Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Could you please explain a bit more to the more uninitiated like me:

1) Is my understanding correct - FHE-C++ library allows me to encrypt a photo from the client (in the browser), send it to the server, perform image operations on it, return back the photo to the client in a transformed state without the server ever being able to see what its transforming?

2) Is the holy grail you're noting allows any piece of software to be compiled and encrypted, but still take inputs and produce outputs? do the inputs and outputs have to be encrypted with the same key as the compiled software?



1. yes, exactly.

2. for obfuscation, the inputs and outputs are unencrypted, but the behavior of the software can't be analyzed. as a motivating example, say that I've built some ransomware, but I can't trust my C&C server to stay up. instead, I have the worm embed the private key into a freshly-compiled black box. if you feed the black box a valid Bitcoin block containing a ransom transaction to my address, it spits out the private key and you can decrypt your files.

there are many less evil examples out there - wanting to protect your ML models but still make them redistributable, etc.


> 1. yes, exactly.

How is this possible (I have no clue about FHE)? If the server can do operations on the image, then the image can't look like random noise, or not? And if there are indeed patterns the server can operate on, then the image can be decrypted?


> If the server can do operations on the image, then the image can't look like random noise, or not?

FHE is precisely the magic that allows doing operations on encrypted data and get encrypted results that you can then decrypt to valid end result.


If you can write a program with few to no if statements that depend on the data, then you can run that program relatively efficiently under FHE.

A blur or sharpen filter would be an easy example. The server sees you take the random noise of each pixel, mix it with the nearby pixels, and output new random noise.


> The server sees you take the random noise of each pixel, mix it with the nearby pixels, and output new random noise.

Which means the pixel positions are known to the server, which means the image isn't really encrypted?


A blur filter does the exact same thing to every pixel.

The server would know that you're doing a blur, but it would have no idea what the contents of the image are.

Your data is encrypted. Your program is not encrypted.

If you want to hide your program, then things will get much slower yet again.


Sorry if I'm being too thick here, but a blur filter needs information about the neighbour pixels. It can't operate on a single pixel alone (well it changes things pixel by pixel, but needs the neighbour pixels as input). If I can extract these neighbour pixels from the encrypted image, why can't I extract the image itself?


Each pixel is encrypted separately. FHE lets the server take two encrypted numbers and add or multiply them to make a new encrypted number. There is no way for the server to ever know what any of those numbers actually are.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: