Graph Encryption: Going Beyond Encrypted Keyword Search

This is a guest post by Xianrui Meng from Boston University about a paper he presented at CCS 2015, written in collaboration with Kobbi Nissim, George Kollios and myself. Note that Xianrui is on the job market. Encrypted search has attracted a lot of attention from practitioners and researchers in academia and industry. In previous posts, Seny already described different ways one can search on encrypted data. Here, I would like to discuss search on encrypted graph databases which are gaining a lot of popularity.

Read more

Attacking Encrypted Database Systems

Muhammad Naveed, Charles Wright and I recently posted a paper that describes inference attacks on encrypted database (EDB) systems like CryptDB, Cipherbase, Google’s Encrypted BigQuery demo and Microsoft SQL Server 2016 Always Encrypted. These systems are based on property-preserving encryption (PPE) schemes which are a class of encryptions schemes that leak certain properties of their plaintexts. Examples include deterministic encryption (DTE) and order-preserving encryption (OPE). The paper is here and will be presented in October at the ACM Conference on Computer and Communication Security.

Read more

Workshop on Encryption for Secure Search and Other Algorithms

I just got back from the Workshop on Encryption for Secure Search and other Algorithms (ESSA) which was held in Bertinoro, Italy, and was organized by Sasha Boldyreva and Bogdan Warinschi. It was a great event and I’d like to thank the organizers for putting this together and doing such a great job. It was really nice to see all the excitement and enthusiasm behind this topic; both from the research community and from industry.

Read more

Applied Crypto Highlights: Searchable Encryption with Ranked Results

This is the second in a series of guest posts highlighting new research in applied cryptography. This post is written by Foteini Baldimtsi who is a postdoc at Boston University and Olya Ohrimenko who is a postdoc at Microsoft Research. Note that Olya is on the job market this year. Modern cloud services let their users outsource data as well as request computations on it. Due to potentially sensitive content of users’ data and distrust in cloud services, it is natural for users to outsource their data encrypted.

Read more

Applied Crypto Highlights: Restricted Oblivious RAMs and Hidden Volume Encryption

This is the first in a series of guest posts highlighting new research in applied cryptography. This post is written by Travis Mayberry from Northeastern University. Note that Travis is graduating this year and will be on the job market. ORAM Background Oblivious RAM is a very hot research topic right now. As Seny has written about here, it can be used to perform searches over outsourced encrypted data while maintaining the highest possible levels of security against a malicious storage provider.

Read more

Thoughts on Applied Cryptography Research

If you follow me on Twitter you have no doubt heard my occasional outbursts and rants on what I perceive to be biases in the current publication model in cryptography. In short, I think that top cryptography conferences are heavily biased against certain areas of cryptography and for others. Some of the areas that I think have a much harder time getting into top-tier crypto conferences include Applied Cryptography. I don’ t think this is particularly controversial and, from what I hear, CRYPTO has even tried to rectify this recently (e.g., by accepting some applied MPC papers).

Read more

Workshop on Surveillance and Technology

This is an announcement for a workshop that I am organizing in conjunction with the Privacy Enhancing Technologies Symposium (PETS). Due to the Snowden disclosures, mass surveillance has become one of the most highly-discussed and controversial issues in politics, policy, technology and international affairs. Modern surveillance, however, relies heavily on technology and, therefore, our community has a unique role to play in not only understanding surveillance but in mitigating it when excessive and restraining/limiting it when appropriate.

Read more

Microsoft Research Internships

One of the best things about working at MSR is the internship program. For a sense of what an MSR internship is like, I recommend this essay by Philip Guo. In this post, I want to personally reflect on the MSR internship program and provide some context about how things have worked for me in the past. Let me stress that this reflects only my personal experience and may not be representative of other MSR researchers’ experiences.

Read more

How Not to Learn Cryptography

People often ask me how to get started in cryptography. What’s interesting is that most of the time they also want to know how I personally got started. This is interesting to me because it suggests that people are looking for more than a list of books or papers to read or set of exercises to solve; they’re really looking for a broader strategy on how to learn the subject. In this post I’ll discuss some possible strategies.

Read more

Microsoft Research SVC and Applied Theory

Most people have heard by now about the closing of the Microsoft Research Silicon Valley Campus (SVC) Lab. It definitely came as a shock to everyone (including other MSR researchers) and many people have commented online about what the lab meant to them and about all the great research that came out of it. There is something else about MSR SVC, however, that I have always appreciated besides it’s great contributions in distributed systems and privacy.

Read more