George Mason Department of Computer Science Assistant Professor Foteini Baldimtsi has been granted a
National Science Foundation CAREER Award for her project, Privacy Preserving Transactions with Accountability Extensions.
Baldimtsi recently discussed the ubiquity of cryptography. “We use cryptography every single day. Every time you log in to your email or make a transaction with your bank, you use cryptography. Data do not fly around unencrypted.”
Even so, certain types of interactions require people to offer up more data than they might be comfortable with. She gave a non-digital example of buying alcohol at a store, noting that a vendor simply needs to know if a buyer is over 21. When the buyer shows a driver’s license, the vendor can learn a customer’s full name, address, and exact date of birth, even though they didn’t need that information for the transaction. Using cryptographic techniques, she seeks to create digital credentials that only prove the necessities for a particular interaction. Such “zero-knowledge proofs,” she says, “lets me prove something to you about my identity, while keeping the rest of the stuff hidden.”
Privacy has a price, one of which is speed. She said, “A big part of my CAREER award is how to make privacy techniques practical by being faster and more efficient.” She is particularly looking at anonymous payments. A credit card company, for example, may know that someone is buying coffee from Einstein’s Bagel in the Nguyen Engineering Building every day, though they only need to be able to process a financial transaction. “If you pay with cash, your bank only knows you withdrew a sum of money, but no one knows where or how you’re spending that money. Using a credit card is so much more convenient than paying with cash,” she said. “The question is, using our credit cards or our phones, can we maintain the same level of privacy? The answer is yes.”
Digital privacy has regulatory consequences. “There is a tension between privacy and the ability to enforce the law,” she noted. “If we make everything completely private, there are regulatory issues, so I’m trying to design auditable or accountable schemes that ensure the following – as long as users obey the law, their privacy is maintained. If they break the law – under some well-defined notion of what the law says – their privacy will be lifted.” A key part of her grant, she said, is tackling the challenge of determining ways to mathematically formulate the law. To assist with this, she will be collaborating with the Mason policy and business schools.
From her abstract: “The amount of digital data collected electronically is increasing and poses threats to user privacy. Cryptographic mechanisms enhancing data privacy suffer from prohibitive computational and communication costs and do not offer accountability mechanisms. Towards the goal of bringing privacy-enhancing technologies closer to adoption, this project defines and constructs new cryptographic building blocks like: new types of digital signatures, cryptographic accumulators, and zero-knowledge proofs, which are at the core of mechanisms used to enhance privacy.”
The award totals more than $500K and the award period is from July 2022 to June 2027.