Homomorphic Encryption

okay i'm i'm talking to you all wonderful um right uh homomorphic encryption um i uh okay there's there's an example right there for you in in a sense um you are uh perfectly free to take a picture of the qr code there on the screen get all the information that you need about me bearing in mind that i did get my start in security in malware research and that means that i know every possible way to get somebody to install bad stuff onto their computer now i get another example if you will of homomorphic encryption this this really isn't an example this is just weak encryption of course um and you know rot 13 is is the way that

we hide uh semi-hyde things that uh we're we're talking about um and it's it's really just a weak form of encryption so it's not really uh homomorphic encryption because what we want to do with homomorphic encryption is to actually encrypt the data and still be able to use it for some purpose without decrypting it it's not just easy decryption it's use it while it's still encrypted um now uh a lot of people think that this is you know really fantastic idea and and yes i i mean there are you know some good things about it but um some people are going overboard uh this was a a news article that i came across recently um and they're calling it the holy grail

of of encryption um yeah it's it's got some good uses but it's also got some limitations which we will uh talk about um uh as we go through here first of all homomorphic encryption is not a new thing we have in fact been using forms of homomorphic encryption for quite some time for example how do we store passwords we hash them hashing is is one-way encryption there is no way to decrypt the password and of course what we do is uh when somebody submits a password we hash the submitted password and check it against the hash that we've stored so we're not storing the passwords in uh an unencrypted form they are encrypted they can't be recovered but

um we can still use them we we still have a use for that uh so you know there there it is there's one example of uh homomorphic encryption uh and we're using it all the time uh now i don't i don't want to push these these are these are kind of bad or limited examples but um doing an exact search which which basically an exact comparison is is what we've done already with the uh the password uh hashing uh but uh looking at the electronic codebook mode of block cipher um it uh is of course the the weakest form of a block cipher you know the weakest mode for block ciphers and that is because it

if if you have the same data you get the same cipher text and so for example uh if you're doing you know simple graphics and and that sort of thing you can encrypt it using uh ecb mode and yet you can still get a rough idea of what the the image is about um so this isn't you know uh well this this is just a weak form of cipher but again you know if we want to do exact searches or exact comparisons and and the you know block size is is the same as our record size um we can use homomorphic encryption um if uh oh uh sorting as as well um the caesar cipher when you know the

wrought turkey an example uh up at the beginning there uh or basically any uh uh encryption that uses mod functions um you can do sorting functions uh on a limited basis and and we'll talk about again a little bit later i hear about uh homomorphic encryption and fully homomorphic encryption uh many types of homomorphic encryption are give you a rough result uh possibly a workable result but not necessarily an absolutely accurate result uh so we can get a a rough sort out of a caesar cipher or a mod uh function in in encryption there um kova 19 contact tracing this this was interesting a dp 3t uh protocol um just uses a random data beacon and that

actually contains no personally identifiable information and that is why they can use uh this for contract tracing and still protect privacy but that's only if you're doing the the simplest form of of contractuation as soon as you start adding uh location data time data to the random data that the beacon uh comprises um that starts to uh present a problem for for privacy as well uh so again you know different things here the uh the data beacon for contact tracing is it's a random number it has no meaning um you know it's a in a sense it's a kind of perfect encryption because uh there is no original data there except for the the random data but uh

again you know this is not a really great example of what we want to use homomorphic encryption for and and of course you know there's our qr codes for uh vaccine uh uh confirmation that that uh you can prove uh that uh you uh have been vaccinated and you can do travel you can get into restaurants you can get in shows uh stuff like that and so you can take this qr code and uh present it and get into a restaurant and and you know get into a gym get in to a movie theater whatever it it may be uh try to travel on an airplane uh and if you do use this qr code and and try to do those things

you deserve everything that happens to you so a better example here um voting in elections have been uh much in in issue both in in your country and in mine uh i am of course from canada and therefore an untrustworthy alien but we've had uh recently a federal election we had a couple of elections um uh provincially up here uh that have you know addressed issues of uh could we have online balloting could we have uh machine voting could be you know various and uh i've been looking at voting systems for many many years and um the various uh proposals that that have been given have been pretty much universally terrible i think one of the worst that i

encountered recently was somebody who suggested that we use blockchain for online voting and i just you know we're crying out loud where is your head at but uh rivest and this is the revest of the ron rives that is the rnrsa um he proposed uh this uh three ballot voting system and uh there's the uh you know some information you can get on um and by the way i've uh fired into the uh track one chat and q a area uh some details and all the urls that i'm using in these slides so you don't have to uh madly try to copy that down um but the three battle photo system is is really really interesting this is the

