HOME COMPUTING WEB COMMUNICATIONS ENERGY …jhcheon/article.pdfenticing in an era of outsourcing and cloud computing. Turning Gentry’s innovative but impractical crypto scheme into

1/2페이지http://www.technologyreview.com/tr10/?year=2011

Year: 2011

2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2001

Social IndexingFacebook remaps the Web topersonalize online services

Smart TransformersControlling the flow of electricityto stabilize the grid

Gestural InterfacesControlling computers with ourbodies

Cancer GenomicsDeciphering the genetics behindthe disease

Solid-State Batteries High-energy cells for cheaperelectric cars

Homomorphic EncryptionMaking cloud computing moresecure

Cloud Streaming Bringing high-performancesoftware to mobile devices

Crash-Proof CodeMaking critical software safer

SeparatingChromosomesA more precise way to readDNA will change how we treatdisease

Synthetic Cells Designing new genomes couldspeed the creation of vaccinesand biofuel-producing bacteria

Every year, Technology Review looks at the advances that have happened over the previous yearand chooses 10 emerging technologies that we think will have the greatest impact. The ultimatecriterion is straightforward: is the technology likely to change the world? This year’s group includeshigh-energy batteries that could make cheaper hybrid and electric vehicles possible and a newclass of electrical transformers that could stabilize power grids. Some of our choices will alter howyou use technology: you’ll be tapping into computationally intensive applications on mobile devices,or using gestures to command computers that are embedded in televisions and cars. Other choicescould improve your health; for instance, doctors will craft more effective cancer treatments byunderstanding the genetics of individual tumors. But no matter the category, all 10 promise to makeour lives better.

Watch the TR10 Video Introduction

Past 10 Emerging Technologies:

Newsletters Mobile Apps RSS Feeds

Twitter

YouTube

Facebook

StumbleUpon

TR35 Our list of the 35 younginnovators of 2012. See list »

Explore our TR35 List: previousnext

More lists: Innovators Companies

Stay Connected

Want Technology Review magazine delivered toyour doorstep, desktop, or tablet?

Order now »

Technology Review Lists

Ryan Bailey

Shining a light on faster, cheaper, more accuratemedical tests

Read more »

Published by MIT

SubscribeLogin

HOME COMPUTING WEB COMMUNICATIONS ENERGY BIOMEDICINE BUSINESS VIEWS VIDEO EVENTS MAGAZINE

English en Español auf Deutsch in Italiano �� em Português

search

T E C H N O L O G Y R E V I E W L I S T S

10 EMERGING TECHNOLOGIES 2011

Homomorphic Encryption - Technology Review

http://www.technologyreview.com/article/423683/homomorphic-encryption/

Craig Gentry(IBM) A secure way to process datacould encourage more enterprises touse cloud computing.

Others working on HomomorphicEncryption Marten van Dijk, MIT,Cambridge, MassachusettsEleanor Rieffel, FX Palo AltoLaboratory, CaliforniaNigel Smart, Bristol University, U.K.

Homomorphic EncryptionMaking cloud computing more secure

1 comment

ERICA NAONEMay/June 2011

Ciphering: Gentry's system allows encrypted data to be analyzed in the cloud. In this example, we wish to add 1and 2. The data is encrypted so that 1 becomes 33 and 2 becomes 54. The encrypted data is sent to the cloud andprocessed: the result (87) can be downloaded from the cloud and decrypted to provide the final answer (3). Credit:Steve Moors

Craig Gentry is creating an encryption system that couldsolve the problem keeping many organizations fromusing cloud computing to analyze and mine data: it's toomuch of a security risk to give a public cloud providersuch as Amazon or Google access to unencrypted data.

The problem is that while data can be sent to and from acloud provider's data center in encrypted form, theservers that power a cloud can't do any work on it thatway. Now Gentry, an IBM researcher, has shown that itis possible to analyze data without decrypting it. The keyis to encrypt the data in such a way that performing a mathematical operation on theencrypted information and then decrypting the result produces the same answer asperforming an analogous operation on the unencrypted data. The correspondence betweenthe operations on unencrypted data and the operations to be performed on encrypted data isknown as a homomorphism. "In principle," says Gentry, "something like this could be used tosecure operations over the Internet."

