Cryptography, applied

Many organizations and individuals rely on the cloud to store their data and process their analytical queries. But such data may contain sensitive information. Not only do users want to conceal their data on a cloud, they may also want to hide analytical queries over their data, results of such queries, and data access patterns from a cloud service provider (that may be compromised either from within or by a third party).

Computing on sensitive data is a standing challenge central to several modern-world applications. Secure Function Evaluation (SFE) allows mistrusting parties to jointly compute an arbitrary function on their private inputs without revealing anything but the result. The GC@Scale project focuses on novel scalable methods for addressing SFE, which directly translate to stronger cryptography and security for myriads of tasks with sensitive data.

Succinct non-interactive proofs are a powerful cryptographic building block with many promising applications in secure cloud outsourcing and in domains such as Internet of Things, medical, and financial applications where computation over privacy sensitive data is desired. Existing implementations of succinct proofs all rely on a trusted setup phase, commonly known as preprocessing. This preprocessing phase can be problematic since the system loses all security guarantees if the secret trapdoor generated during preprocessing is compromised.

Blockciphers are the basic building block of shared-key cryptography. However, for certain important cryptographic goals, like building encryption schemes, the interface presented by blockciphers is limiting. A more modern primitive, the tweakable blockcipher (TBC), is often a better fit. Like a blockcipher, a TBC takes as input a secret key, a block of data and the tweak which is an additional input which provides variability to the TBC's input-output behavior without having to change the secret key.

Smart phones have permeated all facets of our lives facilitating daily activities from shopping to social interactions. Mobile devices collect sensitive information about our behavior via various sensors. Operating systems (OS)enforce strict isolation between apps to protect data and complex permission management. Yet, apps get free access to hardware including CPU and caches. Access to shared hardware resources result in information leakage across apps. Microarchitectural attacks have already proven to succeed in stealing information on PC and even on virtualized cloud servers.