Homomorphic Encryption Library Released

May 2, 2013

One of the issues that tends to come up when people consider the possible use of “cloud computing” is data security.  The data can be stored in an encrypted form, of course, but it generally has to be decrypted in order to be used; this means that the data is potentially vulnerable while it is is plain text (decrypted) form.

I’ve written before about the potential of homomorphic encryption to address this problem.  The basic idea is that we would like to discover an encryption function such that a defined set of operations can be performed on encrypted data (say, adding them) to produce an encrypted result that, when decrypted, is the same as that obtained by operating on the plain text data.

In other words, if we have two numbers, α and β, and suitable encryption and decryption functions E(x) and D(x), respectively, and if

α + β = S

Then, if

E(α) + E(β) = S*

it will be true that

D(S*) = S

So we are able to add the two encrypted values to get a sum that, when decrypted, is the sum of the original (unencrypted) numbers.

This sounds almost like magic, but it has been proved to be theoretically possible, and there is a considerable amount of ongoing work to try to reach a practical implementation.  (For example, back in 2011, a group of researchers at MIT introduced CryptDB, database software that incorporates homomorphic encryption in a form suitable for some applications.

Now, according to an article at the I Programmer site, researchers from IBM’s Thomas J. Watson Research Laboratory have released an open-source library for homomorphic encryption, HElib (documentation and source code available at Github).

HElib is a software library that implements homomorphic encryption (HE). Currently available is an implementation of the Brakerski-Gentry-Vaikuntanathan (BGV) scheme, along with many optimizations to make homomorphic evaluation runs faster, focusing mostly on effective use of the Smart-Vercauteren ciphertext packing techniques and the Gentry-Halevi-Smart optimizations.

Although, as Bruce Schneier has observed, it will take a fair while for any of this technology to be scrutinized thoroughly enough by enough knowledgeable people to ensure that it doesn’t have serious flaws, getting algorithms and code out and available for inspection is an essential part of that process.

Update Thursday, May 2, 22:59 EDT

I have changed the headline/title of this post; originally, it was “IBM Releases Homomorphic Encryption Library”; that could be interpreted as describing an “official”  corporate action of IBM.  Since I have no knowledge, one way or another, about this sort of thing, I thought the new headline was less likely to lead to misunderstanding.


UK Government Prefers Open Source

March 16, 2013

Those of you who have read this blog from time to time already know that I am a proponent of the open source model of software development.  I’ve talked about its use in a number of different cases, including the development of the Linux operating system, and the development of systems for the US Department of Defense.  Even Microsoft, whose chief executive, Steve Ballmer, once likened open-source software to “a cancer”, seems to have gotten religion; for example, it now uses Hadoop open-source software for “big data” projects, and supports the use of Linux virtual machines in its Azure cloud service.

According to an article at Computer Weekly, the government of the United Kingdom is preparing the launch of a new set of mandatory standards for development of new digital public services.  The new Government Service Design Manual, now in a beta edition, includes a clear preference for open source:

In a section titled “When to use open source”, the manual says: “Use open source software in preference to proprietary or closed source alternatives, in particular for operating systems, networking software, web servers, databases and programming languages.

This strikes me as eminently sensible, especially the last phrase, “in particular for operating systems …”  Considering operating systems as an example, it seems to me extremely improbable that the UK would require unique OS capabilities not needed elsewhere.  Perhaps more bluntly, it seems to me very unlikely that the UK (or the US, or anyone else) has some special, valuable insight into how an OS should be built.  (The evidence seems to suggest that, at least for general purpose computers, the approach initially embodied in the UNIX OS works pretty well; UNIX’s descendents include Linux, of course, as well as Android, OS X, and Google’s Chrome OS.)

