|
|
|
|
|
|
by hedora
2960 days ago
|
|
|
No, it is much worse for homomorphic encryption than for conventional encryption. Homomorphic encryption systems are trying to push a computation to an untrusted server instead of just downloading the whole data set and doing the computation locally. It is known that this doesn’t work if any one of these bullet points is true: (a) the size of the results are correlated to facts contained in the answer and the attacker can get you to run queries (even if you don’t share the results) (b) the computation on the server supports basic arithmetic (c) the computation on the server supports equality tests (d) it is computationally feasible for the server to perforn a computation over O(1) data by examining O(1) bytes. Given those (and other, more subtle) constraints, the challenge is to design a practical HE service. There aren’t any examples of people successfully building such a system so far. |
|
|
(a) is a classical side-channel attack, and as I say non-homomorphic libraries already take these kinds of attacks in consideration. HE won't be an exception to that, depending on what level of privacy is needed.
I did not understand what you mean by (d), and to be honest by (b) either. If you have any papers/blogs about that I'll be glad to read them.
And yes I agree, successful FHE system is inexistent as for now. But the evidence of the bare existence of FHE is only ten years old, somewhat practical FHE is even younger. We've not even reached practical FHE yet, security issues will be tackled when they will become the blocking point. At this point of the technology you can't expect research to be immediately applicable. ZK proofs were first designed in the 80s, and as far as I know they only started to be used in practice (zk-SNARKS for instance) recently.
[0]: https://ieeexplore.ieee.org/document/7941933/