Log in

No account? Create an account
Three days, three crypto talks - Arvind Narayanan's journal [entries|archive|friends|userinfo]

Three days, three crypto talks [Apr. 4th, 2007|12:53 am]
Arvind Narayanan
[Tags|, , ]
[Current Mood |thoughtfulenlightened]

Within the last 3-4 days, Hovav Shacham, Anna Lysyanskaya and Brent Waters all visited UT. Which is quite weird considering that that's about the number of cryptographers that visit UT in the average year!

Hovav split his job talk 40-20 between buffer overflows and ring signatures. Which I thought was a risky strategy, but it seemed to work well. The main push in the second part was that bilinear maps let you do things you otherwise couldn't.

Anna's talk was very interesting because of a neat trick she used to present ecash protocols in a digestible form: she described all the constructions (and some proof sketches, IIRC) in terms of black-box primitives like two-party secure computation and zero-knowledge proofs, without talking about how they were going to be instantiated. Initially, I was very confused about what she was doing and asked "are you saying you're going to use generic SFE to achieve this?" But then BAM, it hit me. Since the algebraic details only affected the efficiency and not the correctness, it is entirely possible to divorce the two aspects. So she was going to describe the higher-level protocol assuming idealized primitives once that was done, talk about how the primitives can be instantiated in this specific context. Neat. I think more speakers should use this presentational technique. Any thoughts?

Brent talked about attribute based encryption. He covered a lot of material but still finished in less than an hour. I should learn how to do that. I think I better understand the relationship between identity based and attribute based encryption after this talk.

If there was one common thread that united these talks, it was that if you can do algebra in the exponent, then you can enforce policy in offline computation. This seems especially easy with bilinear maps, and more than one of the speakers was very upbeat about this fact. I should learn this stuff better.

This week is supposed to be my break from research, and I'm not supposed to be writing about crypto. But then talk schedules are not under my control :)

From: (Anonymous)
2007-04-04 06:54 am (UTC)
So UT is trying to hire another cryptographer? Was Brent's talk also a job talk?

Vipul Goyal
(Reply) (Thread)
[User Picture]From: arvindn
2007-04-04 07:05 am (UTC)
Actually we're not. Only Hovav's was a job talk, and he's a security candidate.

Incidentally, we don't currently have a cryptographer (a shame).
(Reply) (Parent) (Thread)
[User Picture]From: ephermata
2007-04-05 04:21 am (UTC)
With respect to the technique of presenting everything in terms of generic protocols, it's great if you have enough time. The issue is that if all you end up presenting is the generic approach, then you miss out on the opportunity to explain the insight you had that let you get to a reasonably efficient protocol. I have seen that approach, though, in a couple of other places. If you know your audience is familiar with MPC, then it's probably the way to go.
(Reply) (Thread)