SlideShare ist ein Scribd-Unternehmen logo

Homomorphic Encryption and Geolocation

Als PPTX, PDF herunterladen
Nicholas Doiron
Nicholas Doiron

For DEF CON's Crypto & Privacy Village

Software
1 von 21
GEOLOCATION & HOMOMORPHIC ENCRYPTION NICK DOIRON - @MAPMELD CRYPTO & PRIVACY VILLAGE
QUICK INTRO • Senior Software Engineer, McKinsey & Company • One Laptop per Child, Code for America, MoMA • Also Fortran.io
GEOLOCATION AND PRIVACY THE PROBLEM
GEOLOCATION AND PRIVACY THE PROBLEM • Option A: Client-side • Download locations, boundaries, etc from server • Calculate and display answer on client • WEAK POINTS: big and/or precise data, proprietary data • Option B: Server-side • Request geolocation from client, send curated results back • GOOD FOR: finding your election / census info, large datasets • WEAK POINTS: client privacy
GEOLOCATION AND PRIVACY THE PROBLEM • Can cryptographers create a 3rd Option? • Use location data while it’s encrypted? • This is a real thing called HOMOMORPHIC ENCRYPTION
WHAT IS IT? HOMOMORPHIC ENCRYPTION • Classic examples: preparing stock market trade, email search • 1978: first descriptions of Partially Homomorphic Cryptosystems • Possible to perform arithmetic (addition OR multiplication) without decrypting numbers • 2009: first fully homomorphic cryptosystem, logic gates and all • Why not adopted? • People are OK sharing data, especially if they trust the business with their money • Expensive computation
TREASURE HUNT / GEOCACHING DESIGNING OUR APPLICATION I THINK WE FOUND THE TREASURE I CAN’T REVEAL THE WIN LOCATION WHERE ARE YOU? ARE THEY SHARING COORDINATES YET?
CHOOSING A CRYPTO SYSTEM DESIGNING OUR APPLICATION • In 2016, I chose the Paillier Cryptosystem for its Python and JavaScript libraries on GitHub • Today you could use others, maybe fully homomorphic crypto, or LLVM • Some repos: github.com/herumi/she-wasm runs in Web Assembly, npmjs.com/node-hcrypt uses multiple dependencies • What can we do with encrypted numbers (only partial)? • Add, subtract encrypted and unencrypted integers • Multiply by a scalar (possible to do 3 * x or 3.4 * x, not x * x)
TREASURE HUNT / GEOCACHING MAKING A QUERY AM I AT THE TREASURE LOCATION? USE MY PUBLIC KEY PLZ
TREASURE HUNT / GEOCACHING MAKING A QUERY AM I AT THE TREASURE LOCATION? USE MY PUBLIC KEY PLZ
TREASURE HUNT / GEOCACHING MAKING A QUERY THIS IS A 617-DIGIT NUMBER? CAN I MAKE THE SAME NUMBER WITH THE KEY? HOW IS JS HANDLING THIS? ?lat= 334929186824659570088956240923716238760800994667805442788673520118294180150644643 381967207187681554464332372510963979864847790343587245266235465304867215544715688 921741290819421613418053105615630758875242876898390072520726980577592396801906772 503951322428823421599515309472549340891752671365791705009682700960223834685612196 395234303221211080941509336500833870037908354224796209283557329897768256335807645 508672594555757229814833194160222178258491169630143379272546672239151386540802843 554880083749678774495552354955392967608923260877514999030243487418576175871511185 00897064210692720802063451090155868802184986376384
TREASURE HUNT / GEOCACHING MAKING A QUERY I DO THE MATH ONLY YOU WILL BE ABLE TO DECRYPT THE RESULT * 10 * 10 * 10 * 10
TREASURE HUNT / GEOCACHING MAKING A QUERY OOPS Parsing the response:
TREASURE HUNT / GEOCACHING MAKING A QUERY I HACKED THE SERVER LOGS AND DB, BUT THEY NEVER KNEW WHERE THE PLAYER WAS DID YOU GET ANYTHING?
NOT SO CLEAN JUPYTER NOTEBOOKS bit.ly/cryptogeo github.com/Georeactor/crypto-geofence
NEARBY BUSINESSES NEXT CHALLENGE
NEARBY HOSPITALS NEXT CHALLENGE
NEARBY LOCATIONS NEXT CHALLENGE • Why this is hard (mathematically) • If a server CAN sort by distance, it can test unlimited locations • If a server CAN’T sort by distance, how does it limit response to client? • If the client receives distances and IDs, they can calculate all of the locations from 3 different queries
NEARBY BUSINESSES NEXT CHALLENGE • Explaining our geohash: 9qqj7nsrzttj • 26 letters + 10 numbers divide world into (6 x 6) parts, n times • Send a square (using my level of precision n1) and receive results organized by server’s level of precision n2 >= n1
NEARBY BUSINESSES NEXT CHALLENGE • Geohash edge problem • Replace with user-picked random offsets
FUTURE STUFF • Use multiple boxes and triangles to make Treasure Hunt work on any shape? • Research newer JS libraries to support more geo calculations, joint server-client calculations? • Lattice-based PQ Crypto, Voting Thanks for listening! Talk to me IRL / Twitter / GitHub: Nick Doiron - @mapmeld bit.ly/cryptogeo github.com/Georeactor/crypto-geofence

