Invited Speakers

George Danezis

Microsoft Research Cambridge
University College London

Engineering Privacy-Friendly Computations

In the past few years tremendous cryptographic progress has been made in relation to primitives for privacy friendly-computations. These include celebrated results around fully homomorphic encryption, faster somehow homomorphic encryption, and ways to leverage them to support more efficient secret-sharing based secure multi-party computations. Similar break-through in verifiable computation, and succinct arguments of knowledge, make it practical to verify complex computations, as part of privacy-preserving client side program execution.
Besides computations themselves, notions like differential privacy attempt to capture the essence of what it means for computations to leak little personal information, and have been mapped to existing data query languages.

So, is the problem of computation on private data solved, or just about to be solved? In this talk, I argue that the models of generic computation supported by cryptographic primitives are complete, but rather removed from what a typical engineer or data analyst expects. Furthermore, the use of these cryptographic technologies impose constrains that require fundamental changes in the engineering of computing systems. While those challenges are not obviously cryptographic in nature, they are nevertheless hard to overcome, have serious performance implications, and errors open avenues for attack.

Throughout the talk I use examples from our own work relating to privacy-friendly computations within smart grid and smart metering deployments for private billing, privacy-friendly aggregation, statistics and fraud detection. These experiences have guided the design of ZQL, a cryptographic language and compiler for zero-knowledge proofs, as well as more recent tools that compile using secret-sharing based primitives.

Lars R. Knudsen

Technical University of Denmark (DTU)

Block ciphers - past and present

In the 1980s researchers were trying to understand the design of the DES, and breaking it seemed impossible. Other block ciphers were proposed, and cryptanalysis of block ciphers got interesting.  The area took off in the 1990s where it exploded with the appearance of differential and linear cryptanalysis and the many variants thereof which appeared in the time after.  In the 2000s AES became a standard and it was constructed specifically to resist the general attacks and the area of (traditional) block cipher cryptanalysis seemed saturated.... Much of the progress in cryptanalysis of the AES since then has come from side-channel attacks and related-key attacks.

Still today, for most block cipher applications the AES is a good and popular choice. However, the AES is perhaps not particularly well suited for extremely constrained environments such as RFID tags. Therefore, one trend in block cipher design has been to come up with ultra-lightweight block ciphers with good security and hardware efficiency.  I was involved in the design of the ciphers Present (from CHES 2007), PrintCipher (presented at CHES 2010) and PRINCE (from Asiacrypt 2012).  Another trend in block cipher design has been try to increase the efficiency by making certain components part of the secret key, e.g., to be able to reduce the number of rounds of a cipher.

In this talk, I will review these results.