tags:

views:

244

answers:

4
+6  Q: 

Secret computing: does such an animal exist?

A question in theory of Computer Science

Today I can secretly store files in the cloud (say, amazon s3), by having them encrypted before I store them and decrypt them after I download. The storage provider cannot obtain any information from the stored files - everything is encrypted safely, and even symmetrical cipher will be ok here.

My question is if the same can be done with computing in the cloud. There is a computing provider in the cloud (say amazon ec2). Can I upload an "encrypted program" together with "encrypted input" for the program and have my cloud computing provider perform all the computations for me and generate for me an "encrypted output" - with the same security guarantees as in the "secret file store"?

Note that I am not talking about obfuscation and reverse engineering issues, but about secret computing with strong cryptography guarantees.

My hunch is it can't be done. Otherwise 1) it would exists, 2) my intuition is that no encrypted data can "keep being encrypted data" after transformations are applied to it, i.e. it just become gibberish.

Note Perhaps I lack the proper background in computer science, if someone could tell me what the exact nomenclature should be.

Pointers to academic literature, and clarifications regarding the concepts described above are actually called will be welcome.

Answer:

It looks that:

  • secret input and output, non-secret program: Only in theory

  • Secret input, secret output and secret program: not even in theory. (Update: perhaps yes, see Artelius' comment)

+11  A: 

Yes, such a thing does sort of exist although it is very theoretical at the moment. It's called Homomorphic Encryption. Here's a paper about breakthroughs made at IBM and there's a comment about it on Bruce Schneier's blog.

Basically, a Homomorphic Encryption system is one where:

decrypt (f (encrypt (plaintext))) = f (plaintext)

Skizz

Skizz  2009-10-01 11:18:26
+1 Wow! I'll have a good read of that. Time to delete my answer saying no :)
Robin Day  2009-10-01 11:23:54
Please correct me if I misunderstood Scheneier's blog: the "algorithm" is not secret, only the input and output are.
flybywire  2009-10-01 12:20:13
You are right, the algorithm is not secret or encrypted, and it can never be secret. The code has to be executed by something in a non-encrypted way. The service provider will always be able to get the code being run on the servers. It's usually best, from a security point of view, to have open algorithms that the community can inspect and test for weaknesses - obfuscation is not security! If you have a 'magic algorithm' no-one else has developed (and I hate to say this) there is always patent protection.
Skizz  2009-10-01 15:00:22
Wasn't Schneier saying that the idea was fundamentally impractical?
zebrabox  2009-10-05 21:13:16
+3  A: 

Actually, very recently someone solved the problem of what's called Fully Homomorphic Encryption. I'm not a cryptographer, but as I understand it, the basic idea is that someone could perform actions on encrypted data without even knowing what the data is, and these actions will actually have meaning (i.e., when the data is decrypted, anolagous changes will have taken place).

This has been an open problem in cryptography for a long time, and now that it's solved, technically someone could do something similar to what you propose. For example, you could upload data for Amazon's servers to work on, they could perform some kind of algorithm which is very specifically designed, and then send back your new data. (I don't know if there's a way to actually specify the algorithm itself liked you asked).

There is of course a problem with all this: it's still completely impractical, despite having been solved.

If you'd like to read more about this, I'd recommend the Wikipedia article, and also the article by Bruce Schneier "Homomorphic Encryption Breakthrough".

Edan Maor  2009-10-01 11:19:45
+1  A: 

Here are some more things you may wish to read:

http://en.wikipedia.org/wiki/Secure%5Fmulti-party%5Fcomputation

http://www.cs.uiuc.edu/homes/rosulek/pubs/enc-data/enc-data.pdf

http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.35.5151

Artelius  2009-10-01 11:30:34
A: 

Others have already pointed out the theoretic possibilities of fully homomorphic encryption, but I would like to point out that a (secret input, secret output, non-secret program)-system can be used to mke a (secret input, secret output, secret program)-system: just have the non-secret program be an interpreter for some general-purpose language and use (actual-program, input) as the input for the non-secret program.

Of course a standard computer embedded in a tamper-proof case and certified by an independent third party would be a much more practical solution.

Rasmus Faber  2009-10-01 18:06:16

related questions

What are the techniques for face detection on a bitmap?
Simple enough explanation of a Distributed Hash Table (DHT)
Could a truly random number be generated using pings to psuedo-randomly selected IP addresses?
Balancing a Binary Tree (AVL)
How do you handle small sets of data?
How to determine differences in two lists of data
"const correctness" in C#
Did you apply computational complexity theory in real life?
What's "P=NP?", and why is it such a famous question?
How does Jan Willem Klop's "(L L L...)" Y combinator work?
Big-O for Eight Year Olds?
What is a y-combinator?
How/When to abandon the use of Arrays in c#.net?
Hierarchical Group Permissions Theory/Resources?
Proving correctness of multithread algorithms
How to test randomness (case in point - Shuffling)
Recommended resources for computer science theory.
What is a DSL and where should I use it?
Coupling and cohesion
canonical problems list
What is the point of interfaces in PHP?
What is a lambda (function)?
What is Turing Complete?
Storing Images in DB - Yea or Nay?
How would you access Object properties from within an object method?