Guest blogger: Charles Lickel, vice president of software, IBM Research
It's been an exciting number of weeks here on IBM's cryptographic research team, as the cryptography community finds out more about the breakthrough made by Craig Gentry, who joined our team in April while finishing up a Ph. D. from Stanford.
Sometimes it's the relative "newcomers" to the field who bring the freshest perspective to the longstanding challenges we grapple with. They don't have the same assumptions and biases that veterans might have. This seems to be the case here, where Craig took a different approach to achieving complete homomorphic encryption. That's just a fancy way of describing how one might perform nearly unlimited calculations on scrambled, protected information without actually seeing the data.
It's been compared to working in the dark and wearing gloves to delicately manuever toxic or sterile substances in a hermetically sealed plexiglass box.
It's not that you can't analyze encrypted data -- you can -- but you wouldn't get very far, as the data gets progressively more muddled every time you perform a mathematical operation. And even if you could work meaningfully with the data, we assumed that you would also be limited to either multiplication or addition operations, not both. However, during his internships at IBM, and while at Stanford (with the help of some Manhattan coffeeshop-inspired daydreaming), he came up with a way for encrypted information to kind of clean up after itself, on the fly. It can do this after each mathematical operation, when the data is at risk of becoming hopelessly scrambled.
Now, why would you even want to analyze encrytped information? That seems impossible, doesn't it?
Well . . . not necessarily. Let's say a business wanted a computer vendor to host information about its customers, and perform complex mining on that data to discern sales trends. (Vendors are touting this service as "cloud" computing.) The host may be the most trustworthy vendor around, but a client would always be concerned that the proprietary data would somehow leak out or be seen by the wrong set of eyeballs. Craig's privacy encryption allows the vendor to perform very sophisticated analysis on the data they host without ever "seeing" the underlying information.
Or, here's another example: enabling the authorities to screen airplane passengers without compromising personal privacy. Or, let's say you wanted to submit queries to search engines in a way that keeps your identity confidential. The same goes for electronic medical records, which might need to be shared among, and analyzed by, doctors, public health officials and pharmacies, but without revealing specific biographical or personal information.
Of course, we still, need to smooth out a few rough edges, but peers and pioneers of modern cryptography agree that Craig's method is an exciting breakthrough. We're very proud of him as he has gone on to brief a variety of academics and conferences all over the world. One should begin to see the technology applied to actual products in the private sector a few years down the road.
As for Craig's forthcoming Ph. D? I'm not an academic advisor, but I'd say he's earned it :-).