Cryptographic Tools for Privacy Preservation

Data permeates every aspect of our daily life and it is the backbone of our digitalized society. Smartphones, smartwatches and many more smart devices measure, collect, modify and share data in what is known as the Internet of Things.Often, these devices don’t have enough computation power/storage space thus out-sourcing some aspects of the data management to the Cloud. Outsourcing computation/storage to a third party poses natural questions regarding the security and privacy of the shared sensitive data.Intuitively, Cryptography is a toolset of primitives/protocols of which security prop- erties are formally proven while Privacy typically captures additional social/legislative requirements that relate more to the concept of “trust” between people, “how” data is used and/or “who” has access to data. This thesis separates the concepts by introducing an abstract model that classifies data leaks into different types of breaches. Each class represents a specific requirement/goal related to cryptography, e.g. confidentiality or integrity, or related to privacy, e.g. liability, sensitive data management and more.The thesis contains cryptographic tools designed to provide privacy guarantees for different application scenarios. In more details, the thesis:(a) defines new encryption schemes that provide formal privacy guarantees such as theoretical privacy definitions like Differential Privacy (DP), or concrete privacy-oriented applications covered by existing regulations such as the European General Data Protection Regulation (GDPR);(b) proposes new tools and procedures for providing verifiable computation’s guarantees in concrete scenarios for post-quantum cryptography or generalisation of signature schemes;(c) proposes a methodology for utilising Machine Learning (ML) for analysing the effective security and privacy of a crypto-tool and, dually, proposes a secure primitive that allows computing specific ML algorithm in a privacy-preserving way;(d) provides an alternative protocol for secure communication between two parties, based on the idea of communicating in a periodically timed fashion

Globalization and E-Commerce III. The French Enviroment and Policy

According to most indicators, the use of the Internet and the development of e-commerce (over the Internet) in France are below the level that should be reached given the French level of development. This observation can be explained by the late adoption of digital technologies by the French. However, the French lateness is less important for professional uses than for domestic uses. France began to catch up with pioneering countries during 1999-2000, but the collapse Internet bubble reduced the pace of adoption. The French late adoption of digital technologies is partly the result of the strong involvement of France in the development of two pre-existing technologies: Minitel (principally dedicated to B2C) and EDI (dedicated to B2B). Both technologies provided the users with a sufficient level of service to support their business processes, but hindered their propensity to switch to new Internet-based technology. Consequently, most available indicators underestimate the actual level of e-commerce in France, especially the French business readiness to switching to Web-based commerce. The late adoption of technology was not the only inhibitor for e-commerce. In France\u27s recent economic history, decision makers focused for too long on other issues. France had to adapt its economy and its industry to a competitive and global environment. Since the State played a strong role in an economy that was not widely open to competition, a wide set of reforms took place between the mid-1980s and the late 1990s. However, this restructuring policy prepared France for the adoption of e-commerce. as France was transformed into a service economy. Most organizations became more flexible by externalizing non-core activities and by implementing modular principles of organization. French companies went international as well. This new business climate favored the adoption of e-business and e-commerce practice by the end of the 1990s. When macroeconomic and industrial restructurings were achieved, the French government launched a strong information society policy. Since 1998, the government furthered the deregulation of telecommunication services, reshaped the legal framework to adapt to digital technologies, promoted IT training and innovation, and developed e-government. These policies were both a component of and aligned with the year 2000 e-Europe initiative of the European Union (EU), which promoted the development of a strong digital economy. Specific support programs (in RD and development of content) were combined and an intensive effort for legislation and inter-member benchmarking occurred (to stimulate member states to align on the most advanced state), the Commission and the Council of the EU tried try to stimulate development of a dynamic digital industry in Europe, and to boost the adoption of digital technologies and the new-methods of work and business enabled by them. While the European and the French policies impacted the adoption of digital technologies and e-commerce development significantly, they were insufficient to really enable France to catch up. The bursting of the Internet bubble slowed the pace. Moreover, B2C e-commerce was inhibited by the efficiency of the French distribution system that serves at a low cost alternative to the Internet for most of the population. The existing installed base of EDI, especially in the automobile and distribution industries, inhibits B2B e-commerce over the Internet. Consequently, the French e-commerce path of development is unique since it relies less on the Internet than in many other countries. Despite these inhibitors, France is adopting digital technologies and related practices at a higher pace than the other European countries. Within France, e-commerce is quite different in the various regions and industries. The Paris area (one-fifth of the French population), the IT industry, the professional services and distribution industries, and large companies are as intensively digitized as most advanced countries, industries, and companies worldwide. H

Cryptographic Tools for Privacy Preservation and Verifiable Randomness

Our society revolves around communication. The Internet is the biggest, cheapest and fastest digital communication channel used nowadays.Due to the continuous increase of daily communication among people worldwide, more and more data might be stolen, misused or tampered.We require to protect our communications and data by achieving privacy\ua0and\ua0confidentiality.Despite the two terms, "privacy"\ua0and "confidentiality",are often used as synonymous, in cryptography they are modelled in very different ways.Intuitively, cryptography can be seen as a tool-box in which every scheme, protocol or primitive is a tool that can be used to solve specific problems and provide specific communication security guarantees such as confidentiality. Privacy is instead not easy to describe and capture since it often depends on "which" information is available, "how"\ua0are these data used and/or "who" has access to our data.This licentiate thesis raises research questions and proposes solutions related to: the possibility of defining encryption schemes that provide both strong security and privacy guarantees; the importance of designing cryptographic protocols that are compliant with real-life privacy-laws or regulations; and the necessity of defining a post-quantum mechanism to achieve the verifiability of randomness.In more details, the thesis achievements are:(a) defining a new class of encryption schemes, by weakening the correctness property, that achieves Differential Privacy (DP), i.e., a mathematically sound definition of privacy;(b) formalizing a security model for a subset of articles in the European General Data Protection Regulation (GDPR), designing and implementing a cryptographic protocol based on the proposed GDPR-oriented security model, and;(c) proposing a methodology to compile a post-quantum interactive protocol for proving the correct computation of a pseudorandom function into a non-interactive one, yielding a post-quantum mechanism for verifiable randomness