Inspired by Bitcoin, MIT's mysterious Enigma project lets computers mine encrypted data

The cryptography behind Bitcoin solves a seemingly contradictory problem: a currency with no administrators that cannot be forged. A similar project, mixing math and code, is trying to achieve another magical goal: allowing anyone to share their data in the cloud while keeping it completely private.

On Tuesday, two bitcoin entrepreneurs and the MIT Media Lab unveiled a system called Enigma that aims to achieve a decades-old goal in data security called "homomorphic" encryption: a way to encrypt data so it can be shared with a third party and used for computation without being decrypted. The mathematical technique — which would allow untrusted computers to run calculations on sensitive data without risking it being compromised or spied on by hackers — has become more urgent in an era when millions of users are increasingly sharing their secrets with Amazon, Dropbox, Google, and Facebook. Now with bitcoin's technology, Enigma's founders say they can perform homomorphic encryption calculations more efficiently than before.

"You can think of it as a black box," said Guy Zyskind, a researcher at the MIT Media Lab and one of Enigma's founders. "You can send any data to it, and it just runs through the black box and returns the result. The actual data never leaks out to the outside world or to the computer inside that's running the computation."

Enigma's homomorphic technology works by mimicking some of the features of Bitcoin's decentralized network structure: it breaks data into many pieces to encrypt it, and randomly distributes these undecipherable pieces to many computers in the Enigma network, called "nodes." Each node performs separate calculations on the information fragments before users reassemble the results to get the unencrypted answer. It is because of these mathematical tricks implemented by Enigma's founders that the nodes are able to collectively perform all the calculations that computers usually do, without accessing other parts of the data except for the small fragments assigned to them.

To keep track of who owns what data — where pieces of data are distributed — Enigma stores metadata on the bitcoin blockchain, an unforgeable message replicated across thousands of computers in the bitcoin ecosystem to prevent forgery and fraud. (Like other bitcoin-style decentralized cryptography projects, Enigma’s architecture is a tad bitch in its complexity. Read the project’s white paper for a full technical explanation. In addition to that white paper, Zyskind and Nathan say they plan to release the project’s open-source code by the end of the summer.)

“I can break my age data into multiple pieces and give them to 10 people. If you ask one of them, they only have 1 random piece of data. Only by combining enough pieces can they decrypt the original data.”

Enigma founders Guy Zyskind and Oz Nathan. Photo: COURTESY OZ NATHAN

It’s important to realize that any new and unproven encryption scheme should be approached with caution. But if Enigma’s homomorphic encryption works as its founders promise, the implications are huge. Private databases can be hosted and queried in the cloud without any risk of their contents being exposed. It can allow search engines to return results without seeing a user’s unencrypted search request. Enigma’s founders say the project could allow Internet users to securely share all kinds of data with pharmaceutical companies without any privacy risks — the companies could run operations on the encrypted data to get useful results, but wouldn’t have access to any specific user data. “No one wants to give their data to some company when they don’t know what they’re going to do with it,” said Oz Nathan, co-founder of Enigma. “If you’ve guaranteed privacy, data analysis becomes very powerful. People are actually willing to share more.”

Enigma's founders are far from the first to suggest a homomorphic encryption scheme. IBM researcher Craig Centry, who first proposed a fully homomorphic encryption scheme, achieved a major breakthrough in 2009 - a mathematical technique that allows any calculation to be performed on encrypted data without security issues and without the need for Enigma's complex distributed computer network. But Gentry's method is extremely slow: for example, it takes a trillion times longer to perform a Google search using it than it does to perform the same task without encryption. Since then, Gentry has begun to speed up the process, but the necessary time required for the calculation is still close to millions of times.

Enigma's founders, on the other hand, say that their decentralized encryption process takes 100 times less time to perform calculations than the computational requirements. They hope to reduce this to 10 times in the near future. They also say that any Enigma computational requirements depend on the number of participating nodes. The more computers that participate, the safer the user's data is, but the slower the process will be.

However, a considerable hurdle for Enigma is that it will require hundreds or even thousands of users to adopt the system and run its code before it can start working securely. To get initial buy-in, Nathan and Zyskind have created a reward scheme: Every time someone requests a computation from the Enigma network, he or she will pay a bitcoin fee. A small portion of those fees will go to computers on the bitcoin network that record Enigma’s metadata on the blockchain. But the majority of the fees will go to nodes on the Enigma network as a reward for storing and processing user data, so that users of Enigma are like advertisers, paying users for the privilege of mining their data — but without ever seeing it in a decrypted format.

The idea behind recruiting as many nodes as possible is to address an initial vulnerability in Enigma's scheme: If enough Enigma nodes work together, they could team up to decrypt and steal users' data. But that kind of collusion is unlikely, Zyskind said. He likened the problem to a so-called 51 percent attack on bitcoin, in which a majority of bitcoin nodes agree to take over the blockchain and defraud users. That bitcoin attack has never happened, Zyskind noted, and he said the problem of malicious collusion is even less likely in Enigma.

To keep Enigma nodes honest and ensure that node calculations are accurate, the system also includes a "collateral deposit," which everyone participating in the network must pay in bitcoin. If other nodes discover that a node in the network is dishonest, its deposit will be frozen and distributed to other nodes. "This offsets and eliminates the incentive for people to cheat," Zyskind said.

From a privacy perspective, Enigma may make deep mining of personal data safer.

Sandy Pentland, Zyskind and Nathan's advisor at Enigma, is a well-known data scientist at MIT who is famous for his work on social data mining. For example, in one experiment, Pentland's researchers placed sensor devices called "social meters" around the necks of hundreds of testers in a work environment, using the data results of who talked to whom and even what tone of voice to understand what type of groups in the office are most productive or who are the real managers, and then compared them with those with the highest titles on the management chart.

From a privacy perspective, Enigma could make deep mining of personal data safer. "My work...is often about exploring future fields where sensors and computers are more ubiquitous than they are today," Pentland wrote in an email to WIRED. "The advent of Bitcoin has profoundly changed these discussions, adding a whole new way of tools to protect privacy. Enigma is the result of the collision of Bitcoin and privacy security research."

If Enigma can achieve fully homomorphic encryption, Zyskind says, perhaps it will eventually allow users to provide more data that can be mined without the authoritarian fears that data mining usually brings.

“How do we do more with data, and how do we protect it from a privacy perspective?” Zyskind asked. “This is one way to get data privacy right now.”