first one that i've seen that that really impresses me as something that is possible uh microsoft has um uh is bringing out something or presenting proposing something called election guard and i from what they have said about it i believe that it is in fact uh based on the revest uh three ballot voting system now um the first thing about uh balloting is that um we want to be anonymous uh we want people to be able to vote and vote privately confidentially nobody should know um what they're voting for um now i i can't you know go to if you're interested in three ballot voting system go to the you know do some research on it because

what i am going to uh say here about it is uh overly sim simplified to to the point of of being problematic but in any case uh the uh three ballot voting system think for yourself of of a ballot regular ballot in three parts the first part being the names of the people that you're gonna vote for uh the last part being the the check boxes where you're going to put your x but the middle part of the ballot being a set of fairly random lines connecting the names to the different boxes now that ballot is in three parts and if you detach any of those parts any of those parts uh you know first last or the one in the

middle then you do not know from the two remaining pieces what you know who this person voted for now that's that's as i say that's overly simplified because their reverse system does this but it does it mathematically and uh it's very interesting this can be implemented either on paper or digitally and the voter keeps one of the parts of the ballot there's three parts to the ballot the the voter keeps one part and therefore that protects their anonymity now uh because it's not the oversimplified example that i just gave the mathematical relation means that they can in fact count the votes even though it is in a sense encrypted it is anonymous and the three ballot voting system also

provides us with a number of things that we have not had before um you have non-repudiation of voting the the voter having voted uh the uh voting authorities although they do not know the way that anybody did vote they can tell that someone did vote the voter is also able to verify that their vote was counted because they've kept this this one piece and they can use that to to verify that their their vote was included in the totals the ballots are counted without being decrypted and this is the way of course you know part of the way that anonymity is protected and i i'm really impressed with this system i think it's it's great this is

the first uh proposal that i've ever seen that i'm willing to to consider possible in terms of uh implementation of online voting uh but in addition as i say you know can be implemented on paper we can take paper ballots um uh write them according to this uh three ballot voting system and still give people the the anonymity that they currently have with paper ballots uh the non-repudiation of voting for the authorities and the verification to the voter that their vote was counted um i'm really impressed with this and this is this is a very very good example of an application of homomorphic encryption now in in broader terms um we need to to address other functions i

mean election is is one function but it's very specific the thing with homomorphic encryption is that you have to decide what the function is that you're trying to accomplish in order to determine which homomorphic encryption algorithm you are going to use and homomorphic encryption is not a single thing you have to look at the uh purpose that you want it for the function you want to accomplish and that determines how you are encrypting the data in the first place it's not you know you you encrypt it with homomorphic encryption then you can find other ways to deal with it no you have to choose what you want to do with it first and that uh determines how you're going to

encrypt it now if you want addition and multiplication and we'll look uh at some examples in in a few slides here um if you're wanting to to do addition and multiplication and going back to the voting example uh voting is just a special case of of addition right so that uh numeric formula there that is the the demonstration of the laws of uh or the the principles of uh associative and and distributed principles in mathematics so any function f that fulfills that f a plus b equals f a plus f b any function f might be the basis for a solution for a homomorphic encryption algorithm that we can use if we want to have

addition and multiplication and this is the way that you decide um what is an appropriate homomorphic encryption uh you come up with a formula uh whatever function is going to fulfill that that a formula that that describes what you want to accomplish and any function uh that will fulfill that formula is the basis for a solution that you're going to pursue uh there so uh these are specific examples and again um these urls are all uh in the in the chat uh channel um ibm uh has something called bgb which which addresses addition and multiplication a lot of these are addition and multiplication uh microsoft has seal again uh looking at addition to multiplication um google has uh an interesting one

looking slightly different at it uh comparison and and limited edition under private joining compute now uh homomorphicencryption.org that is a a website that's got all kinds of references and resource materials there and in the the introduction page there um they've got all kinds of projects ongoing and most of these are you know you can see it's github there you know they're open source you can go you can get it you can download the uh the code you can start playing with it yourself and and look into homomorphic encryption uh and and work with it so um now again as i say you know this is considered uh terrific stuff um this is you know some people think it's the holy rail and

that sort of thing but what it is well it isn't a thing you know um it's it's sort of like a blockchain i you know i gotta get a t-shirt that says you know blockchain is not the answer because everybody's uh saying you know blockchain is the answer to everything well it's you know blockchain is not a single thing either and so as with blockchain there are various functions there are different functions that you're going to choose um and different implementations of it so they've you know they've got different uh strengths and weaknesses there and they will do different things um it's not universal as i i mentioned before you have to choose your function

