
MIT's Bitcoin-Inspired 'Enigma' Lets Computers Mine Encrypted Data - oznathan
http://www.wired.com/2015/06/mits-bitcoin-inspired-enigma-lets-computers-mine-encrypted-data/
======
djent
Amazing how shallowly an article can cover the specifics of something like
this. The best explanation they gave was "mathematical tricks."

~~~
oska
The discussion on reddit [1] is actually fairly decent, thanks to the active
participation of the creators.

[1]
[https://www.reddit.com/r/Bitcoin/comments/3bmbi5/mits_bitcoi...](https://www.reddit.com/r/Bitcoin/comments/3bmbi5/mits_bitcoininspired_enigma_lets_computers_mine/)

------
dimino
Wait wait what? So I can send my (locally encrypted) CC info into an Enigma-
enabled CC processor, and they can deduct an amount from my account without
ever actually knowing my account info?

Or more like I can send an encrypted list of passwords and they can tell me
what the most common letter is in all the passwords without ever knowing any
of the passwords?

If these things aren't possible, can someone provide a useful example of this
being used to solve a problem? I'm having a bit of trouble actually
understanding what this is/does.

~~~
ilurk
I don't know about CC processing, because... banks and regulations.

But what fully homomorphic encryption allows you to is to perform arbitrary
computations on encrypted data.

So you send your encrypted data to a machine, it performs the computation, and
sends it back to you still encrypted. Like the password list example you
mentioned.

What is cool about this is that is solves the problem with privacy in cloud
computing platforms. You don't expose your data.

NOTE: I'm not a cryptographer nor haven't read the article yet. Just writing
what I can remember.

~~~
undefined0
I recall something similar to this recently on HN,
[http://www.zerodb.io/](http://www.zerodb.io/). Are they using homomorphic
encryption here?

Would homomorphic encryption make it possible for cloud hosting to run a
website without knowing the code that is being ran?

~~~
michwill
ZeroDB here. We're not homomorphic, and it is possible to make a cloud hosting
you're talking about w/o homomorphic encryption.

But if you are to perform heavy computing on server side, you have to be
homomorphic. Or other amazing opportunities like decentralized key management,
content tokenization (DRM) etc appear from this homomorphic work (even if the
speed is 100 times slower than unencrypted)

------
TimJRobinson
This would be awesome as an alternative to Facebook having all your likes /
personal information and other companies tapping into that. Imagine if you
stored all of that in Enigma instead and only gave it to the companies you
trusted.

So you could store your own list of favorite music bands in the cloud and
share that with say spotify or pandora to get personalized recommendations,
but nobody else knows about it. Then you store your favorite authors in
another location which only amazon has access to. Or your medical records
could be kept in the cloud and only shared with your personal doctor, then
easily transfered to another doctor if you switch.

This seems like a great solution for storing these small pieces of personal
information in the cloud without having to give them all to a central
authority like so many people do with Facebook currently.

------
faizshah
I had a similar idea! I'm glad something like this is being implemented.

The most important idea imo is that companies can never claim ownership of
personal data because they never have access to it. Another cool idea is that
if you have a currency that can be cashed in for fractional computing power on
the network you could pay tech companies in computing power, either providing
it from a device you own or paying for it with the currency.

I look forward to the papers/code that they release.

Edit: I'm not really clear on this, is there any currency component to Enigma?
I was thinking there could be a currency that's a transferrable debt of
fractional computing power of the network.

Edit 2: Apparently it isn't a currency and uses bitcoin for fees...

~~~
kodablah
MaidSafe[1] is a similar scheme for data (not CPU cycles) and it does have a
currency based on amount shared and a couple of other things. It is also
serverless but it doesn't use a blockchain. They are doing a lot of active
development in the space right now.

1 - [http://maidsafe.net/](http://maidsafe.net/)

Edit: actually it does appear a goal is to share computing power though I know
less about those details compared to the data distribution. Ref:
[https://forum.safenetwork.io/t/homomorphic-encryption-by-
mit...](https://forum.safenetwork.io/t/homomorphic-encryption-by-mit/4255)

~~~
wcummings
>They are doing a lot of active development in the space right now.

Citation needed, the only thing I've seen maidsafe do is take peoples' money

~~~
kodablah
See the forum [1], watch the sprints [2], look at GitHub [3] and watch their
dev in Rust.

1 - [https://forum.safenetwork.io/](https://forum.safenetwork.io/) 2 -
[https://maidsafe.atlassian.net/](https://maidsafe.atlassian.net/) 3 -
[https://github.com/maidsafe/](https://github.com/maidsafe/)

------
jgrowl
So if I am understanding correctly, this could compete with services like s3
and ec2.

People can earn money by attaching their machines to the network (but they
have to include a security deposit). Then they will collect fees from users
for each request processed as well as a set fee for storage.

The application developer will then use a provided scripting language (I am
not sure if they actually write the application using this language or if it
is just for ensuring a contract). They will need to continually pay storage
fees or their data will be disabled and eventually deleted.

I would like to see examples of the scripting language they reference.

