Cracked: the problem of sharing encrypted databases
Data handlers could soon collaborate on encrypted databases without revealing their secrets, following a homomorphic cryptography breakthrough by scientists at the University of Bristol.
Cryptographers have dreamed for 30 years of being able to add and multiply the contents of ciphertext, which would allow them to manipulate encrypted data.
“Our scheme could be really useful for storing data remotely, but still being able to access it,” Nigel Smart, professor of cryptology in the Department of Computer Science at the University of Bristol told PC Pro.
There are a few obstacles left until it is really practical. It might take 30 years to overcome these, or maybe only a few months, it is unclear
“Suppose I want to store a database in the cloud, but I don’t trust the cloud providers – I have to encrypt the database. If I then wanted to search the database I would have to download it, decrypt it and run the search myself.
“If we can get fully homomorphic encryption to work, I could get the cloud provider to search the encrypted data and once the specific item was found by the cloud provider it could be sent back to me for decrypting,” said Smart.
The work makes practical a theory put forward by IBM last year. The researchers claim potential applications for the technology are wide-ranging, involving any aspect of technology where privacy and collaboration are equally important.
They say the system could be used in medical research, with hospitals or drug companies performing statistical calculations on shared databases without revealing information about individual patients.
Alternatively, the homomorphic cryptology could improve security in electronic voting. Constituents would encrypt their votes and the returning officer could compute the outcome while maintaining voter privacy.
According to Smart, the research could lead to a commercial application, but he refused to put a date on when it might hit the market. “We can now ‘almost’ do the whole thing,” he said. “There are a few obstacles left until it is really practical. It might take 30 years to overcome these, or maybe only a few months, it is unclear.”