Keeping Data Secret, Even From Apps That Use It 59
Nerval's Lobster writes "Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it may get some help from a new encryption technique that allows data to be stored, transported and even used by applications without giving away any secrets. In a paper to be presented at a major European security conference this week, researchers from Denmark and the U.K. collaborated on a practical way to implement a long-discussed encryption concept called Multi-Party Computation (MPC). The idea behind MPC is to allow two parties who have to collaborate on an analysis or computation to do so without revealing their own data to the other party. Though the concept was introduced in 1982, ways to accomplish it with more than two parties, or with standardized protocols and procedures, has not become practical in commercial environments. The Danish/British team revamped an MPC protocol nicknamed SPDZ (pronounced 'speeds'), which uses secret, securely generated keys to distribute a second set of keys that can be used for MPC encryptions. The big breakthrough, according to Smart, was to streamline SPDZ by reducing the number of times global MAC keys had to be calculated in order to create pairs of public and private keys for other uses. By cutting down on repetitive tasks, the whole process becomes much faster; because the new technique keeps global MAC keys secret, it should also make the faster process more secure."
Re:goog lol (Score:4, Insightful)
Due to there history of trying to protect their users data?
It's in their best interests not to allow outside parties get at the data?
Re:Not the first commercial application (Score:5, Insightful)
Datacenters wanting to emulate Google by encrypting their data beyond the ability of the NSA to crack it
2 years ago, a court ruled that much of the NSA's activities were illegal and unconstitutional. However, because this was a secret ruling, by a secret court, nobody knew about it until just recently and so the NSA was free to go about their business. And they continue to engage in their illegal and unconstituional activities because there is no one in power who is remotely interested in stopping them.
The point is, if you are thinking about encryption or other ways to "hide" from the NSA, you are trying to solve the wrong problem.
If the NSA can't break your encryption or figure out how to get at your data, then they will simply issue a secret order (that you are not allowed to tell anyone about) demanding that you decrypt or turn over your data under the threat of going to prison. A threat which is enforced by a secret court whose rulings are secret and cannot be discussed with anyone.
Until this situation changes, encryption or other schemes are meaningless.