Invited Talks

1. Moti Yung (Columbia University and Snap Inc., USA)

Title: On Deploying Secure Computations Commercially


Technological innovations in security and privacy are critical to advancing modern computing in our time. On the other hand cryptography has been a good source of theoretical work and foundations work covering many potential applications as theoretical constructions.

In this talk I will present an actual industrial effort involving deployment of a cryptographic commercial applications designed and built as a "secure multi-party computation protocol for specific tasks," to be used repetitively to achieve a number of concrete ubiquitous business goals. In these applications, the outputs are calculated in the presence of privacy constraints which prevent parties from sharing their individual inputs directly and openly.

I will also discuss and reflect on what I think are the reasons for the inherent difficulty of developing such routines in general (for achieving business goals). In particular, I will survey what I believe to be the reasons that about 40 years since secure computation protocols was invented as a basic theoretical notion, capturing first specific, and then general computational tasks, and in spite of its theoretical and even more recent commendable experimentation success, the notion is considered a core part of theoretical computer science and has not yet been widely and seriously used in achieving routine relevant business goals. (This is in sharp contrast with symmetric key and public key cryptosystems and protocols, which were also proposed about 40 years ago and are used extensively, primarily to implement secure authenticated channels). I will cover some of the basic real life methodology taken to assure deployment of the technology.

2. Adam Smith (Pennsylvania State University, USA)

Title: Rigorous Foundations for Privacy in Statistical Databases


Consider an agency holding a large database of sensitive personal information -- medical records, census survey answers, web search records, or genetic data, for example. The agency would like to discover and publicly release global characteristics of the data (say, to inform policy or business decisions) while protecting the privacy of individuals' records. This problem is known variously as "statistical disclosure control", "privacy-preserving data mining" or "private data analysis".

I will begin by discussing what makes this problem difficult, and exhibit some of the nontrivial issues that plague simple attempts at anonymization and aggregation. Motivated by this, I will present differential privacy, a rigorous definition of privacy in statistical databases that has received significant attention. I'll explain some recent results on the design of differentially private algorithms, as well as the application of these ideas in contexts with no (previously) apparent connection to privacy.


Adam Smith is a professor of Computer Science and Engineering at Penn State. His research interests lie in data privacy and cryptography and their connections to information theory, statistical learning and quantum computing. He received his Ph.D. from MIT in 2004 and was subsequently a visiting scholar at the Weizmann Institute of Science and UCLA and a visiting professor at Boston University and Harvard. He received a 2009 Presidential Early Career Award for Scientists and Engineers (PECASE) and the 2016 Theory of Cryptography Test of Time Award (with Dwork, McSherry and Nissim).

3. Elena Andreeva (Katholieke Universiteit Leuven, Belgium)

Title: Authenticated Encryption and the CAESAR competition


Traditionally, the two main cryptographic goals of confidentiality and authenticity are realized by encryption and authentication schemes, respectively. For efficiency and practical reasons the efforts in symmetric cryptography in the recent years have been focused on designing dedicated algorithms for authenticated encryption (AE). The demand for AE schemes is also reflected in the ongoing CAESAR cryptographic competition aiming at developing a portfolio of secure and efficient, dedicated AE algorithms.

In this talk we will give an overview of the existing AE design methods, such as generic composition and dedicated approaches. We will cover the target AE security notions and further discuss a number of security vulnerabilities with their possible solutions. Next, we will get introduced to the CAESAR competition which is expected to run until 2017 and is at present in its third stage. We will then examine closely some of the third round CAESAR candidates and discuss their properties. Our talk will conclude with a discussion and comparisons of the candidates in this round of the competition.