Full Homomorphic Encryption (FHE) and CSAM

You sometimes tire of those blogs which push the same old, “You multifactor authentication”, and “Change your password often!”. While the…

Full Homomorphic Encryption (FHE) and CSAM

You sometimes tire of those blogs which push the same old, “You multifactor authentication”, and “Change your password often!”. While the messages are worthy, they hardly stimulate debate and critical thought in cybersecurity. We thus need people like Bruce Schneier and Matthew Green to stir things up a bit, and try and explain complex areas of technology in an interesting and engaging way.

And, so, this week, Matthew published this blog post [here]:

It is a stimulating essay on one of the most difficult technology challenges of the time … how to uncover objectable material (CSAM) without breaking our rights to privacy. For this, he talks about Ashton Kutcher — and who played Steve Jobs in a movie. Matthew outlines that Ashton gave a major speech to EU Parliament members — and which supported the EU’s approach to scanning content. Ashton co-founded Thorn, and which integrates cryptography for CSAM scanning.

As Matthew outlines, Ashton even outlined a method of using FHE (Fully Homomorphic Encryption) to perform matches on content matches. This could work by storing hashes of objectable content, and then encrypting these with a homomorphic public key. The sampled content could then also be hashed, and encrypted with the same public key. A subtractor circuit can then be used to perform a subtraction on the encrypted data, and where the result could then be decrypted with the associated private key. If the result was zero, there was a match. Only someone with the private key could then determine if there was a match or not:

Figure 1: Use of HFE for CSAM scanning

In Figure 1, we see that Alice is the trusted processor of the matching service. She will generate a key pair, and store the private key in a secure enclave. She can then pass the public key to Bob, and who will encrypt a hashed version of the content for Alice. Alice then has an encrypted hashed version of the matched object. A homomorphic subtraction can then be undertaken, and the result passed to the secure enclave. Alice can then reveal the result by decrypting it with her private key. If the result is zero, the images match. Bob, though, cannot tell if there is a match, as long as the CSAM content never is revealed in a non-encrypted form.

Obviously, we won’t use cryptographic hashing for the matching, as a single bit change would completely change the hash. For this, we can use similarity or perceptual hashing, such as:

Hamming distributions of popular perceptual hashing techniques
Author links open overlay panel Sean McKeown , William J. Buchanan Show more Content-based file matching has been…www.sciencedirect.com

With these, the hash of the content is matched against certain features of the content. This allows for the detection of an image, even if it is scaled, cropped, or has a border added.

If you want to learn more about homomorphic encryption, try here:

https://asecuritysite.com/homomorphic/

So, go read the rest of the blog:

On Ashton Kutcher and Secure Multi-Party Computation
Back in March I was fortunate to spend several days visiting Brussels, where I had a chance to attend a panel on "chat…blog.cryptographyengineering.com