It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

IBM Crypto Patent

page: 1
5

log in

join
share:

posted on Dec, 23 2013 @ 08:52 PM
link   
www.eweek.com...

Given recent NSA revelations, what do people make of this?


"Our patented invention has the potential to pave the way for more secure cloud computing services—without having to decrypt or reveal original data," said Gentry in a statement. "Fully homomorphic encryption will enable companies to confidently share data and more easily and quickly overcome challenges or take advantage of emerging opportunities."


This enables a method of processing data without that input data being processed in the clear.

If the data can be analyzed however, then it implies the contents of the data can be inferred even if they can't be seen.

e.g. I could write this text in a language you don't understand (making it unreadable to you), however this text and its meaning would remain intact.

The fact the meaning of the data is maintained creates a contradiction in terms of both privacy and security. Properly encrypted data is indistinguishable from random data, however, if this homomorphic encryption maintains meaning, the data would no longer pass statistical tests for randomness, and any implied privacy (and thus, security) is lost.

Thoughts???
edit on 23-12-2013 by mirageofdeceit because: Re-written for greater clarity.




posted on Dec, 23 2013 @ 09:07 PM
link   

it will reveal the same detailed results as if the original data was completely visible

Yes, that sounds perfectly safe to me... haha.



posted on Dec, 23 2013 @ 09:14 PM
link   
reply to post by mirageofdeceit
 


It would need to be independently evaluated and verified.

Good Grief! ... take a look at the patent ( and/or do you want that job of evaluate and verify; THIS might take a while ): Patent

For "Cloud" Storage, data SHOULD be Encrypted 1st on the Client-Machine BEFORE sending it for storage over a "Public" Network. Here's the problem; the Encrypted MUST be downloaded 1st THEN Decrypted LAST on the Client-Machine.

Summary: Maybe they have something ... BUT "It would need to be independently evaluated and verified."
edit on 23-12-2013 by FarleyWayne because: (no reason given)



posted on Dec, 23 2013 @ 09:29 PM
link   
reply to post by FarleyWayne
 


Right, but in this case, it is about processing of data. They are talking about processing ENCRYPTED data, and sending the ENCRYPTED RESULT back to whoever sent the request. The problem is that if MEANING of data remains intact, then any supposed privacy is lost.



posted on Dec, 23 2013 @ 09:32 PM
link   
Example: www.asciitohex.com...

BASE64:

SWYgSSB0eXBlIHRvIHlvdSBpbiBwbGFpbiB0ZXh0LCB0aGVuIGNvbnZlcnQgaXQgdG8gQkFTRTY0LCB0aGUgTUVBTklORyBvZiB0aGUgZGF0YSBpcyBtYWludGFpbmVkLg==

Put that in the conversion tool, above. If it was random data (the result of proper encryption), it would be impossible to read without a key.

The problem with this homomorphic crypto is that the data can be processed and maintain meaning, whereas if you modified any bits of real cipher text, you'd corrupt it, and decryption would yield junk.
edit on 23-12-2013 by mirageofdeceit because: (no reason given)



posted on Dec, 23 2013 @ 09:33 PM
link   
reply to post by mirageofdeceit
 


A "solution" for what's being discussed here would be of "High Significance" for ... "Cloud-Based"-DATABASES.

-
Summary: Clarification of Use.



posted on Dec, 23 2013 @ 09:36 PM
link   

mirageofdeceit
Example: www.asciitohex.com...

BASE64:

SWYgSSB0eXBlIHRvIHlvdSBpbiBwbGFpbiB0ZXh0LCB0aGVuIGNvbnZlcnQgaXQgdG8gQkFTRTY0LCB0aGUgTUVBTklORyBvZiB0aGUgZGF0YSBpcyBtYWludGFpbmVkLg==


That is an example of "ENCODING" ... ( not "encryption" ).
edit on 23-12-2013 by FarleyWayne because: (no reason given)



posted on Dec, 23 2013 @ 09:37 PM
link   
reply to post by FarleyWayne
 


You caught me half-way through editing my post. Please re-read it.

You are correct though - my example is encoded. Point is, properly encrypted data conveys no meaning, so the security/privacy aspect is highly questionable.
edit on 23-12-2013 by mirageofdeceit because: (no reason given)



posted on Dec, 23 2013 @ 09:48 PM
link   
reply to post by mirageofdeceit
 


Here is an example of AES-Double-Encryption following by a 64-bit Encoding.

How do I know? I personally compiled the program that produced it.

