[E-Lang] My financial data

zane_widdershins@hushmail.com zane_widdershins@hushmail.com
Sun, 28 Jan 2001 09:58:48 -0800 (PST)


--Hushpart_boundary_rSZToHZIrygzYDhOYJEIyZZCuVHPMmDC
Content-type: text/plain

There is a branch of crypto research concerned with what you are trying 
to do, Vijary.  (I'm no expert, but I think that you can find such
research by looking for "computing on encrypted instances", "secure
function evaluation" and "secure multiparty computation".  A real
expert like Dave Wagner may be able to clarify.)

The idea is very much in the "pure research" stage at this point, and 
even if it turns out to be do-able, I expect another decade or two to
pass before anyone actually does it.

In any case, the technology about which we talk on the e-lang list can
not do what you want -- any computer that can compute upon your data
can also read your data, and can also publish your data on Usenet if it
so desires.

Neither the E language, nor any other currently known technology, can
constrain what someone else does with information that you
give them.

Hm.  But E technology *could* help you to limit the information
available to the central computer.  For example, instead of copying all
of your tax history from the "tax history database" over to the central
computer so that it can then sum up the total tax paid by you over the
last 10 years, you could instead give the central computer a capability
that allows it to query the tax history database, but only to learn the
total tax paid by you over the last 10 years, not to learn anything
else about your tax history.

This is an example of narrowing the power available to an actor, a
feature which E is designed to support.  (It is called the "Principle
of Least Privilege" -- let each actor have as much power as it needs to
do its job, but no more.)  It can have good privacy implications, as
the example above shows.

But the service that you seek still sounds very complicated, and you
would certainly give up a lot of privacy by having other people's
computers compute upon your data.

Perhaps an approach that would suit you more is for your data to be
stored remotely but encrypted so that only you can read it.  This
implies that all of the computation upon your data must be done on your
computer.  (Because, until we have "computing on encrypted instances"
and the rest, you cannot compute upon data without being able to read
it, nor read it without being able to compute upon it.)

zane

--Hushpart_boundary_rSZToHZIrygzYDhOYJEIyZZCuVHPMmDC--


IMPORTANT NOTICE:  If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.