[ewillbefull]

This makes me curious.

Is it possible to use homomorphic encryption to create a network of "dump pipes" for exchanging data?

Tor is slow because data has to hop from peer to peer until it hits its destination. What if the "nodes" between you and the recipient ran on a single machine? Clients would simply send a homomorphically encrypted program to a central server which merely executed it. The programs and the data exchanged could be completely transparent, you could even give law enforcement access, and assuming:

1. the homomorphic encryption is secure

2. your data passes through enough trustworthy peers

3. there are enough nodes involved for plausible deniability

...it would not be possible to identify the path data takes as it is routed around.

Or am I missing something?

[shubb]

Could you explain what you mean a bit more clearly?

Traffic can be anonamised hopping it around many peers (assuming that a critical mass of them are not observed, which seems entirely likely these days).

If you sent a request to a single machine, which routed it between processes, eventually decoding the request, you are saying that the machine would not know what user made that request, and it could return the result via the same chain. But because both ends and the processing are observed, traffic analysis would yield which client asked for the file trivially. Rather like if the enemy controlled every node on your darknet, they could trivially know who you were and what you were doing.

The strength of the network is lots of nodes and lots of hops, in the hope that you will pass through enough uncontrolled ones that traffic can't be resolved. While what you suggest might, possibly reduce the risk from a compromised node in a multihop chain, it would not defeat traffic analysis, which is the major problem. Better just to inject fake traffic.

[ewillbefull]

Traffic analysis would not be a concern if the data being transferred and decoded by each program was interlaced with data from other streams. This would prevent an all-knowing adversary from following the data as it changes state through each program's execution.

And of course, the standard onion-encryption would be applied. The data on one end would be different than on the other or at any point in between. Padding to prevent size attacks, etc. (Everything Tor already does, I believe.)

The homomorphic-encryption would just allow you to 'outsource' your cryptography, routing and buffering mechanisms to a remote host, making data transfer between each individual 'identity' much faster without jeopardizing anonymity.

[kabouseng]

You could still trace packets into and out of the server, showing you exactly where your traffic is being routed. I don't understand how HE will magically solve this. An HE encrypted application cannot be run on a server, because the instructions would still need to be decrypted for them to execute. HE allows a server to perform an encrypted operation on encrypted data. What you can do is a type of DNS server without anybody knowing what URL's you are looking up.

[ewillbefull]

Hm, I was thinking more along the context of: http://newsroom.ucla.edu/portal/ucla/ucla-computer-scientist...

In retrospect homomorphic encryption may have little to do with this particular idea, I'm not a CS wizard or anything.

[9ac345a5509a]

(Fully) Homomorphic Encryption is necessary for this. One of the paper's authors (Craig Gentry) is also the creator of FHE. To quote the paper:

>Using indistinguishability obfuscator for NC^1 together with any (leveled) fully homomorphic encryption (FHE) scheme with decryption in NC^1 (e.g. [Gen09b, BV11, BGV12, Bra12, GSW13])

    Paper: http://eprint.iacr.org/2013/451.pdf

I have not read through the paper (yet, I plan to).