Hacker News new | ask | show | jobs
by quantumtremor 3505 days ago
The problem with functional encryption is as you say, you need to hand over the "function" somehow to the server (presumably they use machine learning and tools that aren't feasible client-side), and there's no guarantee the private key is hidden unless you use something like indistinguishibility obfuscation, which isn't really practical at all right now.

Did you mean fully homomorphic encryption? (https://en.wikipedia.org/wiki/Homomorphic_encryption#Fully_h...) The server can compute the spam score under the encryption of an email, and client side decrypts and sorts it from there, so not even the server knows if a given email is spam or not. Of course, not that FHE is feasible, but perhaps this special case is...
1 comments
bascule 3505 days ago
No, I didn't mean FHE, because FHE does not meet the criteria given in the post, namely that it must happen as quickly as possible and cannot rely on the liveness of the client. The OP practically rules out schemes that involve looping in the client.
link
quantumtremor 3505 days ago
What? With FHE the client just gets an additional encrypted metadata that is the encryption of whether the attached file is spam or not. No looping required, whereas your functional encryption scheme seems to necessitate the client being "live."
link
bascule 3505 days ago
One of the requirements given in the OP (the one I was referencing in my previous post) is that the server can tell spam from non-spam without the client being online. The FHE solution doesn't work for this requirement.

The functional encryption scheme only requires a client to bootstrap it. Once the client has calculated the appropriate function based on their private key, they can give it to the server, who can thereafter apply it to incoming emails regardless of whether the client is online or offline.

link
quantumtremor 3505 days ago
Okay so to fix mine: create a circuit that decrypts a ciphertext using the private key, returning 1, 0, or Bottom depending if it's an encryption of spam marking or not, or not valid, and run it through iO. So both solutions still require iO...
link