Fully Homomorphic Encryption; Bi-Deniable Encryption; We Have The Technology, Now Where Next?
11Fully Homomorphic Encryption over the Integers Vinod Vaikuntanathan, Microsoft Research We construct a simple fully homomorphic encryption scheme, using only elementary modular arithmetic. The security of our scheme relies on the hardness of the approximate integer greatest common divisors (gcd) problem -- namely, given a list of integers that are 'near-multiples' of a hidden integer, output that hidden integer. Joint work with Marten van Dijk, Craig Gentry, and Shai Halevi. Bi-Deniable Encryption Chris Peikert, Georgia Tech A *deniable* encryption scheme allows a sender and/or receiver, having already performed some encrypted communication, to produce `fake' but legitimate-looking encryption coins and/or decryption keys that make the ciphertext appear as an encryption of some message other than the `true' one. Deniability is a powerful notion for both theory and practice: apart from its inherent utility for resisting coercion, a deniable scheme is also *noncommitting* (an important property for constructing adaptively secure protocols), and secure under selective-opening attacks. To date, however, known constructions have achieved only limited forms of deniability, requiring at least one party to remain uncoerced, and in some cases using an interactive protocol. Our main result is a *bideniable* public-key cryptosystem, i.e., one in which both the sender and receiver can simultaneously equivocate; we stress that the scheme is noninteractive and involves no external parties. The construction is based on the (worst-case) hardness of lattice problems. This is joint work with Adam O'Neill at Georgia Tech. We Have The Technology, Now Where Next? David Molnar, MSR What will it take to convince people that cryptography makes the cloud safe? How might our favourite cryptographic constructions work together with systems moving to the cloud? I will describe examples where existing policies blocked movement of data or computation to the cloud. I will then discuss trends in cloud audit approaches and in document labeling that may be complementary to the use of cloud cryptography. Finally I will talk about what is required today for storing highly sensitive data on premises in a large company.