For example, I find private set intersection[1] as implemented by OpenMined a really useful primitive a bunch of privacy enhancing applications can be built on top of.
My colleagues and I recently published a pre-print[2] showing how to use this for sharing locations you and another person have had in common, without being able to see other locations. The paper talks about a social network built around this but I also think there are useful applications in things like real-world games (scavenger hunts etc)
[1] https://github.com/OpenMined/PSI/blob/master/private_set_int...
The encryption/hashing doesn't really add anything beyond empty marketing. The trusted party who ppl report to could easily work out all of the names of they wanted to.
Edit: HE scheme (lwe) works on individual bits. Meaning there are only two plaintexts (0,1). Each has exponentially many ciphertexts, only one chosen at random. They also share ciphertext space, meaning each ciphertext could be either encrypted zero or one.
1) Initial report is filed.
2) Second report is filed by a user who only knows the attackers details.
3) Match is found
Therefore you can just keep iterating through names till you get a match.
Another way of saying it is that the application won't work if a second user can't tell that the first user has entered an attackers name.
The vulnerability is in the application specification, not HE.
Edit: I realize you’re probably talking about Callisto which does seems like simple hashing of names, but I wanted to note that this is not always the case in apps using ZK proofs and FHE which the article touches on a bit later.
An example of that was a Wikipedia server that someone made which would serve you pages without the server knowing which page your client was actually after (https://news.ycombinator.com/item?id=31668814 4 months ago, 119 comments). It's still not really efficient; you can't simply swap out the real Wikipedia for this system and expect it to simply work.
> the server [needs] to scan through the entire encrypted dataset [for every request] (this is unavoidable, otherwise its I/O patterns would leak information)
Imagine Wikipedia servers needs to read every byte written on Wikipedia and operate on it before being able to formulate an answer to a random pageload. Additionally, if I remember correctly, things like autocomplete worked by just downloading the entire list of articles and doing that locally. It's all not impossible, but not a drop-in solution.
And then when you have a situation where you can practically apply it, there aren't popular/trusted/already-audited software packages out there for you to just use with confidence.
It's good that the Guardian is covering this, but it's not exactly new.
This is a great technique that improves security.
But is isn't the same as zero-knowledge techniques which are comparatively new. The maths for them first developed in the mid-to-late 1980s, but zkSNARK (which made it useful in computer science) wasn't developed until 2012[3]
[1] https://www.wayner.org/node/15
[2] https://www.researchgate.net/publication/301174908_Transluce...
https://www.wayner.org/node/39
Of course implementation takes work and especially so on modern large databases.
Except they don’t have any way to contact each other, or for anyone else (like the police) to contact them… so how exactly are they going to have a case?
Nonsense. An anonymous accusation is all but meaningless, and is in no way similar to a conviction. This is some truly garbage journalism.
Also not to pile it on -- it's a complete tangent, really -- but every time I read the word "whilst" I cringe and wonder why the author didn't write "while". IMHO it adds no additional information or nuance, it's an archaic word that's long since departed from spoken use, and its presence in a sentence serves only to signal a failed attempt to sound sophisticated. Maybe it's just me, but for some reason it always triggers this reaction of "oh get off it, stop being pompous". /rant /tangent
Neither the article nor Project Callisto claim it is anything like a conviction. The article itself points out that even when multiple people accuse the same person the lawyers who are contacted do not (and cannot) get access to the accused person's name via the system.
