International Association for Cryptologic Research

Ph.D. Database

The aim of the IACR Ph.D. database is twofold. On the first hand, we want to offer an overview of Ph.D. already completed in the domain of cryptology. Where possible, this should also include a subject classification, an abstract, and access to the full text. On the second hand, it deals with Ph.D. subjects currently under investigation. This way, we provide a timely map of contemporary research in cryptology. All entries or changes need to be approved by an editor. You can contact them via phds (at)


Mohamed Layouni (#608)
Name Mohamed Layouni
Personal Homepage
Institution McGill University
Topic of his/her doctorate. Privacy-preserving Personal Information Management
Category cryptographic protocols
Keywords Privacy-preserving Technologies and Credentials, Private Information Retrieval, Oblivious Transfers, Zero-Knowledge, Anonymity, Public-Key Cryptography.
Ph.D. Supervisor(s) Claude Crépeau, Stefan Brands
Year of completion 2009
Abstract The spread of Information and Communication Technologies (ICTs) has transformed the way we deliver services, and has made them in general more efficient and more accessible to users. With these improvements however came new challenges. The extensive use of electronic services in our daily life, and the massive gathering of transactional data have led to serious privacy violations.

In this thesis we provide techniques to enhance users' privacy, and to give them greater control over their data. We propose a protocol allowing users to authorize access to their remotely-stored records, according to a self-chosen privacy policy, and without the storage server learning the access pattern to their records, or the index of the queried records. This prevents the storage server from linking the identity of the party retrieving a record to that of the record owner. In many applications, the association between the identity of the record retriever and that of the record owner represents sensitive information, and needs to be kept private. The proposed protocol is called Accredited Symmetrically Private Information Retrieval (ASPIR), and uses Brands's Anonymous Credentials [Bra00] and a Symmetrically Private Information Retrieval (SPIR) scheme by Lipmaa [Lip05], as building blocks.

Next, we extend the above ASPIR protocol to a setting where the stored records belong to multiple owners simultaneously. The new protocol, called Multi-Authorizer ASPIR, allows the owners of a record to authorize access to their data according to a self-chosen privacy policy, without the storage server learning the access pattern to their record. We present constructions for settings where the retrieving party has to provide authorizations either from all the owners of the target record, or from a subset of them of size greater that a certain threshold. We also consider the case of a General Access Structure, where the retrieval is allowed only if authorizations from certain pre-defined subsets of the owners are provided. The Multi-authorizer ASPIR protocol is more efficient than ASPIR, and can be built with any SPIR primitive.

Finally, we dedicate the last part of the thesis to applying privacy preserving techniques to a real world problem. In particular, we consider the area of e-health, and provide a privacy-preserving protocol for handling prescriptions in the Belgian healthcare system.
Last Change 2011-07-03 13:05:15
To provide an update on this entry, please click .

Contact: phds (at)

[ IACR home page ] [ IACR PhDs page ] © IACR