It appears there there were interesting things going on in cryptography: the first homomorphic encryption scheme appeared recently (explanation, HT). Roughly speaking, it is a way of encoding x
into f(x)
such that you can compute f(x+y)
easily knowing f(x)
and f(y)
even though you can't easily restore x
and y
(and same for f(x*y)
).
What are practical applications for schemes of this type (once their security has been established)? To me, it appears they could make writing algorithms for manipulating private data much easier.
Here are my thoughts:
- electronic voting
- checking the integrity of private data
- is there a chance that would help privacy in general?
Example: I have accounts with Banks A, B, C. Entity X wants to confirm I have more than $1000 total; it would happily accept statements from Banks A, B, C or D, but unfortunately I don't have enough money in any single account. Bank A encrypts the info about my $500 dollars with my public key; similarly, Banks B and C encrypt the info that I have $200 and $300 respectively. They send these data to X who adds them to some number which I demonstrate to be in fact encrypted $1000 (by encrypting $1000 with my public key and demonstrating that the result is the same). I have proved something without disclosing to X
how much money I have in each account.
Another example: Good citizens X_1, ... , X_n are teaming up to select one of two candidates, one of which is latte-drinking liberAl while another is a Bible-bearing gun lover (all names are fictional). They decide they want the voting to be private but quick. They send their votes in the vector format (1, vote_A, vote_B, vote_None)
encrypted to the Election Commission which adds them publicly and obtains the result in the form (count, count_A, count_B, count_None)
. After checking that count = count_A + count_B + count_None
, the officials declare the victory of one of the candidates, after which the election is declared invalid by the judge for some reason unrelated to electronic voting and fought in the court for the next 10 years, but, hey, that's not my problem anyway.
Notes: - I believe those particular example was possible with RSA even before, since it only requires homomorphicity in one operation. The hope is that we can have radically more interesting things with more operations -- so, come up with examples!
I would especially like to see answers containing code and/or developing frameworks that have a chance of being used in practice, the reason being SO is not a theoretical computer science discussion board.
The homomorphic algorithm, to repeat what was said below in comments, allows to to create a program that would manage data without knowing them. Unfortunately, the types of programs are somewhat limited: you can't have
if (x=0) ...
becausex
is encrypted, and each step is very slow (there are some lattices involved).