Cryptography provides essential tools to achieve information security and privacy of digital data. In this two-part lecture series, we aim to introduce the basics of symmetric and public-key encryption schemes, hash functions, message authentication codes, and digital signatures. We do not assume any prior background in cryptography.

Recently countries including European Union have laid down stringent regulations on privacy intrusions and violations, the notable being the European Union - General Data Protection Regulation (EU-GDPR). The Data Protection Bill also is being discussed in the parliament and expert committees in India for the past 3 years. This session will illustrate the basic principles of such regulation, and their impact on natural persons and data fiduciaries. The talk will also highlight through examples how different associated laws such as Information Technology Act intends to protect privacy of the data subjects.

Privacy is often associated with security. Though privacy breaches do happen due to insecure infrastructure, there are numerous other dimensions of privacy. We will illustrate through examples various aspects of privacy including aggregation, secondary use and appropriation.

Secure Multiparty Computation (MPC) is a fundamental problem in secure distributed computing. In a nutshell, an MPC protocol allows a set of mutually distrusting parties to securely perform any computation on their private inputs, without revealing their inputs. We will discuss some of the fundamental results in this area.

Homomorphic encryption (HE) which allows operations directly on the encrypted data provides an effective primitive to perform arbitrary operations on encrypted data. However, for developing suitable tools to execute algorithms operating on HE data on general purpose computers, one also needs to architect suitable translations of algorithms operating on unencrypted data to those which operate on FHE encrypted data. Further, HE schemes are by design circuit-based and are not amenable to a non-circuit computation. However, classic algorithms are mostly non-circuit based, implying that they are not described in terms of logical gate level operators, like AND-OR multiplexers. Moreover, these schemes are mostly associated with some noise handling techniques, that contributes to huge increase of overall timing and memory overhead. With all these challenges and with a special mention to few prominent applications in cloud server, like encrypted database processing, privacy preserving HE supported ML, we shall analyze the adaptability of HE schemes in real world algorithms.

India Urban Data Exchange (IUDX) is an open source data exchange platform, built and conceptualized together by Smart Cities Mission and IISc, with a vision to enable efficient, controlled and secure any-to-any exchange of all forms of public and privately owned non-personal data. Data security and privacy are key to the success of any data exchange which is designed to enable sharing of data between authorized parties. While base-level security is already built-in, there are new and exciting security and privacy technologies that we are currently exploring to be a part of the data exchange platform. In particular, we will talk about two key technologies, namely Differential Privacy and Secure Multi-party Compute, that we are working on bringing into IUDX platform. Differential privacy describes a promise, made by a data holder, or curator, to a data subject: “You will not be affected, adversely or otherwise, by allowing your data to be used in any study or analysis, no matter what other studies, data sets, or information sources, are available". With differential privacy, statements about privacy risk are proved mathematically--rather than supported heuristically or empirically. Inferring information specific to an individual from the outcome of a differentially private release is extremely hard, including whether the individual’s information was used at all. Secure multi-party computation (SMPC) is a subfield of cryptography that allows multiple parties to jointly compute a function over their inputs while keeping those inputs private (without the need of a trusted third party). SMPC avoids a single point of failure by having multiple parties operate on secret shares of the data, and provides protocols for protection against adversaries with varied capabilities. In this talk, we will present the basics of the IUDX platform followed by a discussion on different states of data and the privacy and security goals for each state. We will introduce the basic concepts of Differential Privacy and Secure MPC. The key focus of our talk will be to discuss various system issues that we face with the adoption of these technologies into IUDX or in any data-exchange in general. We will also present our understanding of how these technologies can be adopted in the near to medium term future.

MOSIP (Modular Open Source Identity Platform) is a robust, scalable, and inclusive foundational identity platform. It helps Governments and other user organizations implement a digital, foundational identity system cost-effectively. Being modular in its architecture, MOSIP provides flexibility to countries in how they implement and configure their systems, and helps avoid vendor lock-in. We would be discussing MOSIP's learnings from different country-specific requirements (due to a country's governance guidelines and identity schemes), which has allowed MOSIP to become more modular and configurable without compromising its core privacy principles.