From%Mathematics%to%a%Secure% Digital%World
SHAFI&GOLDWASSER UC&Berkeley
“In$Math$We$Trust:$founda3on$of$the$crypto7economy” Shoucheng Zhang An#Eyewitness:#The#Surprising#Consequences of#Basic#Research
Major#advances#have#come#about# due#to basic#algorithmic#research. Triumphs)of)Basic)Cryptographic)Research Many-Stories-I-Could-Tell 1. Public)Key-Cryptography:-E)commerce-
1. Zero)Knowledge-Proofs:-from-Identity-Theft-to- privacy-and-accountability--in-block-chains
2. Multi)Party-Computations-:-computation-on- distributed-data-while-maintaining-privacy
1. Post)Quantum-Cryptography
2. Blockchains:-Crypto-Currencies,-auctions-without- the-middle-man Cryptography*Enables*E1Commerce Example(1
From(online(banking( services(to(E But(how(did(it(all(start?( Classical'Secret'Communication:'War'Time'Research' Example$1 Alice Bob Encrypted$(m)message$m Adversary Meet$in$advance$to$decide$on$a secret$key$ to$enable$sending$“secret”$messages. Public'Key+Cryptography,+1976 Example(1 Diffie (Berkeley)(and(Hellman( (Stanford)(invent(the(notion( of(publicCkey(cryptography Provide(blueprint(for(a(system(where( people(can(communicate(secretly(without( having(to(meet(to(exchange(a(secret(key.( Public'Key'Cryptography Example(1 A(public(“lock”,(used(by(anyone(to( lock(secret(messages And(a(secret(“key”, Known(only(to(Bob(unlock(them. The$RSA$Public$Key$Cryptosystem$1977 Example(1 RSA((Ron(Rivest,(Adi Shamir,(Len(Adleman,(at(MIT) Factoring:(find(the(prime(factors(of(a(number( Number Prime'factors? 35 =( Trivial:(5(*(7 Carl$Friedrich$Gauss$ 221 =( Quick:(13(*(17 “The(dignity'of'science' 562137 =( Long(time(for(some(humans itself'seems(to(require(that( every(possible(means(be( � 1000(digit( 1000(years(fastest(computer explored(for(the(solution(of( number�= a(problem(so(elegant.” The$RSA$Public$Key$Cryptosystem$1977 Example(1 RSA((Ron(Rivest,(Adi Shamir,(Len(Adleman,(at(MIT) Bob(selects( Secret(key=two(large(random(prime(numbers lock(=(the(product(of(the(primes( Security:(based(on(the(difficulty(of(factoring From%Military%Applications%to%Economic%Prosperity Example$1 RSA$cemented$the$transition$of$ internet$from$primarily$military$to$ primarily$commercial.$$ 1.3$billion$cer9ficate$status 1982 1994 2001 Richard(Feynman Peter(Shor( Algorithm(ona((real)( (Caltech) (MIT,(Bell(Labs) quantum(computer( factors(15(=(3(×5. Envisions(powerful( Invents(a(fast(factoring Most(Recently, quantum(computer(( algorithm(that(runs(on(a( (hypothetical)( 143=11x13 quantum(computer Quantum'Computers'Coming'of'Age? Example(2 In(2017,(Google,(Microsoft,(IBM(and(many(other( companies,(as(well(as(governments,(are(racing( toward(building(a(quantum(computer.(( NSA$and$NIST$have$started$planning$for$post6quantum$ cryptography So,$is$E(commerce$doomed? This$takes$the$CS$Theory$ world by$storm.$ 1996:$Mikolos Ajtai 1996(2018 (IBM$Research)$shows New$cryptographic$ an$entirely$new$form$of$ constructions$and$ cryptography,$ capabilities.$ using$geometry in$place$of$ All$are$quantum'resilient! number$theory What%Facilitates%this%is%a%Quantum%Reduc2on%to The%Learning%with%Errors%Problem%(LWE)%[Regev05] n • Let s be a secret vector in Zq • Given an arbitrary number of “noisy” equations in s, find s? ! Easy to work with ! As hard as classical question: approximating the size of the shortest vector in a worst-case n-dim integer lattice ! Post-Quantum: Best known algorithm (even quantum) time 2n Zero%Knowledge%Proofs%1985 Example"3 Alice Bob I"am"Alice Let"me"buy"! Prove"it"! Secret""Password Compare to Alice’s true password ✔ stored in database Bob$cannot$be$trusted Example"3 Bob"can"be"broken"into,"leaked"from,"have"Malicious"Insiders