A Note on Crypto Design vs. Crypto Engineering

A Note on Crypto Design vs. Crypto Engineering

In my previous post, I described a cryptographic protocol that could allow a telecommunications company to keep its data, and the NSA to legally access it (i.e., with authorization from a FISA court) without revealing its queries. In response to the post, a few people have asked me whether the protocol was implemented and, if … Continue reading

Are Compliance and Privacy Always at Odds?

Are Compliance and Privacy Always at Odds?

Chris Soghoian points to an interesting article in the Wall Street Journal. It describes mounting pressure on the NSA to re-design its phone-data program—the program under which it compels telecommunications companies (telcos) like Verizon to turn over their phone record data. In the article, Timothy Edgar, a former privacy lawyer who served in the Bush … Continue reading

Applying Fully-Homomorphic Encryption (Part 2)

Applying Fully-Homomorphic Encryption (Part 2)

This is the second part of a series on applying fully-homomorphic encryption. In the first post we went over what fully-homomorphic encryption (FHE) and shomewhat-homomorphic encryption (SHE) were and how they relate. In this post we’ ll discuss actual applications. To structure the discussion, I’ ll refer to some applications as direct and others as … Continue reading

Applying Fully-Homomorphic Encryption (Part 1)

Applying Fully-Homomorphic Encryption (Part 1)

In 2009, Craig Gentry published a paper showing—for the first time—how to construct a fully-homomorphic encryption (FHE) scheme. This was a landmark event in cryptographic research that will eventually have huge practical implications for security and privacy. An often cited (especially by the press) application of FHE is cloud computing. Unfortunately, few (if any) details … Continue reading