Functional Cryptography Crypto is your Friend Dr Vincenzo Iovino Research Associate SnT, University of Luxembourg ApSIA Vincenzo.Iovino@uni.lu FinTech R&D Innovation Conference January 19th 2016, Chambre de Commerce, Luxembourg

Protect Private Data Docs, Emails Payment Card Industry (PCI) Health Care The most important problem that cryptography faces is to protect private data belonging to individuals as well as to companies and governments. These include emails, data of the payment card industry, health care data, and many other sensitive information. According to the new EU data regulation, anyone who touches or has access to your data, wherever they are based, is responsible in the case of a DATA BREACH. Old cryptography (here personified by the black and white face of Diffie) provides a partial solution in case of data breach: if the data are encrypted an hacker can not gain any useful information from the stolen data. Notwithstanding, in the era of Internet TWO DOT ZERO traditional crypto is becoming a limitation.

Cloud Computing  To figure out the reason of such limitation, I will first present a short overview of an emerging paradigm of the Internet that is CLOUD COMPUTING. Nowadays many users, companies and governments are moving their data to the Cloud, and if you never heard about it be aware that if you own an android phone (like this) your contacts and emails are stored in the Cloud! In cloud computing a user sends his data to the server, also called the Cloud. Later another possibly different user can request to the Cloud to retrieve some data or perform some computation on the data stored in the Cloud. If such user is authorized the Cloud returns the requested document or the result of the computation to the user. In a Secure Cloud System a malicious user should not be able to leak any information that is not entitled to access. We are not interested only in preventing an external attacker to leak information but we also want that internal users do not leak too much information: for instance, if the previous user is authorized to retrieve all emails with subject FinTech, he should not be able to retrieve emails with different subjects. Moreover in this model the CLOUD is not trusted; in fact the CLOUD is usually third-party service, like google or yahoo, to which individual, companies or governements delegated their data and the Cloud has NOT to leak too much information. It is not exaggeration to expect that in the near future a lot of sensitive information will be outsourced to the Cloud, and recently the City of Los Angeles announced plans to outsource all their data to Gooogle, the major cloud service. City of LA plans outsourcing all data to Google

FE: a new paradigm Pk SK TokFinTech If data are encrypted how to access encrypted data? g. PCI Standards Idea: Need token to access data, e.g., MS Word files Pk TokFinTech SK Traditional crypto is not suitable for cloud computing. In fact, If data are encrypted with a standard Public-key Encryption scheme how to access encrypted data? Consider a scenario where an user first uploads to the Cloud his MS WORD documents where any file is encrypted with a traditional PKE scheme. Later the user wants to download only the documents containing the word FINTECH. But, being the data encrypted, the Cloud can not know which file has to return to the user. To allow the Cloud to access and compute over encrypted data the idea is to create a different TOKEN for any operation we want to support and hand this token to the Cloud. Using the PK of the system the User Gabriele encrypts his MS word files and send them to the Cloud. Later the User Vincenzo is given a Token for the tag FinTech and send it to the server who uses this token to SELECTIVELY DECRYPT only the encrypted documents containing the tag FINTECH, and thus can return to Vincenzo the results in the clear. Both Vincenzo and the server will only acquire information regarding documents containing the word FINTECH but no other information on any other files of Gabriele will be leaked.

Functional Encryption PK PK MSK Token(f) f(m) f Token(f) Enc(m) In more detail the setting of FE is the following. There is a CA who sets-up a PK and a MSK. The PK is sent to Bob. Ant any point Alice can send a function f to the CA who returns her the Token for f. Later Bob holds a message m, encrypts it and sends it to Alice. Now Alice holds the token for f, the encryption of m, and can combine them to compute f(m), the evaluation of the function f on the message m. And the security should guarantee that this be the only information that Alice can compute. m m f(m))

Why Functional Encryption? Best possible privacy: ? OR Fintech Dept. Salary > 10K Information leakage: employees in FinTech Dept. or with Salary > 10K but nothing else (e.g. the age, or exact amount of salary) Why Functional Encryption? Consider a company that outsourced to a Cloud server all the data of its employees in encrypted form, and let us assume that the head of the company wants to retrieve the data for all employees satisfying the following condition: Either the Employee is in the FinTech Department or His/her salary is >10KEURO. With traditional crypto the server is not able to answer such query unless you hand it the secret-key but in this case the server would be allowed it to decrypt everything. Instead, by using FE you hand the server only the token for this particular function. Not even the admin of server leak information!

Reconciling Privacy with business: Benefits ? Reconciling Privacy with business: Cloud services make bu$in€$$ with data: e.g., Google shows personalized ads based on your emails CRYPTO IS YOUR FRIEND Privacy clashes with business: If email were encrypted, Google could not compute ads FE and Functional Cryptography turn out to have a nice economic twist. Cloud providers like Google make business with your data: for instance by showing personalized advertisments based on emails in your inbox. In the world of traditional crypto privacy clashes with business: if emails are encrypted Google can not compute advertisements! FE allows to reconcile Privacy with Business and to solve this conflict: emails can be encrypted with FE and users can give Google the token to compute the advertisements. From the point of view of Google nothing changed: Google can still display advertisements as before But now the users have Privacy! In one take-away sentence: CRYPTO IS YOUR FRIEND FE resolves the conflict: email can be encrypted and users give Google the token to compute ads

Function Privacy (Arriaga et al. ‘16) Deniability (Iovino et al. ‘16) Future directions? Constructions of FE targeted towards real-world solutions and business Function Privacy (Arriaga et al. ‘16) A lot of theoretical research has been accomplished in recent years but few has been done to construct FE schemes targeted for real-world problems and in particular for BUSINESS, and there are a lot of ongoing works and future research directions.. Functional Cryptography offers new opportunities to find, fund, and found a new solid business Deniability (Iovino et al. ‘16) RAM programs Efficiency Multi-Inputs Mergeable Controlled HomFE …???

The speaker thanks the Fonds National de la Recherche (Luxembourg) to fund his research

for questions contact: iovino.vincenzo@uni.lu We hope you find, in either part, enjoyment, some inspiration, and even possibly an interest in investment. I’ll now yield the floor to Prof. Etalle. [Intro to Prof Etalle]