With homomorphic encryption, a company could encrypt its entire database of e-mails andupload it to a cloud. Then it could use the cloud-stored data as desired—for example, tosearch the database to understand how its workers collaborate. The results would bedownloaded and decrypted without ever exposing the details of a single e-mail.

Gentry began tackling homomorphic encryption in 2008. At first he was able to perform onlya few basic operations on encrypted data before his system started producing garbage.Unfortunately, a task like finding a piece of text in an e-mail requires chaining together

Innovators Technologies Companies

TR35 Our list of the 35 younginnovators of 2012. See list »

Explore our TR35 List: previousnext

New on Technology Review

One-time Solar Giant Q-Cells to be SoldOff Soon

Slow Drug Release From CellularAutomaton Pills

Cyborg Tissue Monitors Cells

Securing Your Voice

Tingle 'n' Tangle

More »

Technology Review Lists

Prashant Jain

Tuning nanocrystals to make tinier, moreefficient switches for optical computing andsolar panels

Read more »

Published by MIT

SubscribeLogin

HOME COMPUTING WEB COMMUNICATIONS ENERGY BIOMEDICINE BUSINESS VIEWS VIDEO EVENTS MAGAZINE

English en Español auf Deutsch in Italiano �� em Português

search

T E C H N O L O G Y R E V I E W L I S T S

10 EMERGING TECHNOLOGIESSee list » 2011

Homomorphic Encryption - Technology Review

http://www.technologyreview.com/article/423683/homomorphic-encryption/

PREVIOUS:Solid-State BatteriesHigh-energy cells for cheaper electric cars

NEXT:Cloud Streaming

Bringing high-performance software tomobile devices

Securing Your VoiceResearchers turn voiceprintsinto passwords to avoidstoring your actual speechanywhere.David Talbot

Pakistan May Have toAbandonCryptography BanRobert Lemos

A Cloud that Can'tLeakTom Simonite

thousands of basic operations. His solution was to use a second layer of encryption,essentially to protect intermediate results when the system broke down and needed to bereset.

"The problem of how to create true homomorphic encryption has been debated for morethan 30 years, and Craig was the first person who got it right and figured out how to makethe math work," says Paul Kocher, the president of the security firm Cryptography Research.However, Kocher warns, because Gentry's scheme currently requires a huge amount ofcomputation, there's a long way to go before it will be widely usable.

Gentry acknowledges that the way he applied the double layer of encryption was "a bit of ahack" and that the system runs too slowly for practical use, but he is working on optimizing itfor specific applications such as searching databases for records. He estimates that theseapplications could be ready for the market in five to 10 years.

See all 2011 TR10

See all 2011 emerging technologies »

Related Articles:

1 comment

Sign in to comment

Post comment asPost comment asPost to+ Follow conversation

1 YEAR AGO

rriggioSensor/Mesh network applications

The idea is proven and can be applied to a variety of scenarios, for example we did develop anhomomorphic encryption scheme for implementing a secure middleware for wireless sensornetwork applications:http://disi.unitn.it/~riggio/lib/exe/fetch.php?media=publications:sasn2009.pdf

