Talk 1: Designing Secure Cryptographic Systems: Journey from Theory to Practice
Abstract: The study of cryptography is aimed at keeping information secure in an increasingly digitized world. Modern cryptography uses theoretical frameworks to prove the security of cryptographic primitives against precisely modeled attacks. However, translating cryptographic primitives from provably secure algorithms into secure deployable systems remains a massive challenge. In particular, existing theoretical models do not account for potential weaknesses inherent to practical cryptographic implementations. Hence, provable security guarantees often collapse in the face of attacks that exploit implementation-level weaknesses to devastating effect. This leads to major challenges in the space of cybersecurity applications reliant on cryptographic guarantees for confidentiality and authenticity of data.
In this talk, I will give an overview of the journey of the cryptographic community so far in attempting to bridge the wonderfully multi-faceted aspects of cryptography, with the aim of designing, analyzing and securely implementing cryptographic solutions to real-world problems while relying on as minimal a set of assumptions as possible. In the process, I will provide a holistic overview of historical and recent progress in cryptographic research and development spanning theoretical cryptographic foundations, applied cryptography and secure cryptographic implementations, with some references to my own research experiences while conducting research spanning all of these areas.
The content of the talk should be accessible to any general audience of CS/ECE/EE undergrads, postgrads, researchers, academicians, and industry professionals interested in cybersecurity and/or cryptography. No prior background in cryptography will be assumed.
Talk 2: Quantum-safe Cryptography: Cybersecurity Challenges and Opportunities in the Quantum Era
Abstract: The Digital India initiative has established India as a leader in digitalizing governance and services. Two of the biggest cybersecurity threats that Digital India needs to be address are – (a) preventing quantum attacks, and (b) ensuring privacy of sensitive end-user data. Given that the widely deployed public-key cryptographic infrastructure today is completely broken by advanced quantum computers, the need of the hour is to design, analyze, and eventually standardize and adopt plausibly quantum-safe cryptographic alternatives for the new quantum era. It is also important to identify how to then use such quantum-safe cryptographic technology to efficiently protect the privacy and integrity of the data of millions of end users when stored on potentially untrusted third-party cloud servers. In particular, such databases with sensitive information should remain encrypted not only when at rest and in transit, but also when being computed upon. In particular, these are extremely relevant challenges to tackle in view of Indian government’s adoption of quantum-safe cryptography as part of the national cybersecurity strategy
In this talk, I will provide the audience with an introduction to the threats posed to modern public-key cryptographic infrastructure (e.g., public-key encryption and digital signatures that extensively underlie all secure and authenticated digital computation, communication and storage infrastructure) by the latest advances in quantum computing capabilities. I will then provide an overview of the latest advances in quantum-safe cryptography -- a class of cryptographic schemes that are plausibly resistant to quantum attackers, and the recent standardization efforts by the National Institute of Standards of Technology (NIST) for quantum-safe cryptography. I will discuss the challenges involved in adopting such quantum-safe cryptographic technology into current cybersecurity ecosystems globally, with a special focus on the digital India stack and the Indian cybersecurity ecosystem.
I will then provide an overview of the state-of-the-art in leveraging such quantum-safe cryptographic technology to design practically efficient and scalable database encryption systems that allow computing directly over encrypted databases without decrypting them. Such "homomorphic" computing technologies enable privacy-preserving computation over encrypted databases, and the talk will explore a wide class of examples of this technology with varying tradeoffs between security, efficiency and functional capabilities.
The content of the talk should be accessible to any general audience of CS/ECE/EE undergrads, postgrads, researchers, academicians, and industry professionals. No background in cryptography will be assumed. Some basic familiarity with blockchain is likely to be useful, though not mandatory.
Talk 3: Zero-Knowledge Proofs in Practice: Demystifying Blockchain Rollups
Abstract: How does one convince you that a Sudoku puzzle is solvable without revealing the solution itself? Can someone convince you that they own a bitcoin without revealing the actual bitcoin? Sounds impossible? Zero-knowledge proof (ZKP) is a revolutionary cryptographic technique that enables the seemingly impossible, such as the above.
In a more real-world setting, ZKP allows a cloud server to convince its clients about the correctness of an expensive computation, while making minimal demands on the clients’ storage and compute capabilities. It turns out that this capability is what makes ZKP the “secret sauce” behind one of the trendiest buzzwords in the blockchain world - the “rollups”.
In this tutorial-style talk, I will walk the audience through an interactive and (hopefully) fun hands-on exercise of building a demo rollup on a toy Ethereum network (with “fake” Ether as the cryptocurrency). The entire talk will use a gamut of open-source tools for emulating a blockchain network (e.g., Ganache), interacting with the blockchain network (e.g., Truffle), and generating, verifying, deploying ZKPs in smart contracts (using Circom and SnarkJS). I will combine these tools to achieve the end-goal of implementing a prototype rollup system that illustrates the core challenges behind popular layer-2 offerings from Polygon, zkSync etc. I will conclude by foreshadowing an alternative approach (based on recent research work) to designing rollups that extends the ideas in the tutorial, and is plausibly more scalable in certain settings. In addition to the above interactive exercise, I will also provide the necessary background on blockchain rollups and ZKPs.
The content of the talk should be accessible to any general audience of CS/ECE/EE undergrads, postgrads, researchers, academicians, and industry professionals. No background in cryptography will be assumed. Some basic familiarity with database technologies is likely to be useful, though not mandatory.
Qualifications: Ph.D., Indian Institute of Technology (IIT) Kharagpur, 2019
Affiliation: IBM Research India, Bengaluru, India
Position: Staff Research Scientist
Email: [email protected]