7.08.2009

Guest blogger: Charles Lickel on IBM's cryptographic breakthrough

Guest blogger: Charles Lickel, vice president of software, IBM Research

It's been an exciting number of weeks here on IBM's cryptographic research team, as the cryptography community finds out more about the breakthrough made by Craig Gentry, who joined our team in April while finishing up a Ph. D. from Stanford.

Sometimes it's the relative "newcomers" to the field who bring the freshest perspective to the longstanding challenges we grapple with. They don't have the same assumptions and biases that veterans might have. This seems to be the case here, where Craig took a different approach to achieving complete homomorphic encryption. That's just a fancy way of describing how one might perform nearly unlimited calculations on scrambled, protected information without actually seeing the data.

It's been compared to working in the dark and wearing gloves to delicately manuever toxic or sterile substances in a hermetically sealed plexiglass box.

It's not that you can't analyze encrypted data -- you can -- but you wouldn't get very far, as the data gets progressively more muddled every time you perform a mathematical operation. And even if you could work meaningfully with the data, we assumed that you would also be limited to either multiplication or addition operations, not both. However, during his internships at IBM, and while at Stanford (with the help of some Manhattan coffeeshop-inspired daydreaming), he came up with a way for encrypted information to kind of clean up after itself, on the fly. It can do this after each mathematical operation, when the data is at risk of becoming hopelessly scrambled.

Now, why would you even want to analyze encrytped information? That seems impossible, doesn't it?

Well . . . not necessarily. Let's say a business wanted a computer vendor to host information about its customers, and perform complex mining on that data to discern sales trends. (Vendors are touting this service as "cloud" computing.) The host may be the most trustworthy vendor around, but a client would always be concerned that the proprietary data would somehow leak out or be seen by the wrong set of eyeballs. Craig's privacy encryption allows the vendor to perform very sophisticated analysis on the data they host without ever "seeing" the underlying information.

Or, here's another example: enabling the authorities to screen airplane passengers without compromising personal privacy. Or, let's say you wanted to submit queries to search engines in a way that keeps your identity confidential. The same goes for electronic medical records, which might need to be shared among, and analyzed by, doctors, public health officials and pharmacies, but without revealing specific biographical or personal information.

Of course, we still, need to smooth out a few rough edges, but peers and pioneers of modern cryptography agree that Craig's method is an exciting breakthrough. We're very proud of him as he has gone on to brief a variety of academics and conferences all over the world. One should begin to see the technology applied to actual products in the private sector a few years down the road.

As for Craig's forthcoming Ph. D? I'm not an academic advisor, but I'd say he's earned it :-).

11 comments:

  1. Very very cool breakthrough with positive implications for privacy but also cloud computing security.

    But... why is the link above redirected via Facebook and then bit.ly instead of directly to the IBM site??

    Cheers, Morton

    ReplyDelete
  2. Hi Morton. If you came to this post from our IBM Research Facebook page, FB adds the redirect. The bit.ly url allows us to use a smaller url and to track clicks so we can see how interesting (or uninteresting) our posts are to readers.

    -Kev, IBM, NY

    ReplyDelete
  3. Charles and Craig, Congratulations on this significant technical achievement by you and the team. This could blow the lid off CLOUD computing for us !
    Thanks for sharing, Tom

    ReplyDelete
  4. Thanks for sharing your comments, Charles. And congratulations to Craig for some great work that's really come to something.

    On the other hand, we do have to cut through the hype, and Craig would surely be the first to agree with that. He deserves awards and accolades. At the same time, this isn't ready to revolutionize anything yet.

    Going to the IBM press release, I have to note that the initial claim goes way too far:
    «The breakthrough, called "privacy homomorphism," or "fully homomorphic encryption," makes possible the deep and unlimited analysis of encrypted information -- data that has been intentionally scrambled -- without sacrificing confidentiality.»

    No, it doesn't "make [it] possible"; it shows that it's theoretically possible, which isn't the same thing. Again: it's a great piece of work. It's not likely to change anything next year, or the year after that. But it gives us a direction to take future research, which is wonderful.

    And, Charles, your comment in the press release, really:
    «Fully homomorphic encryption is a bit like enabling a layperson to perform flawless neurosurgery while blindfolded, and without later remembering the episode.»

    Star Trek references are always amusing, but do you actually believe that? This will not "enable businesses to make more informed decisions, based on more studied analysis, without compromising privacy" any time soon.

    For reference, here's security expert Bruce Schneier's take on it.

    Repeating once again, lest it be lost: Craig has done great work here, and there's no taking away from that! Just putting things into perspective.

    ReplyDelete
  5. You got a really useful blog I have been here reading for about an hour. I am a newbee and your success is very much an inspiration for me. Please come visit my site Dayton Ohio Business Directory when you got time. Thanks.

    ReplyDelete
  6. Hello mate, I want to thank you for this nice blog. Would you mind telling me some secrets for a succesful blog ? Which could attract some visitors than it normally does. Please come visit my site Fremont California Business Directory when you got time.

    ReplyDelete
  7. Since I’m new to blogging, these articles are greatly appreciated; very useful and informative blog and every body must visit this blog. Please come visit my site Tulsa Business Directory when you got time.

    ReplyDelete
  8. I really liked your blog! You have some great content. Check out my blog and give me some feedback Please come visit my site Minneapolis Business Directory when you got time.

    ReplyDelete
  9. I usually don’t leave comments!!! Trust me! But I liked your blog…especially this post! Would you mind terribly if I put up a backlink from my site to your site? Please come visit my site youth organizations when you got time.

    ReplyDelete
  10. I enjoyed reading your work! GREAT post! I looked around for this… but I found you! Anyway, would you mind if I threw up a backlink from my site? Please come visit my site event calendar listing when you got time.

    ReplyDelete