[Cryptography] Factorable encryption
Natanael
natanael.l at gmail.com
Tue Aug 9 17:19:40 EDT 2022
Den tis 9 aug. 2022 22:47Jerry Leichter <leichter at lrw.com> skrev:
> The recent discussion of "data in use" and how to protect it led me to
> some speculations. I'd be curious if anyone has seen anything like it
> before, and whether any practical algorithms are known.
>
> The idea is to split a computation similarly to the way one splits a
> secret into shares. Suppose we have some cleartext C, encrypted to produce
> E. We wish to produce the encryption of f(C) for some function of C, but
> without revealing C to the element that computes f. Of course, homomorphic
> encryption is one way to do this, but the known algorithms are too
> expensive to be practical.
>
> So suppose we could instead split E into n pieces, E1 ... En, and also
> split f into n pieces f1 ... fn; and also have a combiner g; such that
>
> g(f1(E1), f2(E2), ..., fn(En)) == Encryption(f(C))
Isn't this just secure multiparty computation protocols (MPC)? See SPDZ as
one example.
There's already some organizations using it for key management, with the
security justification that a breach would need to succeed against multiple
systems instead of just one before the adversary can cause damage, and that
this is supposed to be easier to detect and prevent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220809/37c3b5df/attachment.htm>
More information about the cryptography
mailing list