It contains the TEXT of THIS-Post.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4C/5MQn6ayNZywyMPh0hvZWVo5DjfkNBqOe/E0RxeikZIQcoBRK9x9zvKF9hYzimw3pUOYOa
q3wainosOebBA0p3uCjicoGSGOIG+sM0f2e1pwxUxnWI3M2Fd5p3DEZwug5OyEgBccg+oJum
kF6y0Z2cbZTInP32Iy4v2nHW8c9u3cwo5cQTBSBlks8twVu1xXAJN6wY8mtnFYjeSJJ03mS5
zp4IQzG1hz9PsSFkAAIkumW0TzN8o7Yeec/UrNpL9qxKV9zsqyQii+Y6cRSCG0AZx2k0yGhq
NNh8xobwGfhafhlZTnCzGUQ2OKcgHslDUHYZSbb5oQ5tcs8XceFUFcy0GkK/RRztZVaC50Lo
1n3kpTW6LXKh6tswCoF0+M2z.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



posted on Dec, 23 2013 @ 10:04 PM
link   
reply to post by FarleyWayne
 


that's easy it says:

Here is an example of AES-Double-Encryption following by a 64-bit Encoding.

How do I know? I personally compiled the program that produced it.

It contains the TEXT of THIS-Post.

64 bits no sweat!


lol



posted on Dec, 23 2013 @ 10:09 PM
link   
reply to post by bitsforbytes
 


YES !!!, you guessed what was "Encrypted" ... ( I bet you cheated !!! )



posted on Dec, 23 2013 @ 10:12 PM
link   
The only safe encryption is if the software is open source. Everything else can have back doors either built in from the start or added during an update. It must be used on the source computer as specified above.

The greatest hazard is always key loggers.

P



posted on Dec, 23 2013 @ 10:17 PM
link   
reply to post by pheonix358
 


You're Learning: www.abovetopsecret.com...

edit on 23-12-2013 by FarleyWayne because: (no reason given)



posted on Dec, 23 2013 @ 10:20 PM
link   
reply to post by FarleyWayne
 


Run two computers, run the second off line. Keep encrypted files only on the off line machine. Then you only have to worry about physical security. Second machine does need to be all that powerful.

P



posted on Dec, 23 2013 @ 10:43 PM
link   
reply to post by FarleyWayne
 


Now run a statistical test on that cipher text from your AES program. It will look close to random. If you try and modify it, it will break.

Those properties do not exist with homomorphic encryption. The intermediate processing does not know what the inputs are, so it has no way to know if any particular operation will break the output, yet manipulate it it will.

If I increase every alternate 10th and 12th bit by 1 in my encoded text, then decoded it, I would get the next character in the decoded character set. If I did that to your cipher text, I'd break it completely.
edit on 23-12-2013 by mirageofdeceit because: (no reason given)



posted on Dec, 23 2013 @ 10:47 PM
link   
I remember reading about this subject a few years ago.


Craig Gentry using lattice-based cryptography showed the first fully homomorphic encryption scheme as announced by IBM on June 25, 2009


That was from wiki on Homomorphic encryption

There is still development to be done.



posted on Dec, 23 2013 @ 11:05 PM
link   

mirageofdeceit
reply to post by FarleyWayne
 


If I increase every alternate 10th and 12th bit by 1 in my encoded text, then decoded it, I would get the next character in the decoded character set. If I did that to your cipher text, I'd break it completely.


Yes, mine would "break" in those conditions.

AND/OR

It would "DESTROY" MY "Encryption" beyond useability ... ( not that it was decrypted ).
.
edit on 23-12-2013 by FarleyWayne because: (no reason given)



posted on Dec, 24 2013 @ 07:33 AM
link   
I have not fully looked into it, but on the surface it does sound more like a translation than encryption process that is being performed. Instead of sharing encryption keys to read the data, translation algorithms are shared instead. It does make it easier when there is a big mass of data to go through.

As for what I make of it, kinda reminds me of the whole 'enemy combatant' terminology. It does allow for a quick side step of a lot of ethical reasoning. With the current political push to decentralize the big data collection it is going to lead to a messy and intricate digital landscape for those needing to navigate it.



posted on Dec, 24 2013 @ 10:48 AM
link   
From what I'm reading, this has to do with the handing off of data between separate services in a process chain, and the isolation that would result from using homomorphic cryptology rather than methodology of initial encryption. In theory, this would allow the transient services to be able to perform operations on the data, without actually knowing the encrypted content. It's almost a way of manipulating data that's already encrypted, without actually decrypting then re-encrypting before passing it along to the next host in the hop.

Wiki stated it pretty well:



This is a desirable feature in modern communication system architectures. Homomorphic encryption would allow the chaining together of different services without exposing the data to each of those services, for example a chain of different services from different companies could 1) calculate the tax 2) the currency exchange rate 3) shipping, on a transaction without exposing the unencrypted data to each of those services.


It seems like the goal is to cut out the necessity of each entity in the chain having to decrypt to manipulate data...which would be a pretty good idea given the recent trend to decentralize data via "the cloud".

Furthermore, it takes quandaries like the whole NSA & RSA debacle out of the mix. For those of you who don't know about said debacle, check this out: RSA Responds to Allegations

Edit: OP, SnF for a pretty sweet find!
edit on 24-12-2013 by parad0x122 because: SnF shoutout



new topics

top topics



 
5

log in

join