April 4th, 2007


Three days, three crypto talks

Within the last 3-4 days, Hovav Shacham, Anna Lysyanskaya and Brent Waters all visited UT. Which is quite weird considering that that's about the number of cryptographers that visit UT in the average year!

Hovav split his job talk 40-20 between buffer overflows and ring signatures. Which I thought was a risky strategy, but it seemed to work well. The main push in the second part was that bilinear maps let you do things you otherwise couldn't.

Anna's talk was very interesting because of a neat trick she used to present ecash protocols in a digestible form: she described all the constructions (and some proof sketches, IIRC) in terms of black-box primitives like two-party secure computation and zero-knowledge proofs, without talking about how they were going to be instantiated. Initially, I was very confused about what she was doing and asked "are you saying you're going to use generic SFE to achieve this?" But then BAM, it hit me. Since the algebraic details only affected the efficiency and not the correctness, it is entirely possible to divorce the two aspects. So she was going to describe the higher-level protocol assuming idealized primitives once that was done, talk about how the primitives can be instantiated in this specific context. Neat. I think more speakers should use this presentational technique. Any thoughts?

Brent talked about attribute based encryption. He covered a lot of material but still finished in less than an hour. I should learn how to do that. I think I better understand the relationship between identity based and attribute based encryption after this talk.

If there was one common thread that united these talks, it was that if you can do algebra in the exponent, then you can enforce policy in offline computation. This seems especially easy with bilinear maps, and more than one of the speakers was very upbeat about this fact. I should learn this stuff better.

This week is supposed to be my break from research, and I'm not supposed to be writing about crypto. But then talk schedules are not under my control :)