Empfohlen

Quantum Computers and Where to Hide from Them (Japanese)
Quantum Computers and Where to Hide from Them (Japanese)Quantum Computers and Where to Hide from Them (Japanese)
Quantum Computers and Where to Hide from Them (Japanese)
Nicholas Doiron
 
Arabic Unicode and Calligraphy
Arabic Unicode and CalligraphyArabic Unicode and Calligraphy
Arabic Unicode and Calligraphy
Nicholas Doiron
 
Building Encrypted APIs with HTTPS and Paillier
Building Encrypted APIs with HTTPS and PaillierBuilding Encrypted APIs with HTTPS and Paillier
Building Encrypted APIs with HTTPS and Paillier
Nicholas Doiron
 
Code for Japan: Civic Tech and Maps
Code for Japan: Civic Tech and MapsCode for Japan: Civic Tech and Maps
Code for Japan: Civic Tech and Maps
Nicholas Doiron
 
Post-Quantum Dev Ops
Post-Quantum Dev OpsPost-Quantum Dev Ops
Post-Quantum Dev Ops
Nicholas Doiron
 
If OLPC started today... JSConf.is
If OLPC started today... JSConf.isIf OLPC started today... JSConf.is
If OLPC started today... JSConf.is
Nicholas Doiron
 
Demolitions and Dali : Web Dev and Data in a Graph Database
Demolitions and Dali : Web Dev and Data in a Graph DatabaseDemolitions and Dali : Web Dev and Data in a Graph Database
Demolitions and Dali : Web Dev and Data in a Graph Database
Nicholas Doiron
 
NodeJS in Naypyitaw
NodeJS in NaypyitawNodeJS in Naypyitaw
NodeJS in Naypyitaw
Nicholas Doiron
 

Empfohlen

Quantum Computers and Where to Hide from Them (Japanese)
Quantum Computers and Where to Hide from Them (Japanese)Quantum Computers and Where to Hide from Them (Japanese)
Quantum Computers and Where to Hide from Them (Japanese)
Nicholas Doiron
 
Arabic Unicode and Calligraphy
Arabic Unicode and CalligraphyArabic Unicode and Calligraphy
Arabic Unicode and Calligraphy
Nicholas Doiron
 
Building Encrypted APIs with HTTPS and Paillier
Building Encrypted APIs with HTTPS and PaillierBuilding Encrypted APIs with HTTPS and Paillier
Building Encrypted APIs with HTTPS and Paillier
Nicholas Doiron
 
Code for Japan: Civic Tech and Maps
Code for Japan: Civic Tech and MapsCode for Japan: Civic Tech and Maps
Code for Japan: Civic Tech and Maps
Nicholas Doiron
 
