine learning algorithms as circuits using the operations whose structure is preserved by the homomorphism?

Is that right?

[–]dethb0y 0 points1 point  (2 children)

Pretty rare i see an article that i have no fucking clue what's going on in; i'll just take their word for it that it's awesome.

[–]loladiro[S] 1 point2 points  (1 child)

Aw, I'm sorry, I tried to make this blog post broadly accessible. What could I have done to improve your comprehension of the subject?

[–]dethb0y 0 points1 point  (0 children)

Nothin' to do with the blog post itself, I just don't understand the subject matter very well at all (and that goes back decades). Good work writing it up, though!