The new standards do allow for use of proprietary software in rare cases; but the manual cautions that, in these cases, it is important to specify open interface standards, to avoid vendor lock-in.  The article quotes government chief technology officer Liam Maxwell, on the advantages of the open-source approach:

Nobody makes packaged software for digital public services. With the software we are making, we have a preference for open source, because it means other countries can use it too and help make that software better. This approach will also ensure we are not locked in to some mad oligopoly outsource.

The new standards also state that new software developed for the government should be published under an open-source license.  The UK government has also entered into an agreement with Estonia for joint development of some public service systems.

As I’ve said before, the ideas underlying the open-source approach have been around since the early days of computing (and even longer in the natural sciences).  Governments everywhere seem to be struggling with the conundrum of how to do more with less.  Using open source software (and getting rid of the Not Invented Here syndrome) should free up some significant resources now devoted to wheel re-invention.


Google Publishes Data Compression Library

March 2, 2013

Google has announced the availability of Zopfli, a new open-source data compression library.  Zopfli uses an implementation of the deflate compression technique that achieves a higher degree of compression (smaller output size) than previous approaches.  Typically, the output size is 3-8% smaller than that obtained from the zlib library at maximum compression.  The smaller size is achieved at the cost of significantly longer execution time for compression; the time needed to uncompress the data, which can be done with any existing decompression tools for deflate,  is not affected

 The higher data density is achieved by using more exhaustive compression techniques, which make the compression a lot slower, but do not affect the decompression speed.

This means that Zopfli will be best suited to data that will be compressed once, but uncompressed and used many times: for example, the content of a static Web page.

The library is written in C for portability; it implements only the compression processing, since existing tools can be used for uncompression.

Zopfli is bit-stream compatible with compression used in gzip, Zip, PNG, HTTP requests, and others.

The Zopfli library is being released under an Apache 2.0 open-source license.  Google has also released a brief paper [PDF] with results of tests of Zopfli and other deflate compression tools.


LibreOffice 3.6.3 Released

November 4, 2012

The Document Foundation has announced the release of version 3.6.3 of its LibreOffice suite for Mac OS X, Windows, and Linux.  LibreOffice is a free (as in speech and in beer) and open-source office productivity suite that is an alternative to, and compatible with, Microsoft Office.  It is distributed under the LGPL license.  The suite has six components:

  • Write: for word processing
  • Calc: for spreadsheets
  • Impress: for presentations
  • Draw: for graphics
  • Math: for equation editing
  • Base: a database front end, with interfaces to many data base packages (e.g., MySQL, Adabas D, Microsoft Access and PostgreSQL)

More information on this release is available in the Release Notes.  A list of new features in the 3.6 release branch is here.

LibreOffice was created by a fork from Sun Microsystems’ OpenOffice project, after Sun was acquired by Oracle.

As with previous versions of LibreOffice and OpenOffice, the software is able to read documents in many proprietary formats, including Microsoft Office formats, and can also save documents in many of the same formats.  It has also had, for years, the ability to save documents in Adobe’s Portable Document Format (.pdf), making them accessible on many different platforms.  It is available in more than 80 different (human) languages.

The new version is available for download at the LibreOffice site.  The default download page will attempt to automatically detect the system you are using and select the correct download.  If this is problematic (for example, if you are using a Mac but want to download the Windows version), use this link to turn off auto-detection.  Note that there are two installation packages to be downloaded: the main installer, and the installer for the built-in help.

Some features of LibreOffice still require the installation of the Java Runtime Environment (JRE); they do not require the browser plugin.  This dependency, which the project is working on eliminating, was inherited from predecessor projects.  The most significant feature still requiring the JRE is the built-in HSQLDB data base engine in Base; if an external data base, such as PostgreSQL is used, the JRE is not needed.  (I’ve posted here before about issues with using Java.)  The project FAQ has more information on Java usage and requirements.


Google Launches Voter Info Tool

October 31, 2012

In a post on the Official Google Blog, the company has announced the availability of a new Voter Information Tool.   Obviously, its main current focus is on the upcoming US presidential election, but there is information on other countries as well.  I’ll focus on the US content, since that’s the part I know a little about.