Alice Bob I"am"Alice Let"me"buy"! Prove"it"! Password Can"Alice"prove"to"Bob"she"knows"the"password" without"giving"it"? Passwords(=(Secret(Keys Example"3 Bob"can"be"broken"into,"leaked"from,"have"Malicious"Insiders Alice"N Bob I"am"Alice Let"me"buy"! Prove"it"! P"and"Q"s.t. N=PQ Can"Alice"prove"to"Bob"she"knows"P,"Q""without" giving"them Zero%Knowledge%Proofs Proofs&that&reveal¬hing&but&their&validity 1985&Goldwasser,&Micali (MIT)&and&Rackoff (Toronto) invent&zero&knowledge&proofs& Enables&access&authorizaFon&without&fear&Demonstrate&you&know&the&proof,&by&solving& randomly&generated&difficult&mathematical& challenges,&which&are&easy&if&you&know&the&proof.of&idenFty&theG Wide%Applicability%of%Zero%Knowledge%1985:today Once%again%basic%mathemaNcs%delivers%benefits%aPer%30%years% 1985%%Ultimate%Protection%from%Identity%Theft 2014%%Zero%Knowledge%and%Nuclear%Disarmament:%projects%at% Princeton%and%MIT 2016%%Zero%Cash,%crypto%currency%built%on%block%chains%which% protects%the%privacy%and%anonymity%of%transactions 2018%%Accountability%for%surveillance%orders%using%block%chains%and% zeroTknowledge% Fast%Forward%to%the%21st century Migration)of)computational)Power)and)Private/Critical)Data) Hjhfjfh jjjh jh jhjhj Hjhfjfh jjjh jh jhjhj Hjhfjfh jjjh jh jhjhj Hjhfjfh jjjh jh jhjhj Hjhfjfh jjjh jh jhjhj An%unprecedented%collection%of%private%data% held%by%third%parties Availability)of)Data)Can)Change)Everything • Machine(Learning(and(Data(Analytics:(( • Health:(disease(control(and(research • Predictions(for(financial(markets • Economic(growth(by(intelligent(consumer(targeting( • Traffic(rerouting • Smart(energy(usage • Vision(and(speech(recognition Big Data'Can'Change'Everything • Machine(Learning(and(Data(Analytics:(( • Health:(disease(control(and(research • Predictions(for(financial(markets • Economic(growth(by(intelligent(consumer(targeting( • Traffic(rerouting • Smart(energy(usage • Vision(and(speech(recognition •Requires(Sharing(data(sets • LARGE(cohorts(are(needed,(to(detect(small(effects,( emerging(trends • Need(to(collaborate(across(institutions( • why(not?(Privacy,(Regulations,(Competition,(Liability “Data%is%a%toxic%asset”% – Bruce%Schneier,%2016 Can$Math$and$Technology$Enable$Advancement$ without$relinquish$of$individual$privacy Yes Secure(Multi(–Party(Computation(MPC) Homomorphic Encryption(FHE) Searchable(Encryption((FE) Secure Data2 Yao82 Data1 Goldreich.Micali. Wigderson 86 Data3 Goldwasser.Micali. Rackoff 87 Data 5 Data4 Universal on&a&polynomial&Pi To&run&programs[BGW87]:&Ordinary&program&instructions&are&replaced by&adding/multiplying&interpolation&points&on&appropriate& Polynomials&&&&&&&&&&all&parties&hold&share&of&the&computation&result Deployment:+Electricity+markets Energy'trading'with'smart'meters • Handles'2500'bids'in'~5'min • Auction'run'every'30'min Source:(Abidin, Aly, Cleemput, and Mustafa, An MPC-based Privacy-Preserving Protocol for a Local Electricity Trading Market Automation):)avoiding)satellite)collisions Sources: Kamm and Willemson, Secure Floating-Point Arithmetic and Private Satellite Collision Analysis Sources: Hemenway, Lu, Ostrovsky, and Welser, High-precision Secure Computation of Satellite Collision Probabilities Public'good:'Wage'(dis)parity Public'good'(2):'education'outcomes Questions • Effect,of,work,on,graduation,rate? • Diff,between,CS,&,other,students? Data,size • 600k,education,records • 10m,tax,payment,records Performance • 384.5,hours,during,live,study • 5,hours,after,optimizations Source:(Bogdanov, Kamm, Kubo, Rebane, Sokk, and Talviste, Students and Taxes: a Privacy-Preserving Social Study Using Secure Computation