Can a New Form of Cryptography Solve the Internet’s Privacy Problem?

Rachel is a student at an American university who was sexually assaulted on campus. She chose not to report it (less than 10% of survivors do). What he did do, however, was log the assault on a website that uses new ideas from cryptography to help catch serial sexual predators.

The Callisto organization allows a survivor to enter their name into a database, along with their abuser’s identifying details, such as a social media address or phone number. These details are encrypted, meaning that the identities of the survivor and the perpetrator are anonymous. If you hacked the database, there is no way to identify either party.

However, if two people name the same author, the website records a match and this triggers an email to two lawyers. Each attorney is named after one of the survivors (but not the author). The lawyers then contact the survivors to inform them of the match and offer to help coordinate any further action should they wish to pursue it.

In short, Callisto allows sexual assault survivors to do something unprecedented: they can find out if their abuser is a repeat offender without identifying themselves to authorities or even identifying the abuser’s name. They have learned something useful, and possibly useful, without having given anything away. “Survivors can find healing in knowing they’re not alone. They don’t feel it’s their fault,” says Tracy DeTomasi, CEO of Callisto. And there is strength in numbers. “Maybe one person doesn’t have a case, but two people do.”

The ability of two strangers to pool their knowledge without revealing any personal information to each other is a seemingly paradoxical idea in theoretical computing that is fueling what many are calling the next technological revolution. The same theory allows, for example, two governments to find out if their computer systems have been hacked by the same enemy, without either government revealing confidential data, or two banks to find out if they are being defrauded by the same person, without either banks break financial data protection laws.

The umbrella term for these new cryptographic techniques, where you can share data while keeping that data private, is “privacy-enhancing technologies” or pets. They provide opportunities for data subjects to group their data in new and useful ways. In the healthcare sector, for example, strict rules prohibit hospitals from sharing patients’ medical data. However, if hospitals could combine their data into larger datasets, doctors would have more information, allowing them to make better decisions about treatments. In fact, a project in Switzerland using companion animals since June has allowed medical researchers from four independent teaching hospitals to conduct analyzes of their combined data from about 250,000 patients, without loss of privacy between institutions. Juan Troncoso, co-founder and CEO of Tune Insight, who is leading the project, says: “The dream of personalized medicine is based on larger, higher-quality data sets. Pets can make that dream a reality while still being compliant and protecting people’s privacy rights. This technology will be transformative for precision medicine and beyond.”

Pets are one of the most important technologies of our generation Jack Fitzsimons, founder of UN Pet Lab

The past two years have seen the emergence of dozens of pet companies in advertising, insurance, marketing, machine learning, cybersecurity, fintech and cryptocurrency. According to research firm Everest Group, the pet market was worth $2 billion last year and will grow to more than $50 billion by 2026. Governments are also taking an interest. Last year, the United Nations launched its “Pet Lab,” which had nothing to do with domestic animal welfare, but a forum for national statistical offices to find ways to share their data through borders while protecting the privacy of its citizens.

Jack Fitzsimons, founder of the UN Pet Lab, says: “Pets are one of the most important technologies of our generation. They have fundamentally changed the game, because they offer the promise that private data is only used for its intended purposes “.

The theoretical ideas on which pets are based are half a century old. In 1982, Chinese computer scientist Andrew Yao asked the following question: Is it possible for two millionaires to find out who is richer without either revealing how much they are worth? The counterintuitive answer is that, yes, it is possible. The solution involves a process in which the millionaires send packets of information to each other, using randomness to hide the exact numbers, but in the end, both millionaires are satisfied that they know who is the richest, with neither two knows none other details of the other’s wealth.

Yao’s “millionaires’ problem” was one of the fundamental ideas of a new field of cryptography – “secure multiparty computing” – in which computer scientists investigated how two or more parties could interact with each other in such a way that each party kept important information secret. and yet all were able to draw meaningful conclusions from their pooled data. This work led in the mid-1980s to a flowering of increasingly mind-boggling results, one of the most dazzling being the “zero knowledge proof”, in which it is possible for one person to prove to another that they have something . secret information without revealing any information about it! It allows you, for example, to show that you have solved a sudoku without having to reveal any details of your solution. Zero-knowledge testing involves a process, as in the millionaire’s problem, in which the tester sends and receives packets of information in which crucial details are hidden with randomness.

Another valuable instrument in the Pet toolbox is “fully homomorphic encryption,” a magical procedure often called the holy grail of cryptography. It allows person A to encrypt a set of data and give it to person B, who will perform calculations on the encrypted data. These calculations provide B with a result, itself encrypted, that can only be deciphered once it is returned to A. In other words, person B has performed analysis on a set of data without knowing anything about the data or the result of the calculations. their analyses. (The principle is that certain abstract structures, or homomorphisms, are preserved during the encryption process.) When fully homomorphic encryption was first proposed in the 1970s, computer scientists weren’t sure it was possible, and it was it was only in 2009 that American Craig Gentry demonstrated how it could be done.

These three innovative concepts: secure multiparty computation, zero-knowledge proofs, and fully homomorphic encryption, are different ways of sharing data but not revealing yourself. In the 1980s, during the early years of research, cryptographers didn’t think these innovations could have any practical use, largely because there were no obvious real-world problems to which they were a solution.

The world is full of data, and data privacy has become a highly contentious political, ethical and legal issue.

Times have changed. The world is full of data, and data privacy has become a hotly contested political, ethical and legal issue. After half a century in which pets were essentially arcane academic games, they are now seen as a solution to one of the defining challenges of the digital world: how to keep sensitive data private while still being able to extract value from that data.

The emergence of applications has boosted the theory, which is now sufficiently well developed to be commercially viable. Microsoft, for example, uses fully homomorphic encryption when you register a new password: the password is encrypted and then sent to a server that checks whether or not that password is against a list of passwords that have been discovered in data breaches , without the server. be able to identify your password. Meta, Google and Apple have also been introducing similar tools into some of their products over the past year.

In addition to new cryptographic techniques, Pets also includes advances in computational statistics such as “differential privacy,” a 2006 idea in which noise is added to results in order to preserve people’s privacy. This is useful in applications such as official statistics, where simple averages can reveal private information about people from minority groups.

Much of the recent investment in Pets comes from cryptocurrencies. Earlier this year, crypto exchange Coinbase spent more than $150 million to buy Unbound Security, a multi-stakeholder computing startup co-founded by Britain’s Nigel Smart, a professor of cryptography at KU Leuven in Belgium. “In the blockchain space, multi-stakeholder computing is everywhere now,” he says. “In the last year it’s gone from ‘will this work?’ to be standard.”

He believes that pets will eventually spread throughout the digital ecosystem. “This is the future. It’s not a fad. What this technology allows you to do is collaborate with people you wouldn’t have thought to collaborate with before, either because it was legally impossible to do so, or because it wasn’t in your business interest, as you would have been disclosing information. . This opens up new markets and applications, which we are just beginning to see. It’s like in the early days of the Internet, no one knew what applications were coming. We are in the same situation with pets.

“I think it’s becoming more and more intrinsic. You see it everywhere. All data will eventually be computed with privacy-enhancing technology.”

Today’s Pets apps are niche, partly because the technology is so new, but also because many people don’t know about it. Earlier this year, the UK and US governments jointly launched a £1.3m prize for companies to propose…

Leave a Comment

Your email address will not be published. Required fields are marked *