NIST logo

Meeting on Privacy-Enhancing Cryptography


"Working with encrypted data without decrypting"

We have long known that encryption has some amazing properties. Those of us who don't think in terms of mathematical formulas often think of encryption as "putting a message in a secure vault, or a tamper-proof envelope, or some other such physical model". These analogies are useful, but they hide some of the magic powers of encryption. For example, it would be hard to see how we could prove to others that we know the contents of the "vault" without opening it for them and revealing at least some of the contents. Yet encryption does allow us to do this. These so-called zero-knowledge proofs of knowledge are at the core of many practical applications. There is much more magic that we haven't yet fully exploited.

NSTIC (the National Strategy for Trusted Identities in Cyberspace) views a digital identity as a set of encrypted attributes. An individual protects his or her privacy in transactions by proving statements (e.g. "I am eligible to vote in Maryland") about these attributes without disclosing the set of attributes itself. This functionality is sometimes called "selective disclosure", and its value in enhancing privacy is readily apparent. Are there other cryptographic techniques that can protect privacy in the digital era?

In a recent application, over a thousand Danish traders needed to compute the market-clearing price (the price per unit at which total supply equals total demand) of sugar beet. However, the traders were not willing to disclose their supply and demand curves. Instead, they provided their bids in encrypted form and were able to compute the clearing price without ever disclosing the actual bids.

It is believed that having the ability to measure household consumption of electricity every 15 minutes or so would allow a more efficient routing of power across the national grid. Some, however, point out that deploying such a system could lead to serious violations of consumer privacy. The fact that per-household readings are transmitted in encrypted form does not fully solve the problem, as decryption is needed in real time for optimal routing. Or is it? Actually, it would be sufficient to monitor the power consumption at, say, the neighborhood level. Cryptographers know how to aggregate across a set of meters without having to decrypt the individual meter's reading.

Ostensibly, many other privacy-enhancing applications should follow from our ability to operate on encrypted data without decrypting it. Cryptographers need guidance regarding what processes and procedures can benefit from privacy-enhancing technologies. Technology consumers need a better understanding of the new functionalities of privacy enhancing technologies and its potentials. Everybody needs a better feel for which technologies are, or can be made to be, cost-efficient.

Agenda and Presentations (Printable Agenda)


Dan Boneh, Stanford (functional encryption)
Rafail Ostrovsky, UCLA (private information retrieval)
Ernie Brickell, Intel (EPID)
Stanislaw Jarecki, UC Irvine (SPAR/NICECAP pilots)
Kazue Sako, NEC (group signatures)
Brian LaMacchia, Microsoft (U-Prove)
Christian Paquin, Microsoft (U-Prove)
Gregory Neven, IBM-Zurich (Idemix)
George Danezis, Microsoft Research Cambridge (smart meters)
Tomas Toft, University of Aarhus (SMC applied to sugar beet auctions)
Michael Fischer, Yale University (auctions, shared randomness)
Serge Fehr, CWI (secure multi-party computation)
Claire Vishik, Intel UK (privacy standards and policy)
Juan Garay, AT&T Labs (searchable encryption)


Start Date: Thursday, December 8, 2011
End Date: Friday, December 9, 2011
Location: Administration Building - Green Auditorium
Audience: Industry, Government, Academia
Format: Workshop


Registration Fee: $165 Fee includes morning and afternoon refreshments, lunch on both days and a reception the evening of December 8..

All attendees must be pre-registered. On-Site registration is not possible for any conference held on NIST campus. Photo identification must be presented at the main gate Visitors Center to be admitted to the workshop. Foreign nationals are required to bring their passports for identification.

On-line registration closed at 5:00 pm EST on December 1, 2011

Registration Contact:


Holiday Inn Gaithersburg
2 Montgomery Village Avenue
Gaithersburg, MD 20879
(301) 948-8900
(800) HOLIDAY (465-4329)

A limited number of rooms have been reserved for the evenings of December 7 and 8, 2011. Please make your reservations early!! Cut-off date for the room block is November 22, 2011.

Reference: NIST/Privacy Enhancing Workshop
Rate: $125 + taxes

A shuttle will bring attendees to NIST in the morning and return attendees to the Holiday Inn at the end of the daily sessions. Please see Agenda for times.

Technical Contact:

Rene Peralta