### get knitr just the way we like it knitr::opts_chunk$set( message = FALSE, warning = FALSE, error = FALSE, tidy = FALSE, cache = FALSE )
A homomorphism is a structure-preserving map from one algebraic structure to another; see Wikipedia. Privacy experts are interested in homomorphic computation because it offers a way to perform computations on encrypted data, either in a distributed setting or in the cloud, thereby handling many of the headaches associated with storing/moving/anonymizing data. Homomorphic computation also finds application in secure voting, verifyable computing etc.
A homomorphic encryption scheme is one that provides such a homomorphism along with the infrastructure to carry out the computations. The schemes provide algorithms for generating public and private keys. The public key is distributed to anyone and the private key is only needed by the one who does the decryption. There are several such schemes documented in Wikipedia. The main thing to know is that there are two flavours: partial and full. Partial schemes preserve structure for certain specified operations, say addition only, whereas full schemes do over all the standard arithmetic operations. The operations mentioned here are all in the context of the algebraic structure underneath, which for our purposes will be modular arithmetic where the modulus is some large number.
The current package
homomorpheR implements the Paillier system which
is a partially homomorphic; it provides an additive homomorphism. The
for a proof-of-concept system. Therefore, it is not yet ready for
serious work. So there, you've been warned.
If you are interested in the mathematical details of the Paillier crytosystem, the main reference is [@Paillier99]. Volkhausen [-@volkhausen2006] provides a detailed mathematical introduction; Michael O'Keefe [-@okeefe2008] is a gentler one. A simple application of the Paillier system for secure vote tallying is in [@choinyaambu2009].
A bit of notation helps. Let $x$ be any message; for us, it is just a large integer. Denote $E(x)$ as the encrypted message and $D(x)$ as the decryption of $x$ in some scheme. If the scheme is homomorphic over addition, then we have $$ E(x) + E(y) = E(x + y) $$
This means that calculating $x+y$ can be done by decrypting the sum of the encrypted values of $x$ and $y$. Thus, entities can merely exchange encrypted values throughout. This is pictorially shown in the figure (source: http://jeremykun.com/tag/homomorphic-encryption ) below:
As a first step, a public and private key pair needs to be generated.
In generating bits for cryptosystems, a secure random number source is
homomorpheR makes use of the R package
sodium by Jeroen
Ooms (based on Daniel J. Bernstein's generators) in addition to
for arbitrary precision arithmetic.
library(homomorpheR) keyPair <- PaillierKeyPair$new(modulusBits = 1024)
pubkey field can be distributed all interested parties but the
private key, obtainable by
getPrivateKey() should be kept secret for
The main functions are the
encrypt function for the public key, and
decrypt function for the private key.
We can now perform some simple tests. But before that a simple function that encrypts and decrypts.
encryptAndDecrypt <- function(x) keyPair$getPrivateKey()$decrypt(keyPair$pubkey$encrypt(x))
Now we can encrypt and decrypt some numbers.
a <- gmp::as.bigz(1273849) identical(a + 10, encryptAndDecrypt(a + 10))
Now with a large set of numbers. The function
large random numbers.
m <- lapply(1:100, function(x) random.bigz(nBits = 512)) md <- lapply(m, encryptAndDecrypt) identical(m, md)
Any scripts or data that you put into this service are public.
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.