ReplyReplyLikeLike

http://www.cs.ut.ee/~lipmaa/crypto/link/public/fhe.php

Fully-Homomorphic Encryption

Papers[scholar]Fully homomorphic encryption using ideal lattices (Craig Gentry, STOC 2009)A Fully Homomorphic Encryption Scheme (Craig Gentry, PhD thesis)Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes (Smart & Vercauteren, eprint2009/571)Fully Homomorphic Encryption over the Integers (Marten van Dijk and Craig Gentry and Shai Halevi and VinodVaikuntanathan, eprint 2009/616)[scholar]On CCA-Secure Fully Homomorphic Encryption (J. Loftus and A. May and N.P. Smart and F.Vercauteren, eprint, 2010)[scholar]i-Hop Homomorphic Encryption and Rerandomizable Yao Circuits (Craig Gentry and Shai Halevi andVinod Vaikuntanathan, Crypto 2010)[scholar]Faster Fully Homomorphic Encryption (Damien Stehle and Ron Steinfeld, Asiacrypt 2010)[scholar]Implementing Gentry's Fully-Homomorphic Encryption Scheme (Craig Gentry and Shai Halevi,Eurocrypt 2011)Fully Homomorphic SIMD Operations (N.P. Smart and F. Vercauteren, 2011)[scholar]Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages (ZvikaBrakerski, Vinod Vaikuntanathan, CRYPTO 2011)[scholar]Fully-Homomorphic Encryption over the Integers with Shorter Public-Keys (Coron, Mandal, Naccache,Tibouchi, Crypto 2010)[scholar]Can Homomorphic Encryption be Practical? (Lauter, Naehrig, Vaikuntanathan, 2011)[scholar]Fully Homomorphic Encryption without Squashing Using Depth-3 Arithmetic Circuits (Craig Gentryand Shai Halevi, FOCS 2011)[scholar]Fully Homomorphic Encryption without Bootstrapping (Craig Gentry, eprint 2011/277)[scholar]Faster Algorithms for Approximate Common Divisors: Breaking Fully-Homomorphic-EncryptionChallenges over the Integers (Yuanmi Chen and Phong Q. Nguyen, eprint 2011/436)[scholar]Approximate common divisors via lattices (Henry Cohn and Nadia Heninger, eprint 2011/437)[scholar]Optimization of Fully Homomorphic Encryption (Jean-Sebastien Coron and David Naccache and MehdiTibouchi, eprint 2011/440)[scholar]Efficient Fully Homomorphic Encryption from (Standard) LWE (Zvika Brakerski and VinodVaikuntanathan, FOCS 2011)[scholar]Improved Key Generation For Gentry's Fully Homomorphic Encryption Scheme (P. Scholl and N.P.Smart, eprint 2011/471)[scholar]Public-key Compression and Modulus Switching for Fully Homomorphic Encryption over theIntegers (Jean-Sebastien Coron, David Naccache, and Mehdi Tibouchi, Eurocrypt 2012)[scholar]Fully Homomorphic Encryption with Polylog Overhead (Craig Gentry, Shai Halevi, and Nigel Smart,Eurocrypt 2012)[scholar]Faster Algorithms for Approximate Common Divisors ( Breaking Fully-Homomorphic-EncryptionChallenges over the Integers)

Applications[scholar]Minimizing Non-interactive Zero-Knowledge Proofs Using Fully Homomorphic Encryption (JensGroth, 2011)[scholar]Improved Delegation of Computation using Fully Homomorphic Encryption (Kai-Min Chung and YaelKalai and Salil Vadhan)[scholar]On-the-Fly Multiparty Computation on the Cloud via Multikey Fully Homomorphic Encryption(Adriana Lopez-Alt, Eran Tromer, Vinod Vaikuntanathan, STOC 2012)[scholar]Multiparty Computation with Low Communication, Computation and Interaction via Threshold FHE(Gilad Asharov, Abhishek Jain, Adriana Lopez-Alt, Eran Tromer, Vinod Vaikuntanathan, and Daniel Wichs,Eurocrypt 2012)

@Homomorphic Encryption (29.05.1)

[Scholar] Cryptology Pointers by Helger Lipmaa

Got any suggestions or additional links? Mail to <helger.lipmaa> gmail.com

NB! If you find any broken links, please be kind and report them to me together with their current location!

(C) Helger Lipmaa 1997-2009.

http://www.forbes.com/sites/andygreenberg/2011/04/06/darpa-will-spend-20-million-to-search-for-cryptos-holy-grail/

SUBSCRIBE TO FORBES Help|Connect|Sign up|Log in

IBM researcher Craig Gentry

Two years ago, IBM researcher CraigGentry revealed that he’d cracked a 30-year old theoretical problem incryptography: How to perform complexcomputations on encrypted datawithout decrypting it. That seeminglymagical trick would allow a computerto manipulate a user’s scrambledinformation without ever violating itssecrecy, a potential privacybreakthrough that’s particularlyenticing in an era of outsourcing and cloud computing.

Turning Gentry’s innovative but impractical crypto scheme into a workableproduct, on the other hand, will take years’–or even decades’–more work. Butto the defense and intelligence research agencies DARPA and IARPA, thatsounds like just the sort of ambitious challenge worth tackling.

On Tuesday, the Defense Advanced Research Projects Agency announced thatit’s awarded around $5 million to the Portland-based research contractorGalois to work on that cryptographic problem. Sally Browning, the principalinvestigator for Galois’ DARPA work, tells me that’s just a part of the $20million DARPA plans to dish out over five years to contractors and academicresearch teams as part of a program called Programming Computation onEncrypted Data. (In DARPA’s strange acryonym language, the program isabbreviated PROCEED.) IARPA, DARPA’s intelligence counterpart, inDecember issued a call for proposals for a similarly-focused project calledSPAR, or Security And Privacy Assurance Research.

Most Read on Forbes

SECURITY | 4/06/2011 @ 11:25�� | 6,914 views

DARPA Will Spend $20 MillionTo Search For Crypto's HolyGrail

NEWS People Places Companies

Andy GreenbergForbes Staff

Follow (534)

I've covered the information security and privacybeat for Forbes since 2007, with frequent detoursinto digital miscellania like switches, servers,supercomputers, search, e-books, onlinecensorship, robots, and China. My favorite storiesare the ones where non-fiction resembles sciencefiction. My favorite sources usually have the word"research" in their titles. Since I joined Forbes, thisjob has taken me from an autonomous car race in

Follow (534)

Andy Greenberg, Forbes StaffCovering the worlds of data security, privacy and hacker culture.

+ show more

+ show more

Tropical Storm Isaac Should RivalTropical Storm Isaac Should RivalHurricane KatrinaHurricane Katrina +250,271 views

Why The Apple vs Samsung Verdict Is AWhy The Apple vs Samsung Verdict Is ABig MistakeBig Mistake +51,530 views

The Ten Most Dangerous ThingsThe Ten Most Dangerous ThingsBusiness Schools Teach MBAsBusiness Schools Teach MBAs+45,796 views

A 'World of Warcraft' Player ReviewsA 'World of Warcraft' Player Reviews'Guild Wars 2''Guild Wars 2' +21,153 views

How To Build A Billion Dollar BusinessHow To Build A Billion Dollar BusinessPlan: 10 Top PointsPlan: 10 Top Points +19,637 views

1 comments, 1 called-out + Comment now

DARPA Will Spend $20 Million To Search For Crypto's Holy Grail - Forbes

http://www.forbes.com/sites/andygreenberg/2011/04/06/darpa-will-spend-20-million-to-search-for-cryptos-holy-grail/

4 129 2

Both SPAR and PROCEED aim to work out a way to both encrypt data and letit be used and manipulated. SPAR’s program announcement offers theexample of building a database in which a user can make a query that thedatabase accurately answers without ever learning the content of that request.Other examples might be a search engine that finds results on the Webwithout ever seeing a readable search term, or a voting system that can tallyballots without ever looking at them in an unencrypted form.

Those cryptographic sleights of hand may sound logically impossible. In fact,this sort of computable encryption, what cryptographers call “fullhomomorphic encryption,” was proposed three decades ago bycryptographers Ron Rivest, Leonard Adleman, and Michael Dertouzosbut remained a long-unsolved problem. That is, until IBM researcher CraigGentry published an elegant solution in June of 2009.

I wrote about Gentry’s paper at the time in this article for the magazine.Gentry is quoted comparing fully homomorphic encryption to “one of thoseboxes with the gloves that are used to handle toxic chemicals.”

“All the manipulation happens inside the box,” he says, “and the chemicalsare never exposed to the outside world.”

On Wednesday, Gentry’s work earned him the Association for ComputingMachinery’s Grace Murray Hopper Award, one that’s formerly been given toluminaries like Ray Kurzweil, Steve Wozniak and Bob Metcalfe.

But there’s still a major hurdle for Gentry’s method: It takes immensecomputational power. A single Google search, for instance, would take aboutone trillion times as long with fully homomorphic encryption as it would in itsunencrypted form.

DARPA and IARPA’s contractors will seek to find new, more efficient ways toimplement schemes like Gentry’s. According to DARPA’s guidelines, its goal isto reduce the computing time for fully homomorphic encryption by a factor of10 million compared to its current state, or alternatively to reduce it to100,000 times the computation required for unencrypted computing.

When I spoke with Gentry, he said he already has some tricks up his sleeve.He’s recently discovered a new version of the fully homomorphic schemethat’s still very inefficient, but may be more open to computational shortcuts.(He declined to share more details before the paper can be published.) “It’s avery different approach,” says Gentry. “It adds more flexibility that might let itbe better exploited.”

What are the odds that Gentry’s new method will unlock fully homomorphicencryption for practical use? “When I have an idea, its probability of workingis usually about one percent,” says Gentry with a chuckle.