in advance the function that you want to come out with the the answers that you want to come out with uh performing functions on the encrypted data determines how you encrypt the data in the first place and so if you want um the you know comparison you cannot use the same encryption that will give you addition uh you know if you want addition you can't use the the comparison so the the algorithms are going to be different and you're going to have to choose the algorithm based on the function that you want to come out of so we're not you know it's not one size fits all um yeah uh uh just uh going into cryptography here for a

second um you know in in cryptography we've got symmetric and we've got asymmetric algorithms and the you know the differences are you know it's symmetric um is is the stronger we know how strong symmetric encryption algorithms are they're you know pretty fast these days but there's a problem with key management you you have to find a way to pass the key out of band somehow uh and and you've got to manage keys and and the number of keys that you have to manage when you're dealing with so on and so forth whereas asymmetric is is not as strong but you know key management is not an issue because you've got that public key that you can post anywhere you can put

it up on billboards you can put it in the phone book doesn't matter so you know symmetric has problems with key management but it's good strong encryption asymmetric um it's big slow it's not very strong but there's no problem at all with key management so what we do is we have a hybrid system and we're going to use the the asymmetric uh crypto to manage the keys and that's all we're going to do because keys are relatively small in comparison to bulk data encryption so you know not a problem there but the uh you know we're going to use the symmetric algorithms for our boat uh data encryption and the asymmetric is is going to handle our keys

great great idea unfortunately for our current discussions here we can't do that with homomorphic encryption you are working directly with the encrypted data and again the the data is going to be encrypted in the way uh that is addressing what you want the specific function that you want so um and and also uh for homomorphic encryption this is very mathematically intense you know asymmetric encryption um is mathematically intense and you know this uh you know that's another reason that we we only use it for key management is you know we we don't want to use it for both data encryption it's it's really going to be slow uh lots and lots of compute cycles well

homomorphic encryption is going to be even worse here there's going to be a lot of of compute cycles here and because we're dealing with the encrypted data when we're you know running the functions um we're you know still going to be requiring an awful lot of processing time so this is going to be pretty slow um okay so the weaknesses here are we're going to have limited algorithms we're going to have restricted functions there they're not going to be you know absolutely everything we want to do or you know if if we find a way to do it it's you know we're only going to find that algorithm for that function um the uh you know again there are going to be

some things that homomorphic encryption just uh does not work for period as well as um there are going to be issues where this is not practical because of the processing time and if we are combining functions um the algorithms are are going to be even more limited uh and and we're going to see weaker uh encryption probably if if we try to add functions and and try to build an algorithm that will address a number of these functions for us um we're you know probably going to be building algorithms that have a lot of weaknesses are subject to a lot of of arithmetic attacks um again um recall from our bad examples earlier um the caesar cipher

is very weak in terms of the address space um and uh electronic code book is the the weakest mode for block ciphers so those weaknesses are are just inherent in in those examples they are also going to be inherent in the examples uh for homomorphic encryption and the algorithms that we use there okay cissp uh question time which of the following is not an effective deterrent against the database inference attack partitioning small query sets noise and perturbation cell suppression and i i love this uh thing because most people get fixated on the fact that no you don't want noise and if you're doing uh database work and in fact noise is a very effective uh

protection against uh inference attacks so um now again in terms of the weaknesses here i i mentioned this before the the accuracy um a number of homomorphic encryption algorithms only give you a a roughly correct answer um there are uh though those who are pursuing what is referred to as fully homomorphic encryption which will give you an accurate answer and uh gentry has a paper here uh one of the first ones to formally address this issue of fully homomorphic encryption again it's if you're interested in those you can undoubtedly by this time find more papers and examples on that issue but you're if you're into accuracy you're definitely going to have to go for fully

homomorphic encryption microsoft is using homomorphic encryption uh and they have been making a big issue of this well actually no it isn't that what they're doing is is storing passwords in in microsoft edge um and and it's just hashing again you know the password hash in the same way that we've always done it and besides google chrome has been doing exactly the same thing that they described in edge for years so um you know yes okay it is true they are using homomorphic encryption in the same way that everybody else has been using homomorphic encryption for a long time here so uh okay this has been a a very quick uh but hopefully uh useful

uh introduction to homomorphic encryption um hopefully that has has addressed uh a number of issues for you giving you an idea of what it is and what it isn't