Recent computing and technological advances such as the ubiquity of high-speed network access and the proliferation of mobile devices have had a profound impact on our society, our lives and our behavior. In the past decade, we have seen a substantial shift towards a digital and paperless society, where individuals generate huge amounts of sensitive data: financial, medical records as well as personal information exchanged over email and social networks.

In this workshop, we will explore the latest advances in cryptography that allow individuals and organizations to share and collaboratively compute on these sensitive data while preserving the privacy of the data to the largest extent possible. The workshop covers two main topics:

Computing on encrypted data and programs: from attribute-based and functional encryption to software obfuscation

Secure multi-party computation: fully homomorphic encryption, function secret-sharing, pseudorandom correlation generators

Topic 1. Attributed-based and functional encryption is an emerging paradigm for public-key encryption that enables both fine-grained access control and selective computation on encrypted data, as is necessary to protect big, complex data in the cloud. Together, they enable searches on encrypted travel records and surveillance video as well as medical studies on encrypted medical records in a privacypreserving manner; we can give out restricted secret keys that reveal only the outcome of specific searches and tests. These mechanisms allow us to maintain public safety without compromising on civil liberties, and to facilitate medical break-throughs without compromising on individual privacy. The workshop will cover 3 related notions: (i) attribute-based encryption (ABE), which enables fine-grained access control to encrypted data, so that only individuals satisfying a certain policy can decrypt and access the data, (ii) functional encryption, which enables selective computation on encrypted data, where a secret key enables a user to learn a specific function of the encrypted data and nothing else, and (iii) program obfuscation, where we make the leap from encrypting data to encryption software programs.

Topic 2. In secure multi-party computation, a group of mutually distrusting parties wants to compute a function defined jointly over their respective private inputs, while preserving privacy of the data to the largest extent possible. Research in this area started in the 1980s mostly as a question of theoretical interest. However, in the past decade, we have seen increased deployment of secure multi-party computation. One example is collaboration amongst different business entities performing joint computation on private data, e.g. between Google and payment processing companies to measure adclicks-to-sales conversion rates. Another is cryptographic operations on ryptographic keys distributed across multiple devices to prevent a single point of failure. A third is manufacturers of hardware devices and software applications collecting aggregate statistics about how their products perform in practice.

Secure multi-party computation has grown into a very broad area of research within cryptography, and in the workshop, we will focus on three new tools developed in the context of secure computation: (i) fully homomorphic encryption, which allows us to compute on encrypted data without knowing a key, (ii) function secret sharing, which allows two servers to carry out private computation with very small communication, and (iii) pseudorandom correlation generators, a new technique for speeding up secure computation with a fast pre-processing phase.

Common Themes. In the past few years, we have seen tremendous research progress on both of these topics, as well as substantial interest in the industry (including Google, NTT as well as several start-ups) in deploying many of these new cryptographic technologies. There is also significant overlap and synergy between the two topics at the technical and conceptual level, including the use of lattice-based cryptography as well as homomorphic computation over matrices (most notably, a duality between attribute-based encryption and fully homomorphic encryption), garbling techniques as well as compressing computation to achieve sublinear communication.