
A Survey on Homomorphic Encryption Schemes: Theory and Implementation - blopeur
https://arxiv.org/abs/1704.03578
======
tombert
I implemented a Paillier encryption library in Clojure a few months back
(which I am currently unable to open-source due to an NDA), and in researching
it, I was astounded by the elegance of some of these schemes. I really hope
that HE research continues and becomes the standard in the near-ish future.

Whenever I get a free couple weekends, I want to port IBM's HELib to Clojure,
so that I can more easily use it for a Java project.

~~~
modalduality
Is it easy to write timing-attack-resistant crypto code in Clojure? Sounds
interesting, what company was this for? Thinking of implementing Damgard-Jurik
myself sometime.

~~~
tombert
It was just a proof of concept thing for a hackathon, hardly industry-grade,
but was quite fun to write.

The crypto code was quite fun to write in Clojure; literally yesterday I just
got permission to open source it.

If you want to play with it, the code is available here:
[https://github.com/tombert/scudlib](https://github.com/tombert/scudlib)

Since I have the ability work on it in my free time, I'll probably add more
schemes.

------
apaz037
I worked with Hiyadet, Selcuk, and Abbas last year while I was doing
undergraduate research in the Florida International University Cyber Physical
Systems Security Lab.

Awesome to see their work getting attention! These guys all put in long hours
and love what they do.

------
sandGorgon
is one of these used by Numerai ? [https://medium.com/numerai/encrypted-data-
for-efficient-mark...](https://medium.com/numerai/encrypted-data-for-
efficient-markets-fffbe9743ba8)

------
option_greek
Are there any known PHE or FHE schemes that can run a full blown virtual
machine ?

~~~
swordswinger12
All FHE schemes can _run_ a full-blown virtual machine, but you might not live
long enough to see Ubuntu finish booting up.

~~~
whatidonteven
Aren't there MASSIVE (read: showstopper) complications when you want to use
FHE for "looping" computations?

I always thought FHE was only good if you can fully unroll your "fixed-length"
computation, and even then you can only use each "program" once without
compromising security.

~~~
swordswinger12
The short answer is yes. There are some (slow) ways to fix this:
[https://people.csail.mit.edu/nickolai/papers/goldwasser-
we.p...](https://people.csail.mit.edu/nickolai/papers/goldwasser-we.pdf)

~~~
whatidonteven
Their construction relies on two unproven conjectures.

In particular the "Extractable Witness Encryption" conjecture is impossible
under a reasonable falsifiable assumption:
[https://pdfs.semanticscholar.org/8587/dba4ff31e8118e9bd5914a...](https://pdfs.semanticscholar.org/8587/dba4ff31e8118e9bd5914af303614ce90a44.pdf)

Under that assumption, general purpose differing-inputs obfuscation cannot
exist.

The way I understand it, FHE being applicable to anything other than
"unwrapping a path through a circuit" seems implausible. Any claims of
arbitrary encrypted computation should be viewed with the highest dose of
skepticism.

------
Y_Y
I think if anything's going to save us from a generalised AI takeover it's
this. Even if encrypting the world doesn't stop them it'll make computation
too slow for world domination.

~~~
quantdev
I'm pretty sure this guy was just making a joke about how slow computations on
HE data is and you all are taking him seriously about generalized AI.

~~~
Y_Y
I'm glad at least one person got it.