~~~
GuyZ
(I'm one of the creators of this project)

I don't believe centralized/public clouds will disappear anytime soon.
However, there simply aren't any privacy-preserving alternatives out there.
We're hoping to change that.

Also, your description is accurate. We'll be releasing our code and some dev-
friendly documentation for the beta soon. You're welcome to sign up at
[http://enigma.media.mit.edu](http://enigma.media.mit.edu).

~~~
EGreg
Sometimes I wonder what kind of operations would actually be useful to do on
such data in the real world.

I mean, the way the web currently works is that I trust some server to host my
data. I can have this service auth an external consumer site and display data
in an iframe, say, which the consumer site can't get at. This is good enough
for displaying people their personalized info (name, friends) on various
services (eg directions to their house in an iframe, for a user authenticated
with my chosen provider).

But to go further, what if I don't want to trust any provider?

Then I could simply encrypt the data and store encrypted data with the
provider (or providers for redundancy). The authentication could be replaced
with visitors holding a key to decrypt the data (because I gave it to them)
and I can switch to using some other key and effectively "unfriend" those who
don't get my updated key.

But all this is good enough for displaying data and files I upload. Now, why
would I want to do operations on those files "in the cloud" without trusting a
provider? I am already trusting my friends with the data, since they can
reshare it once it's displayed to them. So why not trust a provider? One of my
friends can run the provider.

I guess the only scenario I see it being useful is if all my friends can only
have limited access to the data and all manipulations on the data are
collaborative, and that's where the homeomorphism comes in. Perhaps no one
will be able to see the whole data and it's not really about data at all, but
views of some Enigmatic process running on some network (like an autonomous
corporation.) is that the use case?

------
drdeca
Oh! Is this basically a secret sharing DAO?

Huh, last I read something about this, it seemed like every multiplication
needed multiple network messages, but I guess they solved that problem.

Sounds exciting! I am excited!

------
justin_d
From what I gather this is good for privately sharing other people's private
data? Correct me if I misunderstand the idea here.

------
shasta
"Code evaluated in our system is guaranteed not to leak any information unless
a dishonest majority collude"

~~~
WhitneyLand
What is your point? That this is not an advancement over the current state of
affairs, or that you have a better idea?

~~~
shasta
I found the original article light on explanation and so posted what I thought
to be a good summary sentence that I found in another place.

------
PhantomGremlin
Two things I haven't yet seen here in the comments:

1) Electricity used. This scheme

    
    
       only multiplies the computing requirements
       for a calculation by less than 100 fold
    

It's bad enough that bitcoin mining itself is so energy intensive, but now
we're coming up with additional power-hungry schemes.

2) (Ab)use of the blockchain:

    
    
       Enigma stores that metadata in the bitcoin
       blockchain, the unforgeable record of messages
       copied to thousands of computers to prevent
       counterfeit and fraud in the bitcoin economy
    

So eventually the whole world will use the one true blockchain for
"unforgeable records" of everything? Eventually the chain will grow by what, 1
GB per hour, 1 GB per minute, 1 GB per second?

~~~
fineman
1) It's not related to bitcoin energy usage, which is designed to be high.
This is based on the current best science has to offer in making things cheap.

The 100x multiple is to the cost of normal computation. Normal, unsecured,
visible to your hosting provider, etc, computation. Companies already pay huge
amounts for securing computation so a pure mathematical way to do it that's
only 100 times the base cost of the CPU time is actually a huge savings to
many.

You don't have to run your whole webserver this way, just the payment
processing pieces...

2) What will happen is pure guessing because it depends on the hidden motives
of others via market (and other) dynamics.

But the options are _roughly_ ,

A) The bitcoin blockchain remains at today's general capacity. In this case
the price per blockchain/byte will increase and people will use side-chains
and "link" them back in as they feel appropriate. You will have the option of
downloading sidechains you care about.

B) The bitcoin users decide on one of the proposals to increase the blockchain
capacity dramatically - and all of these offer some form of prunability so you
don't need to hold the GBs of stuff you don't care about in order to strongly
verify the things you do care about (like the balance of someone who's paying
you)...

C) Some other currency which solves these things really is the "one".

But these questions didn't need asking. They're needlessly critical - as if
technologies should (or even could) all be invented at greater than 100% ROI
just out of thin air, and as if market dynamics wouldn't handle things anyway.
If this solution is too expensive, nobody will use it. There are no
externalities involved here, nobody is getting a free lunch; they'll only pay
for it if it helps them overall.

