Lindell says that his protocol can be mathematically proven to work efficiently and securely, but he admits that there is one weak spot. “I’m introducing another avenue of attack,” he says, referring to the smart card. Bob could try to pull the secret key from the smart card in order to decrypt Alice’s database and read its contents. However, Lindell notes that high-end smart cards have strong protections and can be designed to self-destruct if the chip is compromised. “Smart cards are not perfect,” Lindell acknowledges, but he says that competing schemes have their own weaknesses.
By introducing a smart card, Lindell’s system requires far less computing resources to protect people’s private information, says Benny Pinkas, a professor of computer science at the University of Haifa, in Israel, who has also worked on the problem. “In my view, the trade-off is reasonable for all but the very most sensitive applications,” he adds.
Ari Juels, chief scientist at RSA Laboratories, agrees that some sort of hardware is needed for this kind of information-sharing scheme. However, he is “somewhat skeptical” about the smart-card approach. For one thing, he says, the card essentially serves as a trusted third party, so it could be difficult to find a manufacturer that both organizations trust completely. Even then, “assuming that a smart card is secure against an individual or modestly funded organization may be reasonable,” Juels says, “but not that it’s secure against a highly resourced one, like a national-intelligence agency.”
Michael Zimmer, an assistant professor at the University of Wisconsin-Milwaukee who studies privacy and surveillance, says that Lindell is working on an important problem: “There can be some great benefits to data mining and the comparison of databases, and if we can arrive at methods to do this in privacy-protecting ways, that’s a good thing.” But he believes that developing secure ways of sharing information might encourage organizations to share even more data, raising new privacy concerns.
Currently, Lindell’s protocol can only be used to make certain types of comparisons, but he argues that it could still prove useful. “Let’s give [organizations] only what they need, and, when we do have solutions already, let’s at least start somewhere and limit what they could be learning,” he says.