Can Bitcoin-based Enigma encryption succeed where HE has failed?

Resolving how to speed up Homomorphic Encryption - via a simulated version called Enigma.

Can Bitcoin-based Enigma encryption succeed where HE has failed?
Can Bitcoin-based Enigma encryption succeed where HE has failed?

Solving the question of 'can you get sorted sales reports from SalesForce.com without SalesForce.com being able to see your data because it's encrypted?' or 'can I search through my Outlook.com mailbox if Microsoft cannot see the actual contents because it's encrypted?' is something that has been bugging people for ages.

The answer is not an easy one, but most people agree that it comes in the shape of Homomorphic Encryption (HE) or at least something that looks very much like it. HE means that an untrusted party (SalesForce.com or Microsoft in the above examples) would be able to perform the computational acts upon the encrypted data, and provide an encrypted result, without ever having your keys and with only you being able to decrypt that resulting data. That's why HE is seen as something of a Holy Grail in this age where Big Data and the Cloud are the buzzwords of the day.

The trouble with HE, or at least one of the troubles with HE, is that to get it to work at all takes a lot of computational power and even then it's slower than a pig swimming through treacle wearing flippers. How slow is that? Well the first HE breakthrough by IBM back in 2009 took about a trillion times longer to do a Google search than doing a Google search did without HE encryption being involved; in the years since that has improved so it now only takes a million times longer...

But what if you could get that speed loss down to just 100 times slower, and eventually down to a factor of just 10? That's what the inventors of a new prototype encryption method, similar to HE but not actually HE, called 'Enigma' for now and actually a form of secure multi-party computation which aims to achieve the same thing as HE, have created. It's new because it thinks around the edges of the box, if not actually outside it; and the box has a great big label on which says Bitcoin.

You see Enigma is the brainchild of a couple of Bitcoin entrepreneurs who, together with a MIT Media Lab researcher, have used features from the decentralized Bitcoin network architecture including an external blockchain to create what they reckon will be the ultimate peer-to-peer network for storing and running computations on data whilst keeping it completely private at the same time. The white paper announcing the technology, Enigma: Decentralized Computation Platform with Guaranteed Privacy, http://enigma.media.mit.edu/enigma_full.pdf has an abstract which reads:

"Enigma's computational model is based on a highly optimised version of secure multi-party computation, guaranteed by a verifiable secret-sharing scheme. For storage, we use a modified distributed hashtable for holding secret-shared data. An external blockchain is utilised as the controller of the network manages access control, identities and serves as a tamper-proof log of events. Security deposits and fees incentivise operation, correctness and fairness of the system. Similar to Bitcoin, Enigma removes the need for a trusted third party, enabling autonomous control of personal data. For the first time, users are able to share their data with cryptographic guarantees regarding their privacy."

For readers of a technical bent, I recommend you go and read that paper as it's only 12 pages long and it really is a thought-provoking thing of nerdlike beauty. For everyone else, here's the ‘dumbed down as much as I can' bit: Enigma will break your data up into tiny chunks and then randomly distributes meaningless bits of those to nodes in the network where the calculations are performed on each discrete lump before being returned to the user where they are put back together to form an unencrypted whole again. Obviously there is some maths involved to enable each node to do whatever computational task is required on just that miniature piece of data. Equally obviously, the more nodes there are the quicker the computing is and, importantly, the more secure this thing is as the pieces will be smaller. The Bitcoin blockchain keeps track of who has what and where by way of a metadata store, unforgeable courtesy of being copied to thousands of computers.

Amichai Shulman, CTO of Imperva told SCMagazineUK.com that the breakthrough here compared to existing research is "that presumably by distributing computation to various parties we can use improved methods that reduce the overall cost of the computations involved in this scheme.  So far the cost of HE has been prohibitive and it never went beyond simple mathematical functions."

While not wishing to make prediction about success, Shulman does agree that it's an interesting new way of achieving HE, even if it's not actually HE itself. "We do need to remember though that we are still speaking about simple computations rather than full blown applications" Shulman added, continuing "and, much like Bitcoin, most processing power will be controlled by a few large entities which can either bias results or actually get a peek into the data."

I'm not so convinced about that latter point, especially given that the creators of Enigma do seem to have given a lot of thought about the whole 51 percent attack problem. This is where, in Bitcoin, there is the potential for a majority of nodes to work together and get to the tipping point of 51 percent where they can then take over the blockchain and start ripping off the users. The fact that this has never happened would suggest it's not as easy as it sounds, and Enigma has been designed to make it even harder by way of requiring a security deposit. In effect every node that joins has to pay a bitcoin deposit to join the network, and any that is found to be dishonest would forfeit that deposit which would then be distributed between the other nodes by way of a disincentive.

Gavin Reid, VP of threat intelligence at Lancope speaking to SCMagazineUK.com is still to be convinced though, warning that there are several concerns to consider, not least that typically the cryptography itself is not usually the weakness but rather the practical implementation of that crypto. "Think of the huge amount of theft centred around Bitcoin implementation issues or vulnerabilities, like the transaction malleability issue" Reid continued, and remember that Enigma is loosely based around Bitcoin architectures and technologies.

"All of the other typical attacks will also come into play and have to be dealt with." Reid also reminds us "DDoS of nodes seems to be a potential weakness with the smaller numbers." If anything will stop this from being the big breakthrough in encryption technology moving forward though, Reid reckons, it's likely to be a matter of trust. "If the early implementations are broken" he says "then people will quickly lose trust in its abilities to protect them." With securing potentially high-risk data being the focus, any security issues will be magnified and quickly erode consumer confidence and thus adoption. "Just like the money incentive with Bitcoin" Reid concludes "hackers will have a data incentive to attack Enigma."

Sally Annereau, senior data protection advisor at law firm Taylor Wessing is equally unsure whether Enigma will meet the Holy Grail expectations that Homomorphic Encryption and its ilk has promised with regards to securing the integrity and confidentiality of managed data processing. "There are signs of exciting progress towards that goal although scalability appears to remain a big challenge given the sheer complexity of computations required on the encrypted data" she told SCMagazineUK.com

"It remains to be seen if they can evolve into enterprise-ready solutions that can be transposed, for example to commercial cloud hosting services or secured big data analysis across health services". She does, however, think that the signs are very positive and that effective homomorphic encryption or similar tools would be essential in facilitating compliance with data protection requirements, particularly around data security and ensuring an adequate level of protection for global personal data transfers. That said, organisations will need to be careful of leaping to embrace any technology that potentially promises so much before there is a full and proper understanding of the strengths and potential vulnerabilities of the solutions. "We will all need to do more than simply kicking the tyres of the technology before taking it for a spin" she warns.