New Developments in Cryptography and Privacy

ofb_encryptionAccording to Help Net Security, Craig Gentry, a researcher at IBM, appears to have found a way to allow “the deep and unlimited analysis of encrypted information – data that has been intentionally scrambled – without sacrificing confidentiality.” The solution involves a an “ideal lattice.” I’ll leave the explanation of all the math to the math/computer science folks. As the Help Net article notes, the solution seems to enable some great advantages for anyone providing cloud computing for:

computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients’ behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry’s technique, the analysis of encrypted information can yield the same detailed results as if the original data was fully visible to all.

It all sounds wonderful. One could have encrypted data and let others data mine while maintaining anonymity or privacy. Yet, something seemed odd to me. So I did what lawyers do, I called someone who knew more about computer science and asked for some help. That person explained that yes this could mean one could query an encrypted database without decrypting the data. The example to consider is a database of book purchases. One could ask how many people bought both book A and book B and see that result without ever seeing what a specific person purchased. Great, right? Not so fast.

As this person reminded me, with other sources of information one can figure out what a specific person did. That reminded me of the AOL debacle. With a little work, people were able to figure out who the anonymous subjects were.

All of which highlights that privacy is not binary. The cluster of information and the ability to analyze it seems often, if not always, to lead to problems about the use of information. So if this breakthrough allows a company or the government to claim that we should remain calm and all is well, we may want to remain clam but show how all may not be well. A few regulations about the use of the data even if supposedly anonymous, might allow the beneficial aspects of the solution to thrive while limiting the harms that can occur.

Image: WikiCommons
By: Gwenda; License: Public Domain
(My apologies to CS folks if the image does not match the breakthrough’s area of encryption)

Code Cracking at the C.I.A. — Maybe They Should Call the N.S.A.?

200px-cryptonomicon_1stedWired reports that a sculpture at the C.I.A. has a sculpture made of copper with a code that so far has not been cracked. The artist James Sanborn created Kryptos which sits in a space that no one can see. Nonetheless, the encoded text from the sculpture is available here. It has been twenty years since the sculpture was installed. Now here is the part I love. There is a subculture of people trying to break the code.

The C.I.A. released the code to the world and it seems that many cryptographers have attacked the code. Three sections, K1, K2, and K3 have been decoded but that took seven years (the article has a picture of the code and the key). The last bit of code, K4, however, has yet to be deciphered. Apparently the artist, Sanborn, received some cryptography training from Ed Scheidt, former head of Langley’s Cryptographic Center. But Sanborn is the only one who knows about the key.

The stories of many people trying to crack the code including changing jobs to have more time to work on it and a 1300 member Yahoo! group are wild. The article also details the frustration people feel at Sanborn for not sharing the code and the on-going dance where would-be code breakers follow Sanborn’s statements for clues and suggest Da Vinci Code style theories (a picture of a piece of the sculpture is on the book cover. (An oh here is a good one for the IP minded: Dan Brown has indicated that he wants to use the sculpture as part of a book about the C.I.A. God help us all.) Whether Sanborn will ever give up the code is unclear, and he hints that he may not.

Maybe we’ll be lucky and Neal Stephenson will write a Cryptonomicon sequel that beats Brown and solves K4.