Post-Quantum Dev Ops
Post-Quantum Dev OpsPost-Quantum Dev Ops
Post-Quantum Dev Ops
Nicholas Doiron
 
If OLPC started today... JSConf.is
If OLPC started today... JSConf.isIf OLPC started today... JSConf.is
If OLPC started today... JSConf.is
Nicholas Doiron
 
Demolitions and Dali : Web Dev and Data in a Graph Database
Demolitions and Dali : Web Dev and Data in a Graph DatabaseDemolitions and Dali : Web Dev and Data in a Graph Database
Demolitions and Dali : Web Dev and Data in a Graph Database
Nicholas Doiron
 
NodeJS in Naypyitaw
NodeJS in NaypyitawNodeJS in Naypyitaw
NodeJS in Naypyitaw
Nicholas Doiron
 
Burmese Crosswords
Burmese CrosswordsBurmese Crosswords
Burmese Crosswords
Nicholas Doiron
 
Future of Home: Living on the Run with Airbnb
Future of Home: Living on the Run with AirbnbFuture of Home: Living on the Run with Airbnb
Future of Home: Living on the Run with Airbnb
Nicholas Doiron
 
iLoominate: Authoring eBooks in Multiple Languages
iLoominate: Authoring eBooks in Multiple LanguagesiLoominate: Authoring eBooks in Multiple Languages
iLoominate: Authoring eBooks in Multiple Languages
Nicholas Doiron
 
The Civic Deep Web
The Civic Deep WebThe Civic Deep Web
The Civic Deep Web
Nicholas Doiron
 
Community Planning: Less Maps, More Design
Community Planning: Less Maps, More DesignCommunity Planning: Less Maps, More Design
Community Planning: Less Maps, More Design
Nicholas Doiron
 
RobotsConf - Wiring, Soldering, Prototyping
RobotsConf - Wiring, Soldering, PrototypingRobotsConf - Wiring, Soldering, Prototyping
RobotsConf - Wiring, Soldering, Prototyping
Nicholas Doiron
 
CartoDrop: secure mapping and reporting over Tor
CartoDrop: secure mapping and reporting over TorCartoDrop: secure mapping and reporting over Tor
CartoDrop: secure mapping and reporting over Tor
Nicholas Doiron
 
CfA Ignite 2013: Uploading an Island, the Ultimate Backup Plan
CfA Ignite 2013: Uploading an Island, the Ultimate Backup PlanCfA Ignite 2013: Uploading an Island, the Ultimate Backup Plan
CfA Ignite 2013: Uploading an Island, the Ultimate Backup Plan
Nicholas Doiron
 
Code for America & the War on Git
Code for America & the War on GitCode for America & the War on Git
Code for America & the War on Git
Nicholas Doiron
 
GeoGit for Open Data
GeoGit for Open DataGeoGit for Open Data
GeoGit for Open Data
Nicholas Doiron
 
MajuroJS.org (Chicago presentation)
MajuroJS.org (Chicago presentation)MajuroJS.org (Chicago presentation)
MajuroJS.org (Chicago presentation)
Nicholas Doiron
 
Maps No One Wants
Maps No One WantsMaps No One Wants
Maps No One Wants
Nicholas Doiron
 
Unicode vs The World
Unicode vs The WorldUnicode vs The World
Unicode vs The World
Nicholas Doiron
 
How Code for America Makes Maps
How Code for America Makes MapsHow Code for America Makes Maps
How Code for America Makes Maps
Nicholas Doiron
 
Can We Teach Everyone to Code
Can We Teach Everyone to CodeCan We Teach Everyone to Code
Can We Teach Everyone to Code
Nicholas Doiron
 
Global Perspectives: Haiti - Esri Ed UC
Global Perspectives: Haiti - Esri Ed UCGlobal Perspectives: Haiti - Esri Ed UC
Global Perspectives: Haiti - Esri Ed UC
Nicholas Doiron
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
masabamasaba
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
kalichargn70th171
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
AnnaArtyushina1
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 

