Rob Slade: Homomorphic Encryption

[Music]

[Music] greetings from somewhat overcast but at least not raining vancouver um i hope you are all well out there in calgary um this is homomorphic encryption um you can feel perfectly free to uh take a picture of that uh qr code and and get information about me um with you know absolutely no risk at all as long as you remember that i started my security life uh researching malware and therefore i know every possible way to get somebody tricked into installing malware on their computers um anyways this is a homomorphic encryption which is not just weak forms of encryption like rot13 here it is in fact uh the ability to encrypt your data and still be able to use it for

something without decrypting it you you don't have to do any decryption to to use homomorphic encryption and so that's uh an interesting way and a lot of people have been very interested in it possibly more interested than it really uh promises that that it um will deliver here uh so the the cse there there are spies um uh or our uh electronic intelligence spies anyways um they said that they were working on on homomorphic encryption the they called it the holy grail of encryption so uh you can see that some people are a little bit over enthusiastic about it maybe um particularly given that this is not new this this you know we have been using

this for a while and uh as one proof what do we do to store passwords we hash them do we ever unhash them no you can't unhash anything so password hashing is a form of homomorphic encryption we encrypt the password we hash it it's no longer there in the clear text but then we never do decrypt it what we do is when somebody submits a password we hash it again and if the hashes match then we're okay you know that is is the correct password or at least close enough for government work uh system work so some other examples and and unfortunately in order to illustrate this um these examples aren't particularly good so these um

you know there's there's exact search the electronic code book mode of of block cipher um which is the the weakest form of of ciphering as you can see here we got the original image we uh encrypt it using electronic code book mode and we can still see you know and get at least a rough idea of what the image actually is um so that's a you know that is the the weakest form of a block cipher the weakest mode anyways of a block cipher um and we can do an exact search in the same way we did with the password hashing um you know we can it as long as our our block length matches our record

length um we can do exact searches uh with that um it's uh you know again uh we some restrictions on it uh the block size has to match the record size um we can do uh as as well as the searching some forms of sorting for example if we take a caesar cipher you know good old uh rot 13 example or uh other ciphers that use mod functions we can um very often get a sorting capability out of those as long as we're not doing too much beyond the uh uh the the mod functions uh kovid 19 contact tracing and uh and you know while everybody else has been busy uh well sorry you know the whole population has been

unbusy during the the pandemic and we of course being the techies uh we have been busy and particularly putting on uh our events online and helping everybody else put on their events online and that sort of thing uh you know and all all that sort of thing i wrote a book on on cyber security lessons from covet 19. so uh i've looked into a fair amount of this stuff but covet 19 contact tracing uses random data as as a beacon and the beacon does not contain any personally identifiable information so again that isn't really encrypting the data that it is just using you know completely random data but it is useful um for that purpose

without betraying any uh personal information so and and then there's our uh vaccine passports and of course you can use this uh you know take a picture of it um use it to get into bars restaurants sporting events gyms and and that sort of thing and uh you know so uh now again you know this isn't uh really encryption this is encoding of course and it's it's encoded uh into the qr code it's encoded um behind the qr code and in various other ways and formats and and actually all the um uh vaccine passports uh pretty much across the country although they varied in in the way they've implemented it they uh the base format is in fact all the same

and and so uh the the government coming up with a new vaccine passport across the country um that shouldn't be too difficult because basically all they have to do uh you know all that's in there is uh you know there is your your vaccine record and it's in a specific format but it's a format used worldwide and so um that information can can get in there and all that the uh verification apps do is uh take your name out of the record take the fact that you have been vaccinated out of the record verify the digital signature of the you know provincial health authority and and that's it so you know all they have to

do we've you know got uh each province has their own right now and uh to get a national one all we really need to do is is you know add all the uh signatures for all the the provinces and and then it works so uh but again you know this is not really encryption so a better example though is the revest three ballot voting system of course we've uh you know we've had elections uh recently we had a provincial election last year the americans have just had a really disaster selection uh we had a federal election and and all that so you know everybody's talking about balance and and that sort of thing um the uh

and uh one of the things down in the states somebody is is pushing the idea of using blockchain for you know voting and that sort of thing which is a really terrible idea but the three ballot voting system is a really really interesting one um we uh we have private ballots and and you know right now they're anonymous but that's all we've got the three ballot voting system um uh uses homomorphic encryption and it delivers not just anonymity but non-repudiation of voting the it's verifiable to the voter that their vote has been counted the ballots can be counted without being decrypted and it can be implemented either on paper or digitally so it's a a really

really interesting system and if you are interested uh in this i i would look at the three ballot voting system and you know whether you're interested in homomorphic encryption or in electronic voting um interesting on both counts um okay to get into a more recent example of uh homomorphic encryption um there are systems of homoerotic encryption which will allow you to do addition and multiplication without doing uh the decryption on the original data so um there you know 3 times 4 plus 5 equals 3 times 4 plus 3 times 5. that is the associative and commutative laws of addition and multiplication and so any function that fits that format might be the basis for a solution so any function you can

find there could be something that you can use for homomorphic encryption that will allow you addition and multiplication and ibm has worked on this and uh they have a system bgv uh that is uh addition and multiplication uh microsoft has seal again addition and multiplication google has done something a little bit different um comparison and limited edition with uh private join and compute uh so now uh don't worry about the urls i pumped all of that into the chat so uh you can pick it up there you don't have to screenshot the slides i don't know if you want to screenshot the slides that's perfectly okay with me and homomorphicencryption.org is someplace you can go for more data on

this and and the introduction has even more examples of different places you can go and you can actually you know download and play with the code and and work with this stuff and and see how it actually does work um okay uh just a little break here because uh this is somewhat technical but uh seeing as how we got a slow start here uh we'll just continue on now what homomorphic encryption isn't is just as important as what it is it's not a thing it's there's various functions and implementations now all the same you know blockchain here it's not universal you have to choose your function in order to choose the particular uh work that you are doing with uh

uh homomorphic encryption so you know you don't encrypt it with homomorphic encryption and then decrypt it you know or work with it in various ways no you have to choose what you're going to use it for and that drives how you are going to encrypt the data in the first place so uh going uh taking a bit of a side issue to cryptography itself here there's symmetric versus asymmetric and of course you know symmetry is very strong but it has a problem with key management asymmetric is not as strong but is is great when it comes to key management so what we have done in crypto is we have uh we have the hybrid system where we use

the asymmetric encryption for key management only and the bulk data encryption is being done with symmetric encryption you cannot do that with homomorphic encryption you are working directly with the encrypted data and again the you know what you're using the encrypted data for is driven you know drives how how you encrypt the data in the first place and this is going to be heavily heavily mathematical and therefore it's going to use lots and lots of processing time on computers if if we are going to to use this stuff so it's this is not you know the holy grail of encryption this is not going to solve a ton of problems it's going to create some others it'll solve some some

problems but uh you have to recognize what the weaknesses are the algorithms are limited the functions that we can use are limited um and if you want a new function to use with homomorphic encryption you're going to have to find a an appropriate algorithm if we are combining functions the algorithms get even more limited we're you know going to be restricted and again as the [Music] restrictions grow on the algorithms because of the functions that you want that may weaken the strength of the algorithms and again recall the the bad examples that way caesar ciphers is the weakest uh in in terms of address space uh block mode uh sorry um uh ecb mode is the weakest mode for block

ciphers so obviously i have to change the wording of that that slide so uh which you know okay good old uh cissp question time which of the following is not an effective deterrent against a database inference attack is it partitioning small query sets noise and perturbation cell suppression well uh the the answer uh is uh usually hard for people to figure out here um because uh you know you get down to noise and perturbation and people think oh you know you don't want noise and perturbation and they're actually that's a very good effective deterrent uh against database inference attacks uh and uh you know so people don't really don't understand the the weaknesses in the system

and the accuracy of what we get out of homomorphic encryption is another concern here um a number of the proposed homomorphic encryption algorithms uh do provide for the functions but not necessarily with uh absolute accuracy and so there has been some some work done with what is known as fully homomorphic encryption so again when you determine what it is that you want to use the homomorphic encryption for you are going to have to decide do you want just you know roughly homomorphic encryption or fully homomorphic encryption so uh you know lots lots to decide lots to uh wonder about now um microsoft uh says that they are using homomorphic encryption and again going back to the

the three ballot voting system uh microsoft has come up with something called election guard um and uh from the way that it is described it very much sounds as if they are using the the three ballot voting system and therefore uh homomorphic encryption but uh recently what they came out on was uh saying that um their use of homomorphic encryption was uh safeguarding passwords in microsoft edge and and well no it wasn't or at least you know not in any great way because it's just password hashing again and besides google chrome has been doing that for years so again you know when somebody uses one of these uh security buzz phrases and says uh this is

