
Bitcasa and convergent encryption - bjonathan
http://cdixon.posterous.com/bitcasa-and-convergent-encryption
======
wickedchicken
SpiderOak has a post on why they don't do this:
[https://spideroak.com/blog/20100827150530-why-spideroak-
does...](https://spideroak.com/blog/20100827150530-why-spideroak-doesnt-de-
duplicate-data-across-users-and-why-it-should-worry-you-if-we-did)

~~~
narsil
If the average consumer thinks the problem bitcasa is solving is a strong
enough pain point and use bitcasa's product anyway, then I can see SpiderOak
moving into this area regardless of the security issues it brings up.
Unfortunately, the average consumer doesn't care enough about security for
"implementation details" to sway them if they have a pain point that the
product solves - even if those implementation details make a world of
difference in terms of privacy. There are already products out there that
store files from a user's devices (laptops, desktops, etc.) on the cloud with
no mention of not having access to the encryption keys if they do do
encryption: <https://www.sugarsync.com/> is an example.

A little off topic: I do think that the community has done a good job drilling
it into the average user to look for the green bar and padlock in their
browser when they go to their bank's website. It means Security. heh.

------
ksri
I am missing something.

The encryption key is the hash of a chunk of data, so for identical chunks the
encrypted data is identical. Understand.

But suppose I want to decrypt. To generate the key, I need to hash the
unencrypted chunk of data. But if I have unencrypted data, I don't really need
decryption.

I guess my question is - how does decryption work when I have lost the files
on my local machine, but I remember my password?

~~~
xtacy
Good question!

[Wild thought] Create a file with a list of H(chunk) forall chunk you own. You
encrypt this file with a local password that the storage provider does NOT see
and plainly store it.

~~~
ksri
I re-read the paper, and they seem to be doing what you describe. The list of
H(chunk) is called "Chunk Map", and local password is called "dedicated map
key"...

.. but after that they get into another round of encryption with the users
public key - that's where I get lost.

------
sp332
He mentions homomorphic encryption, but isn't that more for changing data, not
searching it?

~~~
DavidSJ
It's for performing any function on the data. A search is a function which
takes the data as input and returns the search results as output.

~~~
sp332
All the homomorphic schemes I've seen do addition and/or multiplication. Is
there one that does substring matching, or can you somehow use addition and
multiplication to search?

~~~
pnathan
I wonder if you could develop a parameterized algebra over a search string _x_
that defined _x_ as the identity for addition or multiplication.

