Searchable, Sortable, Partially Searchable and Wild Card Searchable Encryption/Obfuscation

Please have a representative of Solid contact me at my forum accounts email address as soon as possible. This is very important.

I have for year now known of a way to make a “Client driven, Searchable, Sortable, Partially Searchable and Wild Card Searchable Encryption/Obfuscation System, for the sharing and management of intellectual property”.

With my idea, if applied to Solid’s “Pod” vision, would be, instead of having a single server, or even many servers, represent one person’s Pod, the client’s machine, and many servers combined would be driven by clients to serve as a “Virtual Pod”, with a Searchable, Sortable, Partially Searchable and Wild Card Searchable Encryption/Obfuscation System. Key word, “System”. I only said “Virtual Pod” with the hopes to make it better understood.

This would make it IMPOSSIBLE, for any intellectual property, or even the searching/sharing of one’s intellectual property to be decrypted/de-obfuscated from any servers, with even final level client side obfuscation protection, should a hacker/villain gain access to the user’s machine, or even the user themselves.

Literally, no effort on any server between a user’s machine, to those whom they want to share/manage the use/access of their intellectual property would be possible from the servers. Even if every server was hacked, and some one coerced the administrators complete access to even the registry of ever machine, could this be broken.

And all the while the above is done, the user could make their intellectual Property Searchable, Sortable, Partially Searchable and Wild Card Searchable so other they chose, can find/access their intellectual property…

Why would you only want to discuss it with a Solid representative?

Especially in crptography, everything (except the keys) should be publicly available. If it depends on not knowing the algorithm, it’s generally considered bad (see the discussion about the Kerckhoff’s principle). Encryption standards are publicly known and discussed before being used. Therefore I wouldn’t see why you can’t link to the encryption algorithms you propose here

Apart from that, it sounds very similar to (fully) homomorphic encryption. In FHE, one can perform operations on encrypted data without decrypting it (e.g. making a database search without knowing what the user searches for). Could you elaborate what the differences between your system and homomorphic encryption (as for instance by HElib) are?

Thank you for the reply.

I would like to discuss my idea with Solid representative(s) in the hopes of getting my idea to market.

I’ll explain more later, but I really believe the world market is SCREAMING for my idea, and Solid could help get it out there, and far better accomplish their idea of making a system to protect the ownership of intellectual property.

For the moment, I’ll suffice to say, I believe, that whoever gets my idea to market first, wins, because at the end of the day, my idea is not susceptible to hacking/coercion at the server level; thus truly ensuring the protection of IP all the while decentralizing the sharing/management of IP.

That said, I hope I’m not coming too late into Solid’s time line, that they would otherwise not have the time to even hear/consider other ideas.

I have an idea that has not been done in any manner even slightly so, as otherwise, efforts like Solid would not be needed.

My idea centers around a “ Client Driven Encryption/Obfuscation System ”. Not a encryption algorithm, but a client driven system.

The primary goal of my idea is to protect intellectual property and the management and sharing of the IP to customers, clients, and audiences.

To accomplish this goal, the key ingredient is to have a searchable, sortable, partially searchable, and wild card searchable system, that no matter what, never lets intellectual property leave one’s client machine unencrypted/un-obfuscated, but is still searchable/sortable by customers/clients/audiences.

This means, anything from the network card of a owner/customer/client/audience’s machine, to ALL servers in between them and the IP, can not be decrypted/de-obfuscated. Literally, the servers/machines, between clients/owner never get the IP data and/or its management or sharing of the IP unencrypted/un-obfuscated.

To further clarify that latter point, this is not an encryption method.

  • There are not “keys” public/private.
  • No standard algorithms of any kind for encryption including the searching and sorting of encrypted data.
  • No concept of the servers having any data down to even the register that is unencrypted/un-obfuscated.
  • No “hint-based” algorithms.
  • The servers only and ever see BLOBs of meaningless data, that only the clients of the client driven system can see/understand.
  • There is not even the concept of 1 single server with my idea. In fact, the more servers, the more secure with redundancy the protection becomes.

No one has done anything close to my idea.

