So homomorphic encryption means the server can compute on the data without actually knowing what’s in it. It’s counter-intuitive but better not think about it as encryption/decryption/encryption precisely because the data is NOT decrypted on the server. It’s sent there, computed on, then a result is sent back.
Wait, it’s called homomorphic encryption? All we’d have to do is tell MAGAs that Tim Apple just started using homomorphic encryption with all the iphones and the homophobic backlash would cause Apple to walk this back within a week.
It might still be possible to compare ciphertexts and extract information from there, right? Welp I am not sure if the whole scheme is secure against related attacks.
I don’t think so, at least assuming the scheme isn’t actually broken… but then arguably that would also have far reaching consequence for encryption more broadly, depending on what scheme the implementation would be relying on.
The whole point is precisely that one can compute without “leaks”.
Why do I say “funnily enough” is because, just like with e.g. IMEC for chips, some of the foundation of modern technology, comes from the tiny and usually disregarded country of Belgium.
So homomorphic encryption means the server can compute on the data without actually knowing what’s in it. It’s counter-intuitive but better not think about it as encryption/decryption/encryption precisely because the data is NOT decrypted on the server. It’s sent there, computed on, then a result is sent back.
Wait, it’s called homomorphic encryption? All we’d have to do is tell MAGAs that Tim Apple just started using homomorphic encryption with all the iphones and the homophobic backlash would cause Apple to walk this back within a week.
I’m only half joking.
It might still be possible to compare ciphertexts and extract information from there, right? Welp I am not sure if the whole scheme is secure against related attacks.
I don’t think so, at least assuming the scheme isn’t actually broken… but then arguably that would also have far reaching consequence for encryption more broadly, depending on what scheme the implementation would be relying on.
The whole point is precisely that one can compute without “leaks”.
Edit: they are relying on Brakerski-Fan-Vercauteren (BFV) HE scheme, cf https://machinelearning.apple.com/research/homomorphic-encryption
IIRC, for this kind of guarantee, you need a CCA(Chosen-ciphertext attack)-security. I dunno if this scheme satisfies such a security.
Dunno either, funnily enough skimming through https://eprint.iacr.org/2012/144 I noticed authors are from KUL https://www.esat.kuleuven.be/
Why do I say “funnily enough” is because, just like with e.g. IMEC for chips, some of the foundation of modern technology, comes from the tiny and usually disregarded country of Belgium.