There is a decent size effort to build a system that runs (a restricted, but hopefully useful subset of) Julia programs fully homomorphically (as well as supporting various sort of secure multiparty computation protocols). At JuliaCon two years ago, the Galois folks talked about their initial prototype of this work: <a href="https://www.youtube.com/watch?v=_KLlMg6jKQg" rel="nofollow">https://www.youtube.com/watch?v=_KLlMg6jKQg</a> (fun to watch even if you don't care about julia to see FHE "in action"). This effort was recently funded with the goal of extending the prototype into a full robust system, so I'm hoping for some good news here over the next couple of years.
If anyone is interested in playing with Fully Homomorphic Encryption, we (NuCypher YC S16) built NuFHE (<a href="https://github.com/nucypher/nufhe/" rel="nofollow">https://github.com/nucypher/nufhe/</a>). It's written in Python and has excellent documentation, so you can try building some circuits and playing around with it. It requires a GPU to run, but it's also the fastest implementation of FHE in the world (that I know of).<p>Let me know what you think! :)
Seriously one of the most important area of mathematics for democracies in an online world.<p>Homomorphic encryption promises a hidden and verifiable online voting system that does not rely on trusting third party.
If this interests you, a related concept with similar applications as HE is functional encryption: <a href="https://en.m.wikipedia.org/wiki/Functional_encryption" rel="nofollow">https://en.m.wikipedia.org/wiki/Functional_encryption</a>
The technology for all this progress was a huge discovery in 2009. But what if it is a dead end, that nothing originating from that discovery will ever be practical?<p>Like wouldn't it be preposterous if someone said, "Here Craig Gentry, take $1 billion to run enough computers for the current FHE schemes. What is the snazziest demo you can run?"
A very casual (layman's?) introduction intro to Homomorphic Encryption - <a href="https://news.ycombinator.com/item?id=13450015" rel="nofollow">https://news.ycombinator.com/item?id=13450015</a>
Why do people always talk about arbitrary computation in relation to homomorphic encryption? What I really want is a homomorphic encryption system which allows me to arbitrarily slice and concatenate strings without knowing their contents. This would be immensely useful for implementing end-to-end encrypted collaborative editing of documents. Is homomorphic encryption there yet?
For a layman like me it sounds really cool, almost like magic. Consider a trivial operation like finding a maximum value in a list. How is that supposed to work on encrypted values while simultaneously providing strong encryption? So something like adding N to everything in the list is not an acceptable encryption.
I've run into a few people working on this over the last five years or so, but they've been a bit cagey about discussing their use cases and customers.<p>Any public applications outside of blockchain?
To address the inevitable “what is this useful for” questions, my go-to example is cryptographic voting mechanisms.<p>The idea is that you segment a large integer into a couple of different bins by its bitwise representation. So you have a 60-bit integer and you segment it into four 15-bit bins. You use one of those to randomize what the encrypted versions are going to be, and you use the other three for different vote tallies of three candidates for some office.<p>You can then hand people three numbers each corresponding to a different candidate, and ask them to commit to one as their vote. Public authorities can then aggregate votes which they cannot actually see, and we don't decrypt until we get to some large enough context where your vote has been anonymized among ten thousand others, and you can check that the random seeds have been properly added, or other such things.<p>This also allows you to create a big online database where anybody can see their vote was counted, but nobody can figure out who someone else voted for.<p>There is a slight difficulty in that you cannot see directly what your numbers are actually voting for, so that the machines you are using to vote with need to be able to decrypt a ballot for you and then immediately destroy it, to verify that it was what you thought it was, so that you can trust that your three numbers do not all happen to vote for the same person because if someone tried that on any scale that could affect an election, even if they only poison 1% of ballots in a 500 person district, if everyone burns one to test the system then the fraud gets discovered
at least once with 99.3% certainty. But the point is that all of these other issues can be handled “out-of-band” once you protect the important stuff.
Could a fully homomorphic cpu architecture with fully encrypted cache be immune to Spectre and similar side channel attacks? Could this be tested on an FPGA?