Hi, I’ll start off by saying that I’m a beginner in HE and I have a project that follows an Implementation similar to this.
It depends on the chosen cryptosystem. Comparisons are usually tackled as follows:
if a < b then return foo() else return bar()
becomes
return c * foo() + (1 - c) * bar()
where c is defined as:
c = (sgn(a-b)+1)/2
Now, the problem is approximating the signum function, which is non-linear.
And with a sign function I would be able to know the sign of the number without having private keys on the server? Again I’m a bit of noob in this area still.
I was initially looking at this example but before printing the evaluation result it decrypts the data. Would it be possible to modify this function in a way that allows for said evaluation to be performed on encrypted data?
The evaluation will contain either -1 or 1, but the server does not know which value is contained in the ciphertext. You can use this information to “mask” the values that you want to consider (mult by 1) and to discard the others (mult by 0)
The latter is decrypted in order to show the results of the computation, but the computation is encrypted and performed on encrypted data.
Just to check If I’m following, after this code
ct1 = cc.EvalSign(ct1);
the sign evaluation has been performed on the encrypted and the result is also encrypted (I’m assuming using the same private/public key pair as original ciphertext) but would there be any way for me know the sign on server side whitout decrypting? My idea would be to do something like this:
Encrypted patient data comes In and I only want to get a list of patients who have blood pressure over 120/80. The blood pressure exam result would be encrypted and Ideally the server would only return the list of patients who met the criteria of search.
Yes, the results are encrypted. You could do the following:
Encrypt a list of blood pressures, e.g.: [50, 110, 30, 120].
Subtract a threshold (for example 100): [50 -100, 100 - 100, 30 - 100, 120-100]
Eval the sign [-1, 1, -1, 1]
Add one and mult by 0.5: [0, 1, 0, 1]
Mult these masks by the initial list of blood pressures
The result will be [0, 110, 30, 120]
So if I would like to have each patient data encrypted with its own private key I would have to have the “queriable” data encrypted separately with I public key to which have the private (or simmetric encryption) and link it to the original patient right?
This is a design question. In your example, the data of the patients are not being combined at the server side, but each blood pressure is just compared by a threshold and returned. In this case, each patient can use its own secret key-public key pair, and the server independently processes the encrypted data of each patient.
On the other hand, in more realistic scenarios, the data of the patients need to be combined at the server side. This means that all the patients need to encrypt their data with the same public key. In the diagram that you posted, there is a single entity, e.g., a hospital, encrypting a list of patient data. This entity generates a secret key-public key pair and encrypts the list with the public key. In that case, after the encrypted computation at the server for the threshold, then masked to only return the ones larger than the threshold, the encrypted result is returned to the hospital which decrypts it using its secret key. The “linking to the original patient” is done by the position in the list (each patient data is in one entry of the list, and the computation at the server does not scramble the order).
If you want to return the result not to the hospital but to each separate patient, then this is a multi-party computation problem and the solution is interactive. One option is to use threshold FHE, another option is to use some joint secrets between the server and each patient.