Judging by that success rate from the inventor of fully homomorphicencryption himself, DARPA, IARPA, and their contractors will have plenty ofwork ahead.

Who Just Made a Billion Dollars?

Our Real-Time Billionaires scoreboard tracksthe biggest holdings for 50 of the world’swealthiest people.

See who's up & who's down right now »

ANDY GREENBERG’S POPULAR POSTS

An Interview With WikiLeaks' Julian Assange911,621 views

WikiLeaks' Julian Assange Wants To Spill YourCorporate Secrets 509,136 views

Meet Comex, The 19-Year-Old iPhone Uber-HackerWho Keeps Outsmarting Apple 395,181 views

Full-Body Scan Technology Deployed In Street-Roving Vans 370,761 views

Hacker Will Expose Potential Security Flaw In FourMillion Hotel Room Keycard Locks 223,533 views

MORE FROM ANDY GREENBERG

FP jobs at Jane StreetScheme programmers welcome! Program inOCaml at Jane Streetjanestreet.com

Is Your Network Secure?Call Gigamon +1.408.263.2022 to LearnHow to Improve Securitywww.gigamon.com

MorphoTrak BiometricsMorphoTrak has a complete portfolio ofbiometric identification systemswww.MorphoTrak.com

NUS Strategic Management1 week program for leaders & seniormanagers. Held in Singaporeexecutive-education.nus.edu/

1 comments, 1 called-out + Comment now

Most Most PopularPopular3 Simple Questions

ListsListsMost Powerful Women

VideoVideoPower Women

http://researcher.watson.ibm.com/researcher/view_project.php?id=2720

TJW Security DepartmentTJW Security Department

About the Team

The TJW Security Department's research focuses on developing security technologies, design methodologies, best practices and standards. Thegoal is to significantly raise the bar on the quality of security in products and services while simultaneously easing the overhead of developing anddeploying such secure solutions.

Members of the group are known for their pioneering work on a variety of topics that have led to new technologies being incorporated in IBM'sproducts and services, definitive industry leading standards as well as publications in premier security workshops and conferences.

The group continues to do innovative work on various topics including:

cryptographic research from the theoretical foundations to the design and implementation of practical protocols.

cybersecurity analytics

cloud security and secure service delivery environments

emerging identity and access control management such as privileged user monitoring, role modeling and mining

secure hypervisors and operating systems

secure processor technologies via physical secure co-processors, service processors and novel hardware architectures

ethical hacking as part of the Global Security Analysis (GSAL) activities

In The News

2011-11-20: NJIT is hosting this falls NYC Security & Privacy Day on Dec. 2, 2011. See http://cs.njit.edu/~crix/SnP11/index.html for program andmore information.

2011-09-30: In the context of U.S. Defense Advanced Research Projects Activity (DARPA)'s PROCEED and U.S. Intelligence AdvancedResearch Projects Activity (IARPA)'s SPAR programmes, our department has won won three research grants to work on homomorphicencryption and privacy-preserving database querying.

2010-06-06: For his breakthrough construction of a fully homomorphic encryption scheme, our Craig Gentry received the Grace Murray HopperAward

2010-05-30: Our work on secure key derivation function, published in Advances in Cryptology -- CRYPTO, 2010 got standardized at IETF asRFC 5869.

2010-05-017: Our pioneering work on Homomorphic Encryption continues to garner recognition: Craig Gentry's STOC 2009 has been award thePET Award Awardfor Outstanding Research in Privacy Enhancing Technologies, his thesis won the prestigious ACM Doctoral DissertationAward and various new results have appeared in this years major cryptography conferences Eurocrypt and Crypto.

2010-03-30: U.S. Federal Aviation Administration selects IBM to Design and Build Advanced Cyber Security Analytics System.

2010-02-04: U.S. Air Force selects IBM to Design and Demonstrate Mission-Oriented Cloud Architecture for Cyber Security , to benefit fromtechnologies such as Trusted Virtual Data Center (TVDc) and Security Services in Virtualized Environments as well as our expertise in streamanalytics.

older news ...

Projects

To find out more about our activities, explore the following list of current projects:

Botnet Detection Using Stream Processing

Cryptographic Research

Mobile Security

You might also be interested in some of our completed projects ...

