I have never liked Apple and lately even less. F… US monopolies

  • utopiah@lemmy.ml
    link
    fedilink
    arrow-up
    17
    ·
    7 days ago

    So homomorphic encryption means the server can compute on the data without actually knowing what’s in it. It’s counter-intuitive but better not think about it as encryption/decryption/encryption precisely because the data is NOT decrypted on the server. It’s sent there, computed on, then a result is sent back.

    • kipo@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      7 days ago

      Wait, it’s called homomorphic encryption? All we’d have to do is tell MAGAs that Tim Apple just started using homomorphic encryption with all the iphones and the homophobic backlash would cause Apple to walk this back within a week.

      I’m only half joking.

    • someacnt@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      7 days ago

      It might still be possible to compare ciphertexts and extract information from there, right? Welp I am not sure if the whole scheme is secure against related attacks.

      • utopiah@lemmy.ml
        link
        fedilink
        arrow-up
        3
        arrow-down
        2
        ·
        edit-2
        7 days ago

        extract information

        I don’t think so, at least assuming the scheme isn’t actually broken… but then arguably that would also have far reaching consequence for encryption more broadly, depending on what scheme the implementation would be relying on.

        The whole point is precisely that one can compute without “leaks”.

        Edit: they are relying on Brakerski-Fan-Vercauteren (BFV) HE scheme, cf https://machinelearning.apple.com/research/homomorphic-encryption

        • someacnt@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          7 days ago

          IIRC, for this kind of guarantee, you need a CCA(Chosen-ciphertext attack)-security. I dunno if this scheme satisfies such a security.