something that we uh are bringing out and adding and newly developed and that sort of thing you know maybe they're just using the same thing over again and using a different term for it any particular questions wondering whether or not with the three ballot system the voter can prove that they voted in a specific manner and if so could that be used for vote selling ah interesting okay um uh that is that is an interesting question i am not absolutely certain i know that um with the three ballot voting system the voter can prove that their vote has been counted um i do not well uh with the three ballot voting system one one of the factors is that

um what you take away from the three ballot voting system i keep for yourself uh is one of or sorry two of the three ballots and and so it can be specified that what the voter takes away does not in fact prove um to somebody else the way that they have voted uh because they don't have the complete ballot there how uh how obvious how obfuscated that would be i'm i'm not absolutely certain but that it is an interesting question and again i would say go to um the the actual details on uh the three ballot voting system and and uh look up the details on that are there examples of where homomorphic encryption is being used today well as i said you

know when password hashing yes um it's in in terms of the other functions it's only just uh coming on um it is um uh i i can't think of anything specific um again i've given you the urls in in terms of where you can go in and look at the um at the algorithms and these are actual working algorithms it's not just i mean in a sense it's it's research as they're developing the algorithms um but you can actually you know use them dive into them and and work with them um in terms of uh the comment about nat blaze and other election experts uh hating internet voting um i i certainly agree with that and i

would go even further i would say that if you go to the risks form digest archives and just do a search on voting and you will find stuff stretching back 30 years and more all of us have been extremely concerned and and this is one of the reasons that we're concerned now that people are throwing in things like you know saying blockchain is is going to fix uh internet voting or online voting or machine voting and it's not you know it's it's not the type of appropriate stuff the three ballot voting system i would say is um it's quite different it is a new development um and i'm i'm very interested in uh seeing how people will work with that

and as i say you know it can it can work in uh both paper and digital systems and so we are not necessarily just um looking at at online voting in in this case i i think that it does give us um new functions and uh new features in voting um even with our paper ballot systems uh so it's uh it's a uh you know really interesting uh way to look at it and it is a very very uh good example of uh the potential use of homomorphic encryption that i think can uh address a lot of of issues that have been a problem for for decades uh without being effectively addressed uh should everyone be using homomorphic

encryption no not necessarily there's there's lots of uh cases where it just isn't the answer and in the same way you know i've got to get myself a t-shirt that says blockchain is not the answer um and uh you know in in the same way a lot of people are are uh pushing homomorphic encryption without really understanding uh what it is and and what the limitations are um homomorphic encryption seems to refer to the framework and not the encryption algorithm used uh if i've got this wrong how is hashing different than homomorphic encryption um okay in a sense you're you're right homomorphic encryption is not a specific algorithm there are a whole bunch of different algorithms

that are in fact uh examples of homomorphic encryption uh that uh you know homomorphic encryption is not one algorithm and again as i say you go to the uh different algorithms and and look at what they are intended to do and the function that you want for homomorphic encryption drives uh what algorithm it is that you use for your particular application

you mentioned that homomorphic encryption isn't universal because you have to pick a function could we pick a function that lets us support a universal instruction set or at least an instruction set that supports algorithms without too much recursion uh i very much doubt it i i very much as i say you have to pick a uh sort of a obtain a a a deep mathematical understanding of the function that you want and then pick an algorithmic function that will fulfill that specific function that you you want in the application um so it's it's uh very unlikely and i i would you know off the top of my head i would say impossible uh to pick a a universal instruction set

that would support um all kinds of of homomorphic encryption and as i say the the more functions that you try to build into an algorithm to use with homomorphic encryption i i strongly suspect uh that eventually they will find that uh putting too many functions into it weakens the encryption any thoughts on the use of homomorphic encryption to resist the challenges posed by quantum computers oh yes um a lovely question um i would say uh it's completely orthogonal um you're you're essentially trying to address two completely different problems the uh the quantum computers the um the issue with regard to quantum computers is uh with regard to the ability to do sort of multiple attempts at decryption

massive numbers of multiple attempts at decryption all in in one operation uh because of the way the quantum computers work um what you are doing with homomorphic encryption is using the data without decrypting it um so it's it's addressing two completely different problems and i they are are not really you know as we uh work with the mathematics of of one it may give us insights into the other but um the specific uh challenges and activities there um are basically pointing in two different directions so uh no sorry it's it's not really going to address that directly

any other questions comments

okay well thank you for listening