If you are interested in these topics and you have a strong background in security, software engineering and services: Our team has openings for avariety of research positions including interns, coops and Research Staff Members. Please contact Josyula R. Rao for more information.

http://www.cs.bris.ac.uk/news/news-item.jsp?nid=194

Contact Us | News 25th Anniversary | Generated: 28 August 2012 @ 00:50:09 BST

25 February 2011

More News...

Last week Prof. Nigel Smart was at a meeting in SanAntonio (Texas), where he was attending the kick-offmeeting for a new exciting project we are involved in. Theproject, to investigate aspects of Fully HomomorphicEncryption, is funded by the US governments DefenseAdvanced Research Projects Agency (DARPA) as part ofits PROCEED (PROgramming Computation on EncryptEdData) effort.

DARPA was founded in 1958, originally named ARPA, andhas over the years invested in a number of groundbreaking new technologies. In Computer Science thesehave ranged from the Internet itself (originally calledARPANET), to modern operating systems (via the Multicssystem), through to the GPS Global Positioning System.

The project we are involved with aims to developtechnologies for computing on encrypted data on remotecomputers, as securely as if it were on your own machine.If successful the project will enable ground breaking newinformation security applications such as cloud basedspam filtering, secure database queries (such as neededfor medical databases), and statistical pooling of dataacross organizational boundaries without compromisingprivacy.

Our contribution is to provide input into the mathematicalfoundations underlying this new area. The grant will helpus build on the success of our recent work in this area asexemplified by our work on Fully HomomorphicEncryption, and the EU funded CACE project. It isparticularly timely due to the Dagstuhl seminar we are co-organizing on this topic later in the year.

© 1995-2012 University of Bristol | Terms and Conditions | Use of Cookies About this Page

DARPA Funds Bristol CryptographicResearch

search << 2011-2 >> Home | Index | People | Teaching | Research | Study @ Bristol

D e p a r t m e n t o f

C ompu t e rS c i e n ce

12. 8. 28. 오전 8:52Bristol wins £1m for computing on encrypted data - SW Innovation News

1/5페이지http://www.swinnovation.co.uk/2011/05/bristol-wins-1m-for-computing-on-encrypted-data/

SW Innovation NewsCovering Innovation News across the SW

RSS Feed Comments

HomeSponsorsCollaboration OpportunitiesContactAbout UsCompaniesEditor’s BlogNews

Nuclear disaster leads to face mask designSecond round opens for rural broadband bidsBVM Mobile launches new systemXMOS taps ARM for advisory boardTOPCAT for satellite weather monitoringSELEX opens Centre of Excellence in BristolVirtual MIMO antennas – sharing can workBath installs DC network on campusXcore open source libraries for streaming sound and video over EthernetBristol exhibition on the body and brainNanotech in Aerospace

FeaturesUndergraduate lab software moves into biology and physicsBristol opens up to innovationThe Western Way

Startup uses cell triangulation for RF trackingQuantum photonics paves the way for more secure communications

Search this website... GO

Bristol wins £1m for computing on encrypteddataMay 12, 2011 by adminFiled under: News

Bristol University’s Cryptography Group has received nearly £1 million from the Engineering andPhysical Sciences Research Council UK (EPSRC) with the aim of transforming security applications inthe future.

12. 8. 28. 오전 8:52Bristol wins £1m for computing on encrypted data - SW Innovation News

2/5페이지http://www.swinnovation.co.uk/2011/05/bristol-wins-1m-for-computing-on-encrypted-data/

The grant will enable the research group, led by Nigel Smart, Professor of Cryptology in the Departmentof Computer Science, to continue their work on forms of technology that enables computing on encrypteddata, such as fully homomorphic encryption and multi-party computation. The project aims to take thesetheoretical approaches and examine more closely the barriers to true practicality and will have wide-ranging impact on areas as diverse as database access, electronic auctions and electronic voting.

The new grant is in addition to another grant from the US agency, Defense Advanced Research ProjectsAgency (DARPA), for research on fully homomorphic encryption.

“It is really important that the UK invests in research in this area, as the potential benefits if we can makethis technology practical could be immense,” said Professor Nigel Smart. “However, the timeline to auseable practical realisation could be many years. This investment by EPSRC shows a deep understandingof the long-term nature of the contribution of university research to the competitiveness of UK plc.”

