## Secure delegation of computation to the cloud

Cloud systems are becoming increasingly popular, yet security is a major hurdle to their adoption.
Craig has just solved an important problem in cryptography that has been open for 30 years:
a construction of fully homomorphic encryption (allowing us to compute any functions on encrypted data).
This is considered a potential breakthrough in cloud security because it allows delegation of computation to the cloud while maintaining privacy of data.
The meeting will be a discussion and brainstorming session about security problems and solutions for delegating computation to the cloud; bring your thoughts on this topic to the meeting!
We will also be discussing with Craig the implications of his scheme to systems (how practical is the scheme, can we run any program privately on the cloud, and so on) so bring any questions you have to the meeting!

**Reading:** the short description of homomorphic encryption below (if you are not familiar with it)
and Craig's CACM paper (a very nice writeup accessible to all CS audiences and based on his STOC 2009 paper).
Feel free to read the first two sections only, though the math is quite light.

** More information. ** Craig will give a lecture in Nickolai's class the same day so feel free to attend if you want to learn more about the actual protocol. It is from 11am-12:30am in 2-105 -- there is space for at most 10 people.

**Craig's biography. ** Craig Gentry is a research staff member in the Cryptography group at
IBM T.J. Watson Research Center. His research tends towards the
mathematical side of applied cryptography, both constructive (designing
efficient and highly-functional cryptosystems) and destructive
(cryptanalysis). He recently obtained his Ph.D. in computer science from Stanford, with
Dan Boneh as his advisor.

- It is an encryption scheme in which performing an operation on some ciphertexts corresponds to performing some other operation on the underlying plaintexts. For example, E[a] * E[b] = E[a+b] -- the multiplication of ciphertexts corresponds to the addition of plaintexts.
- We can express any functions in terms of additions and multiplications so a homomorphic encryption scheme that supports both these operations on the plaintext at the
*same* time allows us to compute any function on encrypted data;
in particular, an untrusted server can perform any computation on our private data without seeing it.