As for why I want to rush getting a dialog going with Solid representatives, I believe the world has realized how dangerous and monopolizing it is to have any central IP storage/distribution/platform like youTube, Google, Facebook. And I believe, there is going to be a rush to get something standardized as soon as possible.

Fortunately for my idea, I see no one, even slightly close to solving the Searchable, Sortable, Partially Searchable, and Wild Card Searchable client driven system.

Not even slightly close. I see organizations trying to develop algorithms, with “hints” and they are astronomically way off, cause if ANY server can at any time see IP data or the management/sharing of the IP data unencrypted/un-obfuscated, then the system is a failure. Through either hacking and/or coercions, the system can be defeated at the server level. I’ve solved this problem.

My idea is not subject to such failure, because the servers (plural) never get the IP data or the management/sharing of the IP unencrypted/un-obfuscated.

With my idea, even if hackers got onto every server, they;d still have nothing. Even if the admin personnel over all server could be coerced for money or by threats, my idea will not fail.

And my idea also includes a final client side obfuscation protection, that even if the client, whether IP Owner, customer, audience get compromised, there is a final obfuscation level protection, which is why I always include obfuscation with my statement: “ Client Driven Encryption/Obfuscation System “.

Summary of my idea:

  1. Servers never get anything unencrypted/un-obfuscated.
  • Thus hacking/coercion done at even ALL servers accomplishes nothing.
  1. Searchable, sortable, partially searchable, and wild card searchable encryption/obfuscation system
  • No encryption algorithms, no hints, no public/private keys, no single search/sort algorithms for encryption.
  1. Final client level obfuscation protection, even if client machines compromised.

Next Steps:

  1. Have dialogs via emails to phone with Solid representatives, to see if Solid is interested in my idea.
  • Eventually, get face to face meetings.
  1. If need be, to work with such dialogs to further explain how my idea would work, help IP ownerships, and be profitable.
  2. Discuss means to seek funding through government grants/contracts to get my idea to market and standardized.

Apart from that, it sounds very similar to (fully) homomorphic encryption. In FHE, one can perform operations on encrypted data without decrypting it (e.g. making a database search without knowing what the user searches for). Could you elaborate what the differences between your system and homomorphic encryption (as for instance by HElib) are?

===============================================

They are discussing a encryption algorithm(s) (as explained here) that do not address the following:

  1. Client Driven, Searchable, Sortable, Partially Searchable, Wild Card Searchable Encryption/Obfuscation System .
  2. Not an encryption algorithm.
  3. No hints.
  4. No public/private keys.
  5. No standard anything for the searching/sorting of encrypted data.
  6. Data never gets to servers (plural) unencrypted/un-obfuscated ever.
  7. No level of hacking/coercion at ALL server can access the IP, or its management/sharing. Even hacking down to the registry level.
  8. Has final level client side obfuscation protection should client machine and/or the client’s themselves get hacked/coerced.

The HElib is just an algorithm based library for the encryption.

Meaning, if you have the “keys”, you can go to the machine with the data (or any machine with access to the machine with the data), run the algorithm, and decrypt the data.

As such, a hacker or some one willing to coerce through money or threats, can force admin personnel to give up the keys and thus gain access to the data despite the client’s knowledge of, or given permission.

And worth mentioning, cold case snapshots of the data can be used, over and over again, with decryption attempts.

Of biggest limitation with HELib/FHE is no sorting. Let alone no partial searching or wild card searching.

Speaking of sorting, this is the biggest limitation when approaching searchable encryption with any kind of “encryption algorithm” based solution.

The problem they have is that there is no means to sort, or worse, if they do have sorting, they have to have a “hint” mechanism on the servers, which means hacking/coercion can eaves drop into all management/sharing of data. Put another way, if an algorithm has to have any kind of “hint” mechanism, the system may protect the data, but not the management/sharing of the data. Example, if the data is a person’s medical records; A hint base algorithm might protect seeing all the data of the person’s record, but if a hacker gets to the registry, or in-proc-memory of the algorithm running its hint mechanism, they may see where/when and to whom searches by DOB, first/last name go to as that information would most likely be used with sorting.

