Q&A with Brown College’s Anna Lysyanskaya, two-time winner of Fb analysis awards in cryptography
In this monthly series of interviews, we put members of the academic community and their critical research in the spotlight – as partners, collaborators, consultants, and independent collaborators.
For March we nominated Anna Lysyanskaya, a professor at Brown University. Lysyanskaya is a two-time recipient of the Facebook Research Award for Cryptography and is known for her work with digital signatures and anonymous credentials. In this Q&A, Lysyanskaya shares more about her background, her two successful research proposals, her most recent presentation at the Real World Cryptography Symposium, and the topics she is currently focusing on.
Q: Tell us about your role at Brown and the type of research you specialize in.
Anna Lysyanskaya: I am a professor of computer science and my specialty is cryptography, especially data protection authentication and anonymous login information. I have had a long career in academia and got my PhD 19 years ago. I’ve started working in this particular area since I started doing research as a PhD student.
I got into this field mostly by chance, and honestly, I could have ended up anywhere. Everything was new and interesting to me at the time, but I remember having a chance encounter with the person who would eventually become my advisor. At the time he had a few papers that he wanted to look at more closely, so I started reading them and meeting with him to discuss them.
In the beginning I was drawn to cryptography because I was interested in both the math aspect and the social aspect of solving math problems with interesting people doing everything for fun. That initial fascination, coupled with a great place to study, led me to where I am today.
Eventually I learned that it’s not all fun and math and that there are actually interesting uses for what I’m working on. That’s actually why I keep working on it all the later because I just don’t run out of interesting places to use this stuff.
Q: You won two Facebook requests for suggestions: the role of applied cryptography in a privacy-oriented advertising ecosystem RFP and the RFP Privacy Preserving Technologies. What were your winning proposals about?
AL: My promotional proposal was titled “Know Your Anonymous Client”. Let’s start with how a website – yourfavoritenewspaper.com, for example – turns content into money: by serving ads. When you click on an ad and buy something, the website that sent you there receives a small payment. In the order of magnitude, these payments pay off for the content you find online. The main problem here is that the websites you visit keep track of your activity. By keeping track of what you do, they can reward the websites that successfully served you an ad.
My project is about finding a privacy approach to rewarding ad publishers – one that doesn’t track a user’s activity, but that gives reliable accountability when rewarding a website for sending a client, for example is responsible to a retailer who completed a sale with that customer. The idea is to use anonymous credentials: when you buy something, your browser gets a credential from the merchant who just received money from you. Your browser transmits these specially transformed credentials to the website that you sent to the original retailer. The crux of the matter is that the transformed credentials cannot be linked to the data issued by the retailer. Even if the website and the retailer work together, they cannot tell that it is the same user.
My other proposal, co-authored with Foteini Baldimtsi of George Mason University, was about authenticating private users and anonymous credentials on Facebook’s Libra blockchain. The nature of a blockchain is that it is very public, but you also want to protect everyone’s privacy. Our goal was therefore to create cryptographic tools to protect privacy in the blockchain. It is very exciting to have the opportunity to work with Libra researchers on this project.
The tools for both research projects are very similar, but the stories are different. Since the applications are different enough, you still need to do some original research to resolve the issues. The motives for both projects are to achieve user privacy and protect users.
Q: You spoke at Real World Cryptography (RWC) recently. What was your presentation about?
AL: Anonymous references were central to my entire research career. They are what I am most known for and they were the subject of my talk. With an anonymous Proof of Entitlement, you can prove that you are a Proof of Entitlement user without revealing any other information. In the promotional example above, a retail website you visited gives your browser an anonymous credential that allows you to prove that you bought something from that retailer without revealing who you are or what information would allow anyone to infer who you are or who you are what you bought.
Of course, anonymous credentials can be used much more broadly. A particularly timely potential application would be proof of vaccination. For example, suppose everyone who receives a vaccination also receives an ID card that confirms their vaccination status. Once you are vaccinated, you can return to pre-pandemic activities such as: B. to concerts and sporting events, air travel and even vacation cruises. In order to gain access to such venues, you will need to show your vaccination certificate. Unless anonymous credentials are used, there may be a data breach. Hence, anonymous credentials are a better approach.
Q: What are some of the biggest research questions that you are interested in?
AL: This lecture I gave at RWC is about that. In a technical field, it is difficult to tell what you are doing to people who may actually be able to apply it, especially because it is not easy to explain math concepts. Anonymous credentials are especially difficult to explain for someone who hasn’t studied cryptography in at least a few years.
Right now my focus is on rephrasing this problem in a slightly more intuitive way. My current attempt is to have an intermediate primitive called the Mercury Signature. This is like a digital signature, but it has mercury in it because you can convert it so that a statement is still meaningfully signed – just in a way that can’t be seen from what it looked like when it was first issued.
There are several reasons I think Mercury Signatures are a good building block to study with:
- First, we actually have a candidate construction, so it’s not that far-fetched, and we know we can do it. There are a few flaws in this design, but it’s not a completely crazy idea.
- Second, mercury signatures are an approachable concept to someone who only has a basic understanding of cryptography. You can explain what a mercury signature is to someone who knows what a digital signature is in a matter of minutes.
- Also, Mercury Signatures have very extensive uses and allow us to create anonymous credentials with some useful features. One example is delegation. Let’s say I give you credentials anonymously and then you give someone else a credential. If they use their credentials, they won’t see the chain of command – just that they are authorized.
This is actually the main part of my RWC talk, and I think it’s the next thing to do.
Q: Where can people find out more about your research?
AL: People can find out more about my research on my Google Scholar profile.