In 2009 Craig Gentry from IBM came up with the first scheme which simultaneously allows you to “add”and “multiply” ciphertexts. Gentry’s scheme, although an amazing theoretical breakthrough is notpractical, and last year the group at Bristol showed how one could instantiate Craig Gentry’s breakthrough2009 scheme by simplifying the key generation and encryption procedures to produce a partially workingsystem.

Related articles

Making cloud computing more secure – Homomorphic Encryption (technologyreview.com)Homomorphic Encryption (technologyreview.in)DARPA Will Spend $20 Million To Search For Crypto’s Holy Grail (blogs.forbes.com)Homomorphic Encryption (technologyreview.com)DARPA spends $20 million on homomorphic encryption (i-programmer.info)Ten Technologies Set to Transform Our World Identified by MIT Technology Review(talesfromthelou.wordpress.com)

Tags: academic

Comments

Tell me what you're thinking... and oh, if you want a pic to show with your comment, go get a gravatar!

Name (required)

Email Address (required)

Website

http://www.darpa.mil/Our_Work/I2O/Programs/PROgramming_Computation_on_EncryptEd_Data_(PROCEED).aspx

PROgramming Computation on EncryptEd Data (PROCEED)

Cloud computing provides computing capabilities as a service rather than a product. Advantages to this include reduced costs and maintenance, and increased flexibility, availabilityand scalability. Cloud computing, however, also presents some potentially significant securityissues. In particular, vulnerabilities could include compromise of data security and loss of keyinformation. Any computer or web-friendly device connected to the Internet could gainunauthorized access to pools of computing power, applications, or files – compromisinginformation security in cloud-computing environments.

DARPA’s Programming Computation on Encrypted Data (PROCEED) program is a researcheffort that seeks to develop methods that allow computing with encrypted data without firstdecrypting it, making it more difficult for malware programmers to write viruses.

One strategy, fully homomorphic encryption (FHE) seeks to address this issue by requiring aclient to encrypt data before sending it to the cloud. This client would then provide the cloudwith executable code to allow it to work on that data without decrypting it. Results are returnedto the client still encrypted. Since only the client controls the decryption key, no one else is ableto decrypt either data or results, ensuring the security of that information. Research has shownthat while computation on encrypted data is theoretically possible, that computation slows bynearly 10 orders of magnitude, making it infeasible. A related research area is secure multipartycomputation (SMC), in which multiple entities can jointly perform computations while maintainingthe privacy of each entity’s data. As with FHE, SMC protocols incur significant overhead,typically at least two orders of magnitude.

The PROCEED program seeks to make computation on encrypted data practical. It plans tosupport research in mathematical foundations of FHE, secure multiparty computation, optimizedhardware and software implementation, and programming languages, algorithms and datatypes. If successful, PROCEED could fundamentally change how computations are made inuntrusted environments. Potential implications for security of cloud-computing architectures aresignificant.

PROCEED began research in February 2011. After its first year, preliminary measurementssuggest a two-orders-of-magnitude speed increase in FHE.

Program Manager

Dr. Drew [email protected]

https://www.fbo.gov/index?s=opportunity&mode=form&id=9358278f35a1c1ea713dca2c9a86a05e&tab=core&_cview=1

Solicitation Number:DARPA-BAA-10-81

Notice Type:Combined Synopsis/Solicitation

Buyers: Login | Register Vendors: Login | Register Accessibility

Complete View

Original SynopsisCombinedSynopsis/SolicitationJul 06, 20105:26 pm

ChangedJul 07, 20106:00 pm

Return To Opportunities List

Synopsis:Added: Jul 06, 2010 5:26 pmFULL ANNOUNCEMENT IS ATTACHED

The goal of the PROCEED research effort is to develop practical methodsfor computation on encrypted data without decrypting the data and todevelop modern programming languages to describe these computations.PROCEED is a comprehensive research effort with six primary researchthrusts:

• Mathematical Foundations of Fully Homomorphic Encryption - Discoveryand development of new mathematical underpinnings for efficientcomputation on encrypted data is needed in a noninteractive setting. Thesolution might involve fully homomorphic encryption [Gentry09, Gentry10,Smart10] that allow noninteractive computation on encrypted data. Thisarea is captured in RA-10-80, and interested proposers are referred to thatsolicitation.