Thanks for your response. keep in mind that I won’t be able to get you onward with your next steps, no matter what I would think of your system (so you don’t need to invest much time into explaining to me if you don’t want to).

That’s something I don’t understand. You claim that the server has stored a BLOB which is unreadable by it, but readable by the client. If the algorithm for restoring the data is public (which should be the case by Kerckhoff’s principle), then the server knows this algorithm for restoring the data. Therefore for accessing the data, the client must do something different than the server, which would be some kind of a key. However it sounds like you don’t use any keys, which doesn’t work out in my mind.

A similar application to what you propose with keys (and standardized encryption methods) would be cryptpad. The data is encrypted client side and the server only has unreadable blobs of data. However I don’t think there is much of a searching/sorting functionality.

That’s something I don’t understand. You claim that the server has stored a BLOB which is unreadable by it, but readable by the client.

  • Correction. “servers” plural.
  • My idea centers on many servers, and when more are added, the protection increases.

If the algorithm for restoring the data is public (which should be the case by Kerckhoff’s principle), then the server knows this algorithm for restoring the data. Therefore for accessing the data, the client must do something different than the server, which would be some kind of a key. However it sounds like you don’t use any keys, which doesn’t work out in my mind.

  • There are no keys, and the whole public/private concept is gone.

  • The most I will go to answer anything “how” based is to say “Client Driver ~~~~ System”.

  • Also, NO existing, and certainly standardized method of ANYTHING (encrytion or the search/sorting) is in my idea.

    • If anything “standard” or “public knowledge of” is used in any manner or fashion, you reduce the security of the system. And yes, from my idea, it is possible to have no-pre-known form of encryption, just magically work on clients on the other side of the internet. I figured this out.
    • To further discredit any pre-known/standard anything. If you have any pre-known/standard algorithm for anything (which my idea does not), then the client has to know about it, to be able to encrypt/decrypt against it. If you have that, then all one needs to do is hack/coerce the deployment of that pre-known/standard algorithm, to get at one IPS, its management, and/or sharing of.
    • My solution is beyond standard. If anything is pre-known, the central servers can be hacked/coerced to break the IP protection.
  • Envision, through hacking/coercion, EVERY server is compromised, such that all sharing/management of IP is divulged against the IP Owners knowledge or express permission.

A similar application to what you propose with keys (and standardized encryption methods) would be cryptpad. The data is encrypted client side and the server only has unreadable blobs of data. However I don’t think there is much of a searching/sorting functionality.

  • The is the closet I’ve ever gotten anyone even slightly related to Cryptology, to admit they do not know how to make TRUE searchable encryption. Let alone, sortable, partially searchable, and wild-card searchable. But I figured it out years ago.
  • Up to till recent events, I pretty much felt that short of me winning the lottery to fund myself, that I would never get my idea to market, cause no one would take financial risks without proof up front.
  • But times have changed, and now I believe that through government grants, the funding can be procured with very little risk, cause governments have finally concluded the Tech Giants are a danger…
  • I also believe that government grants could not only help to get my idea to market but would also help to get my idea as a commercial standard for others, including the Tech Giants, having to follow.

Bottom Line:
Can/will some one take what I’ve said to Solid’s owners/stake-holders, and at least recognize the value of what my idea would bring?

The world does not need another central server system, that through hacking/coercion can be broke/compromised. We have plenty of those, and look at what happens to them. This is what I see Solid heading to, and it would be such a shame as your’s truly has come (hopefully not too late) to offer something the world really wants.

And what the world wants, is a technical marvel, that makes it IMPOSSIBLE for the servers to be hacked/coerced to otherwise compromise IP, its management, and sharing against the IP owner.
They do not want to hear, VP So-and-So, was bribed by Country X, to sell all the IP, management, and sharing of, which in turn compromised XXX millions of accounts. They also do not want to hear, Solid confirmed So-and-So did share his IP to Such-And-Such Friday last week, and now Google is demanding that congress pass a law to force solid to divulge the name/dates of when that IP was shared/managed.