The tool offers a Google Maps style lookup for your polling place, given your address as a registered voter.  In Virginia, where I live, this currently doesn’t produce anything useful; I suspect this is because, in Virginia, polling places are assigned by the local (county) Board of Elections, and Google hasn’t incorporated all that information.  It also shows a ballot summary of all the candidates, and their party affiliations, for the national election races (in this case, the races for President, one US Senator, and US Representative).  Once I had put in my address, it located me in the right election district without any trouble.   Helpfully, it gives the address, phone number, and Web link for the local Board of Elections, and also has links to candidates’ Web sites, and other sources of election information.

The tool, which is open-source, can be embedded on another Web site if desired; there is also a Civic Information API that can be used to develop new applications.


Raspberry Pi Gets More Open Code

October 24, 2012

Today, in a post on its Web site, the Raspberry Pi Foundation announced that the source code for the video drivers used in its $35 single-board Linux computer would be available under an open-source license.

As of right now, all of the VideoCore driver code which runs on the ARM is available under a FOSS license (3-Clause BSD to be precise).

According to Alex Bradbury, author of the post and lead Linux developer at the Foundation, all the software running on the Pi’s ARM processor is now open source.  (The post has a link to the source repository.)

This development will please advocates of free and open-source software.  It should also make it easier for developers to make use of the graphics acceleration capability that is part of the Pi, including those who are porting various OS environments to the device.

We’ve been excitedly following the progress of FreeBSD, NetBSD, Plan9, RISC OS, Haiku and others. All these projects could now potentially port these libraries and make use of the full hardware accelerated graphics facilities of the Raspberry Pi.

I have seen some grousing that some of the code that runs on the graphics chip itself has not been open-sourced.  I don’t know enough about the hardware to evaluate this claim, but it seems to me that half a loaf is preferable to none, especially since the original goal of the Raspberry Pi project was largely educational.  In any case, Broadcom, the chip vendor, has taken a significant step in the direction of openness, and deserves credit for that.

Ars Technica also has an article on this announcement.


Linux Foundation Offers UEFI Secure Boot for Open Source

October 13, 2012

Back in July, I wrote a note here about the potential for problems with open source software, stemming from the introduction of the Unified Extensible Firmware Interface [UEFI], a replacement for the venerable PC BIOS, and its Secure Boot facility.  When Secure Boot is enabled, the machine will refuse to boot any system that does not have a trusted cryptographic signature.   Though this has the potential to improve security, it also has the potential to make it difficult to set up a dual-boot system, or to replace the original OS entirely.  The Free Software Foundation [FSF] published a white paper discussing some of the potential problems.

The Linux Foundation has now announced a new first-stage boot loader that attempts to provide a way around some of these difficulties.  This new loader will be cryptographically signed, but will not actually boot any operating system; rather, it will present the user with the option to run an unsigned second-stage loader that can boot Linux, or any other desired system.

In a nutshell, the Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system). The pre-bootloader will employ a “present user” test to ensure that it cannot be used as a vector for any type of UEFI malware to target secure systems.

The new pre-loader will attempt to run the second-stage loader from a known location.  If it succeeds, everything proceeds normally.  If it fails, because the second-stage loader is not signed, the pre-loader will present the user with a screen asking whether booting with the unsigned second stage should continue.  If the system is in Setup mode, the user will also be asked for permission to install the signature of the second stage as a trusted signature; this will facilitate normal booting from a hard disk, for example.  (The announcement has a more complete technical summary.)

As the announcement says, this is not a permanent solution, but a temporary expedient, to make life easier until a solution that fully integrates alternative systems and UEFI Secure Boot can be developed.  Nonetheless, it is a useful and constructive step to ensure that the user retains control of his or her computer.

Update Saturday, October 13, 21:55 EDT

Ars Technica also has a brief article on this announcemnt.


%d bloggers like this: