I have FHE-related question. I am trying to learn and use OpenFHE for my master thesis and I was thinking about a use case, but I have a question.
If I had to build a homomorphic encryption based bank, where the bank keeps the encrypted value of my account, would it be possible for them to check if I have enough money to make a purchase?
Let’s say i have 100€ in my account and I want to buy something that costs 20€; is it possible for the bank to check whether in my account there is at least 20€, without actually seeing the real value of my account? Asking the client would not be smart since it could lie anyway.
Yes, it should be. If we break this down, this essentially evalutes to a number based comparison, which FHE supports via schemes like FHEW/ TFHE. See some previous discussions around this:
Thank you for your response! My doubt still remains though. We can compare if the bank account has at least 20€, but the result of this comparison would be encrypted, so the bank can’t see it (only the user has the secret key).
The bank can do the check, subtract if the amount is less than the current balance, and send an encrypted response. The encrypted response may be sent to a third party (the vendor in your example). If the vendor can decrypt the response (either by having your secret key, or using proxy re-encryption, etc.), they can approve or decline the order based on the response, where 1 indicates approval and 0 indicates decline.
If the bank knows the response every time an inquiry is invoked, the bank can easily infer/estimate your balance using a binary search algorithm.
In case of a chat application where two users share the same secret key, the central server, who stores encrypted messages, is able to run (for instance) a classification model on the messages that they share, but he is not able to see the result.
Is there a way for the server to see the result of the classification? For instance he wants to check whether messages contain insults without seeing the content of the message.
In FHE, the result is typically encrypted, and only the party that has the secret key (or a collection of parties with secret key shares) can decrypt it. There are other cryptographic primitives that output the result in the clear, such as program obfuscation or functional encryption, but they are expensive (and often impractical except for very special cases).