Weitere ähnliche Inhalte

Mehr von Nicholas Doiron

Mehr von Nicholas Doiron (16)

Burmese Crosswords
Burmese CrosswordsBurmese Crosswords
Burmese Crosswords
 
Future of Home: Living on the Run with Airbnb
Future of Home: Living on the Run with AirbnbFuture of Home: Living on the Run with Airbnb
Future of Home: Living on the Run with Airbnb
 
iLoominate: Authoring eBooks in Multiple Languages
iLoominate: Authoring eBooks in Multiple LanguagesiLoominate: Authoring eBooks in Multiple Languages
iLoominate: Authoring eBooks in Multiple Languages
 
The Civic Deep Web
The Civic Deep WebThe Civic Deep Web
The Civic Deep Web
 
Community Planning: Less Maps, More Design
Community Planning: Less Maps, More DesignCommunity Planning: Less Maps, More Design
Community Planning: Less Maps, More Design
 
RobotsConf - Wiring, Soldering, Prototyping
RobotsConf - Wiring, Soldering, PrototypingRobotsConf - Wiring, Soldering, Prototyping
RobotsConf - Wiring, Soldering, Prototyping
 
CartoDrop: secure mapping and reporting over Tor
CartoDrop: secure mapping and reporting over TorCartoDrop: secure mapping and reporting over Tor
CartoDrop: secure mapping and reporting over Tor
 
CfA Ignite 2013: Uploading an Island, the Ultimate Backup Plan
CfA Ignite 2013: Uploading an Island, the Ultimate Backup PlanCfA Ignite 2013: Uploading an Island, the Ultimate Backup Plan
CfA Ignite 2013: Uploading an Island, the Ultimate Backup Plan
 
Code for America & the War on Git
Code for America & the War on GitCode for America & the War on Git
Code for America & the War on Git
 
GeoGit for Open Data
GeoGit for Open DataGeoGit for Open Data
GeoGit for Open Data
 
MajuroJS.org (Chicago presentation)
MajuroJS.org (Chicago presentation)MajuroJS.org (Chicago presentation)
MajuroJS.org (Chicago presentation)
 
Maps No One Wants
Maps No One WantsMaps No One Wants
Maps No One Wants
 
Unicode vs The World
Unicode vs The WorldUnicode vs The World
Unicode vs The World
 
How Code for America Makes Maps
How Code for America Makes MapsHow Code for America Makes Maps
How Code for America Makes Maps
 
Can We Teach Everyone to Code
Can We Teach Everyone to CodeCan We Teach Everyone to Code
Can We Teach Everyone to Code
 
Global Perspectives: Haiti - Esri Ed UC
Global Perspectives: Haiti - Esri Ed UCGlobal Perspectives: Haiti - Esri Ed UC
Global Perspectives: Haiti - Esri Ed UC
 

Kürzlich hochgeladen

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

Kürzlich hochgeladen (20)