• Mathematical Foundations of Secure Multiparty Computation - Discoveryand development of new mathematical underpinnings for efficientcomputation on encrypted data is needed in an interactive setting. Securemultiparty computation [Yao86, Bickson10] has a rich history of interactivecomputation on encrypted data, but requires further improvements to betruly practical.

• Mathematical Foundations of Supporting Security Technologies -Computation on encrypted data preserves the confidentiality of the databeing computed on, but does not inherently protect the integrity of thecomputation, nor provide strong protection of the program, among otherpotentially desirable security goals. Techniques to address these andother related security issues are sought in the PROCEED research effort.

• Implementation/Measurement/Optimization - To make computation onencrypted data practical, highly optimized implementations, possiblyincluding programmable hardware, will be needed. Experience showsthere can be at least an order of magnitude difference in the performanceof highly optimized cryptography implementations over less sophisticatedimplementations.

ALL FILES

DARPA-BAA-10-81

Jul 06, 2010

PROCEED BAA - 201007...

GENERAL INFORMATION

Notice Type:Combined Synopsis/Solicitation

Original Posted Date:July 6, 2010

Posted Date:July 7, 2010

Response Date:Aug 24, 2010 12:00 pm Eastern

Original Response Date:Aug 24, 2010 12:00 pm Eastern

Archiving Policy:Automatic, on specified date

Archive Date:January 3, 2011

Original Set Aside:N/A

Set Aside:N/A

Classification Code:A -- Research & Development

NAICS Code:541 -- Professional, Scientific, andTechnical Services/541712 --Research and Development in thePhysical, Engineering, and LifeSciences (except Biotechnology)

PROgramming Computation on EncryptEd Data (PROCEED)Solicitation Number: DARPA-BAA-10-81Agency: Other Defense AgenciesOffice: Defense Advanced Research Projects AgencyLocation: Contracts Management Office

Notice Details Packages Interested Vendors List Print Link

PROgramming Computation on EncryptEd Data (PROCEED) - DARPA-BAA…-81 (Archived) - Federal Business Opportunities: Opportunities

https://www.fbo.gov/index?s=opportunity&mode=form&id=9358278f35a1c1ea713dca2c9a86a05e&tab=core&_cview=1

Primary Point of Contact.:Drew [email protected]

For Help: Federal Service Desk Accessibility

implementations.

• Algorithms - Practical computation on encrypted data will require librariesof data structures and algorithms that are optimized for efficiency in theencrypted domain. Most current approaches to computation on encrypteddata work by turning a program (with a bounded maximum input size) intoa circuit. An important goal for optimization is minimizing circuit depth,which is traditionally a goal of hardware designers, not programmers.

• Programming Languages - More advanced languages are sought, withtype systems that embed cryptographic knowledge, making programmingcomputation on encrypted data no more difficult than conventionalprogramming. Today's languages for computation on encrypted data, suchas the one in the FairPlay system [Malkhi04] are simple, imperativelanguages that have little, if any, type system support for cryptography.

PROCEED will have a research integrator role to define a commoncryptographic application programming interface (API), ensuring thecompilers and cryptography implementations are interoperable and tosupport the Government's evaluation team.

FULL ANNOUNCEMENT IS ATTACHED

Please consult the list of document viewers if you cannot open afile.

Type: Other (Draft RFPs/RFIs, Responses to Questions, etc..)Posted Date: July 6, 2010

PROCEED BAA - 20100706 v2 FINAL.pdf (307.29 Kb)Description: Full Announcement of DARPA-BAA-10-81

Contracting Office Address:3701 North Fairfax DriveArlington, Virginia 22203-1714

Return To Opportunities List

DARPA-BAA-10-81

[첨부E] 연구그룹(일부)

• Craig Gentry, Shai Halevi (IBM): DARPA (FA8750-11-C-0096)

• Nigel P. Smart (Bristol University): DARPA and AFRL (FA8750-11-2-0079)

• Vinod Vaikuntanathan (University of Toronto): DARPA (FA8750-11-2-0225)

• Patrick Gerard Traynor (Georgia Tech): PI, Characterizing and Implementing EfficientPrimitives for Privacy-Preserving Computation, $537,000 (6/1/11 - 5/31/14).

• Matthew D. Green (Johns Hopkins University): Co-PI, Amount: $344,000.

• Kurt R. Rohloff (BBN Technologies): PI, Lead architect and technical manager to proto-type in software and hardware a new type of encryption for secure computing on untrustedhardware.