Thursday, November 19, 2015

Putting theory into practice (a.k.a. AvonCrypt)

Bristol suspension bridge: we had a very nice
view of it from the window of the workshop's room!
Only one week after my PhD had started, I went to my first workshop: Future Directions in Computing on Encrypted Data or, to be more concise, AvonCrypt. The latter follows the trend of using "crypt" as a suffix to indicate an event in cryptology, with the prefix being a word that indicates a region. In this case, Avon is the name of the river of Bristol or the old name of the county where Bristol was. Guess what, the workshop took place in Bristol!

The title is very descriptive: "Computing on Encrypted Data" was the main topic. This is related to a number of notions and tools in cryptography such as Multi-Party Computation (MPC), Fully Homomorphic Encryption (FHE) and Searchable Symmetric Encryption (SSE), each of which was well explained in an introductory talk. However, those talks were just the beginning. The first time I read "future directions", I thought they were new aspects that research should explore in the future but, while the workshop was going on, another possible interpretation arose: they consisted of innovative ways in which the existing knowledge could be deployed to produce real-world commercial products. In this sense, AvonCrypt gave tons of directions!

Commercial applications
A major part of the talks dealt with companies and startups using concepts from cryptography in their commercial products. SAP showed a business case in the area of Internet of Things, in which data from and to the sensors were encrypted. Private Machines presented its solutions for cloud security allowing users to store, share and search encrypted data in its cloud platform. Sepior, a spin-off of Partisia, showed a system regarding secure key management for cloud services. Partisia itself proposed some ideas based on MPC for several economic scenarios. Dyadic presented a number of tools ranging from secure key exchange to database protection and virtualisation of Hardware Security Module (HSM). Finally Sharemind, a trademark of Cybernetica, presented an infrastructure for secure cloud computing allowing statistical analysis on encrypted data.

Reasons and rationale
An overview of the reasons why the above mentioned technologies are more and more needed was provided. The crucial problem is privacy: for which purposes can our personal data be used without threatening our privacy? A DARPA project called Brandeis (named after a visionary person who raised the problem of privacy in...1890!) is trying to face the problem of online privacy. One of the most interesting ideas was related to human-data interaction (yes, there are analogies between it and human-computer interaction): basically each person should be able to decide the level of privacy he/she cares about. All such decisions form a privacy profile setting a personal threshold for personal data usability. Legal aspects on the subject were treated too, in particular the RIPA 3 was mentioned. Essentially, it gives UK authorities powers to order the disclosure of encryption keys (!!!).

At the end of the workshop, I was really impressed by all these different stories of cryptographic tools put into practice: it was my first experience of such a commercial side of cryptography. I would like to end this post with a challenge to all ECRYPT-NET fellows, inspired by the words of Radu Sion during the panel session. I strongly believe in fundamental research, but in the next three years, when you find yourself in the position of having invented or created something, ask yourself if that something can be turned into a commercial product, which I think is much harder than just a practical prototype. It could raise problems about applicability and scalability of our research we wouldn't have faced otherwise.

Just as a final side note: as usual, these kind of events are also a wonderful opportunity to meet new people, to see old friends and colleagues and to share ideas. For this reason, I leave you with a photo of the four fellows who attended AvonCrypt!

(Special thanks to Ralph, Marie-Sarah and Eduardo for their useful corrections and comments)

No comments:

Post a Comment