re Homomorphic encryption cannot redeem SaaS

[Dave Farber <dave () farber net>]

Begin forwarded message:

> From: "David P. Reed" <dpreed () reed com>
> Date: July 12, 2010 1:49:53 PM EDT
> To: dave () farber net
> Cc: ip <ip () v2 listbox com>
> Subject: Re: [IP] Homomorphic encryption cannot redeem SaaS

> Richard makes a very good point, and his meta-point about words that are vague leading to poor  quality discussion is 
> also very good.
>
> Let me clarify the distinction that Richard is making by a simple example.   Let's suppose I want to run a program 
> really fast.  I have the source code of the program in my hands, and I have the data in my hands.  I don't want to 
> share the data with anyone, and I want the "right" answer, just faster than I can get on my personal resources.
>
> So I decide to use a virtual resource out in the Internet - which I rent by the minute.  (Amazon EC2?)   
>
> Homomorphic encryption suggests that I can take the source code P and "compile" it into a program Ph that is 
> specially organized so that it works on data in encrypted form, never revealing the actual values in the data during 
> the computation.
>
> So what I do is load Ph into the Amazon EC2 system, then take the data D and encrypt it to create Enc(D), which I 
> send to be processed by Ph.   The result Ph(Enc(D)) is then sent back to me, whereupon I decrypt it getting 
> Dec(Ph(Enc(D))), which is the same thing as P(D), if homomorphic cryptographic computation is demonstrated to work.
>
> Here's what I think is Richard's objection, though.   If P (the program) is offered as "Software as a Service", then 
> I don't know what the program does or how it works.   I gain no more control or knowledge of that program by running 
> a version Ph that works on encrypted data.   In fact, because I cannot understand anything about P by looking at Ph,  
> the only thing I can check about the service P provides is by checking certain things by testing known inputs and 
> outputs.
>
> This means that I cannot prove that P doesn't (for example) save my data and share it with a bad guy (whether that 
> bad guy is a competitor, the government, or a crook).   Merely validating a few sample test cases or even verifying 
> that the result is a "valid" result is not sufficient to bound the sort of "evil" that can be carried out "in the 
> cloud".
>
> So homomorphic encryption doesn't help very much with "cloud services" and any claims to the contrary are very likely 
> snake oil.
>
> However, a more limited claim - one that says that one can virtualize one's OWN program, to which one has the 
> complete source code and the ability to compile and modify it to be run on a "homomorphic cryptographic" engine - 
> that LIMITED claim has some significant potential value.
>
> But it may not have such value - because the execution unit executing Ph (the encrypted version of the code) may, by 
> watching Ph interact with the data Enc(D), be able to learn enough about the computation to significantly harm the 
> user, despite the two transformations - the one on the code and the Enc operation.
>
> We DON'T know.   This is good research, I am sure.  But it is NOT a good reason to believe that SaaS doesn't have 
> important risks.  Ameliorating those risks (IMO) probably requires that the operator of a virtualized service be held 
> accountable for liability to his/her users.  This cannot be accomplished by pure crypto in itself.
>
> On 07/12/2010 12:22 PM, David Farber wrote:
> > Begin forwarded message:
> >
> > From: Richard Stallman <rms () gnu org>
> > Date: July 12, 2010 8:36:58 AM EDT
> > To: David Farber <dave () farber net>
> > Subject: Homomorphic encryption cannot redeem SaaS
> > Reply-To: rms () gnu org
> >
> > Would you like to forward this to your list?
> >
> >    The goal is to create practical implementations of an idea that only
> >    recently has been shown to be possible in theory.  That a computation
> >    could be performed over data that remains in encrypted form throughout
> >    the entire computation.  In effect, the computer would execute a
> >    program without ever being able to discern any of the computed values.
> >    The possible applications of this are far reaching.  For example, you
> >    could let a cloud facility do all of your computing work without any
> >    possibility that any of your private information would be divulged. "
> >
> > The term "cloud computing" is so vague it only means "using the
> > internet somehow".  There are many ways to use the internet and they
> > raise different issues.
> >
> > If a server is doing "your computing work", that means it is Software
> > as a Service.  SaaS with homomorphic encryption would giving the
> > server operator unlimited access to your data, but that doesn't
> > eliminate the fundamental problem of SaaS.  SaaS is always bad for you
> > because it means you lose control of your computing.  It is just like
> > running a proprietary program.  For more explanation, see
> > http://gnu.org/philosophy/who-does-that-server-really-serve.html.
> >
> > For server activities that are not SaaS, where the control of your
> > data is the main issue, homorphic encryption could be a good solution.
> >
> > I've concluded that the term "cloud computing" is vague to the point
> > of impeding clear thinking, so I never use it.  See
> > http://www.gnu.org/philosophy/words-to-avoid.html for explanation.
> >
> >
> >
> >
> >
> >
> > -------------------------------------------
> > Archives: https://www.listbox.com/member/archive/247/=now
> > RSS Feed: https://www.listbox.com/member/archive/rss/247/
> > Powered by Listbox: http://www.listbox.com
> >
> >   



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com