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 

Homomorphic Encryption and Geolocation

  • 1. GEOLOCATION & HOMOMORPHIC ENCRYPTION NICK DOIRON - @MAPMELD CRYPTO & PRIVACY VILLAGE
  • 2. QUICK INTRO • Senior Software Engineer, McKinsey & Company • One Laptop per Child, Code for America, MoMA • Also Fortran.io
  • 4. GEOLOCATION AND PRIVACY THE PROBLEM • Option A: Client-side • Download locations, boundaries, etc from server • Calculate and display answer on client • WEAK POINTS: big and/or precise data, proprietary data • Option B: Server-side • Request geolocation from client, send curated results back • GOOD FOR: finding your election / census info, large datasets • WEAK POINTS: client privacy
  • 5. GEOLOCATION AND PRIVACY THE PROBLEM • Can cryptographers create a 3rd Option? • Use location data while it’s encrypted? • This is a real thing called HOMOMORPHIC ENCRYPTION
  • 6. WHAT IS IT? HOMOMORPHIC ENCRYPTION • Classic examples: preparing stock market trade, email search • 1978: first descriptions of Partially Homomorphic Cryptosystems • Possible to perform arithmetic (addition OR multiplication) without decrypting numbers • 2009: first fully homomorphic cryptosystem, logic gates and all • Why not adopted? • People are OK sharing data, especially if they trust the business with their money • Expensive computation
  • 7. TREASURE HUNT / GEOCACHING DESIGNING OUR APPLICATION I THINK WE FOUND THE TREASURE I CAN’T REVEAL THE WIN LOCATION WHERE ARE YOU? ARE THEY SHARING COORDINATES YET?
  • 8. CHOOSING A CRYPTO SYSTEM DESIGNING OUR APPLICATION • In 2016, I chose the Paillier Cryptosystem for its Python and JavaScript libraries on GitHub • Today you could use others, maybe fully homomorphic crypto, or LLVM • Some repos: github.com/herumi/she-wasm runs in Web Assembly, npmjs.com/node-hcrypt uses multiple dependencies • What can we do with encrypted numbers (only partial)? • Add, subtract encrypted and unencrypted integers • Multiply by a scalar (possible to do 3 * x or 3.4 * x, not x * x)
  • 9. TREASURE HUNT / GEOCACHING MAKING A QUERY AM I AT THE TREASURE LOCATION? USE MY PUBLIC KEY PLZ
  • 10. TREASURE HUNT / GEOCACHING MAKING A QUERY AM I AT THE TREASURE LOCATION? USE MY PUBLIC KEY PLZ
  • 11. TREASURE HUNT / GEOCACHING MAKING A QUERY THIS IS A 617-DIGIT NUMBER? CAN I MAKE THE SAME NUMBER WITH THE KEY? HOW IS JS HANDLING THIS? ?lat= 334929186824659570088956240923716238760800994667805442788673520118294180150644643 381967207187681554464332372510963979864847790343587245266235465304867215544715688 921741290819421613418053105615630758875242876898390072520726980577592396801906772 503951322428823421599515309472549340891752671365791705009682700960223834685612196 395234303221211080941509336500833870037908354224796209283557329897768256335807645 508672594555757229814833194160222178258491169630143379272546672239151386540802843 554880083749678774495552354955392967608923260877514999030243487418576175871511185 00897064210692720802063451090155868802184986376384
  • 12. TREASURE HUNT / GEOCACHING MAKING A QUERY I DO THE MATH ONLY YOU WILL BE ABLE TO DECRYPT THE RESULT * 10 * 10 * 10 * 10
  • 13. TREASURE HUNT / GEOCACHING MAKING A QUERY OOPS Parsing the response:
  • 14. TREASURE HUNT / GEOCACHING MAKING A QUERY I HACKED THE SERVER LOGS AND DB, BUT THEY NEVER KNEW WHERE THE PLAYER WAS DID YOU GET ANYTHING?
  • 15. NOT SO CLEAN JUPYTER NOTEBOOKS bit.ly/cryptogeo github.com/Georeactor/crypto-geofence
  • 18. NEARBY LOCATIONS NEXT CHALLENGE • Why this is hard (mathematically) • If a server CAN sort by distance, it can test unlimited locations • If a server CAN’T sort by distance, how does it limit response to client? • If the client receives distances and IDs, they can calculate all of the locations from 3 different queries
  • 19. NEARBY BUSINESSES NEXT CHALLENGE • Explaining our geohash: 9qqj7nsrzttj • 26 letters + 10 numbers divide world into (6 x 6) parts, n times • Send a square (using my level of precision n1) and receive results organized by server’s level of precision n2 >= n1
  • 20. NEARBY BUSINESSES NEXT CHALLENGE • Geohash edge problem • Replace with user-picked random offsets
  • 21. FUTURE STUFF • Use multiple boxes and triangles to make Treasure Hunt work on any shape? • Research newer JS libraries to support more geo calculations, joint server-client calculations? • Lattice-based PQ Crypto, Voting Thanks for listening! Talk to me IRL / Twitter / GitHub: Nick Doiron - @mapmeld bit.ly/cryptogeo github.com/Georeactor/crypto-geofence