Interesting People mailing list archives
re Homomorphic encryption cannot redeem SaaS
From: Dave Farber <dave () farber net>
Date: Mon, 12 Jul 2010 22:23:22 -0400
Begin forwarded message:
From: "David P. Reed" <dpreed () reed com> Date: July 12, 2010 1:49:53 PM EDT To: dave () farber net Cc: ip <ip () v2 listbox com> Subject: Re: [IP] Homomorphic encryption cannot redeem SaaS
Richard makes a very good point, and his meta-point about words that are vague leading to poor quality discussion is also very good. Let me clarify the distinction that Richard is making by a simple example. Let's suppose I want to run a program really fast. I have the source code of the program in my hands, and I have the data in my hands. I don't want to share the data with anyone, and I want the "right" answer, just faster than I can get on my personal resources. So I decide to use a virtual resource out in the Internet - which I rent by the minute. (Amazon EC2?) Homomorphic encryption suggests that I can take the source code P and "compile" it into a program Ph that is specially organized so that it works on data in encrypted form, never revealing the actual values in the data during the computation. So what I do is load Ph into the Amazon EC2 system, then take the data D and encrypt it to create Enc(D), which I send to be processed by Ph. The result Ph(Enc(D)) is then sent back to me, whereupon I decrypt it getting Dec(Ph(Enc(D))), which is the same thing as P(D), if homomorphic cryptographic computation is demonstrated to work. Here's what I think is Richard's objection, though. If P (the program) is offered as "Software as a Service", then I don't know what the program does or how it works. I gain no more control or knowledge of that program by running a version Ph that works on encrypted data. In fact, because I cannot understand anything about P by looking at Ph, the only thing I can check about the service P provides is by checking certain things by testing known inputs and outputs. This means that I cannot prove that P doesn't (for example) save my data and share it with a bad guy (whether that bad guy is a competitor, the government, or a crook). Merely validating a few sample test cases or even verifying that the result is a "valid" result is not sufficient to bound the sort of "evil" that can be carried out "in the cloud". So homomorphic encryption doesn't help very much with "cloud services" and any claims to the contrary are very likely snake oil. However, a more limited claim - one that says that one can virtualize one's OWN program, to which one has the complete source code and the ability to compile and modify it to be run on a "homomorphic cryptographic" engine - that LIMITED claim has some significant potential value. But it may not have such value - because the execution unit executing Ph (the encrypted version of the code) may, by watching Ph interact with the data Enc(D), be able to learn enough about the computation to significantly harm the user, despite the two transformations - the one on the code and the Enc operation. We DON'T know. This is good research, I am sure. But it is NOT a good reason to believe that SaaS doesn't have important risks. Ameliorating those risks (IMO) probably requires that the operator of a virtualized service be held accountable for liability to his/her users. This cannot be accomplished by pure crypto in itself. On 07/12/2010 12:22 PM, David Farber wrote:Begin forwarded message: From: Richard Stallman <rms () gnu org> Date: July 12, 2010 8:36:58 AM EDT To: David Farber <dave () farber net> Subject: Homomorphic encryption cannot redeem SaaS Reply-To: rms () gnu org Would you like to forward this to your list? The goal is to create practical implementations of an idea that only recently has been shown to be possible in theory. That a computation could be performed over data that remains in encrypted form throughout the entire computation. In effect, the computer would execute a program without ever being able to discern any of the computed values. The possible applications of this are far reaching. For example, you could let a cloud facility do all of your computing work without any possibility that any of your private information would be divulged. " The term "cloud computing" is so vague it only means "using the internet somehow". There are many ways to use the internet and they raise different issues. If a server is doing "your computing work", that means it is Software as a Service. SaaS with homomorphic encryption would giving the server operator unlimited access to your data, but that doesn't eliminate the fundamental problem of SaaS. SaaS is always bad for you because it means you lose control of your computing. It is just like running a proprietary program. For more explanation, see http://gnu.org/philosophy/who-does-that-server-really-serve.html. For server activities that are not SaaS, where the control of your data is the main issue, homorphic encryption could be a good solution. I've concluded that the term "cloud computing" is vague to the point of impeding clear thinking, so I never use it. See http://www.gnu.org/philosophy/words-to-avoid.html for explanation. ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- re Homomorphic encryption cannot redeem SaaS Dave Farber (Jul 12)
- <Possible follow-ups>
- re Homomorphic encryption cannot redeem SaaS Dave Farber (Jul 14)