## Invited Speakers

### Vinod Vaikuntanathan (Massachusetts Institute of Technology)

#### The Many Faces of Garbled Circuits

Garbled circuits, introduced in a seminal work of Yao in the 1980s, are the swiss-army knife of cryptography. In this talk, I will describe how much of the modern cryptographic toolkit, including fully homomorphic encryption, functional encryption and program obfuscation can be viewed as natural extensions of garbled circuits, and its close relative randomized encodings.

Among other things, I will describe how to construct reusable garbled circuits from the learning with errors (LWE) problem, and how a seemingly slight extension of reusable garbled circuits will give us program obfuscation schemes, leading us to the promised land of Cryptopia.

Along the way, I will highlight several fundamental open problems, both information-theoretic and computational, related to garbled circuits.

[slides]### Vadim Lyubashevsky (École Normale Superieure)

#### Future Directions in Lattice Cryptography

The spread of the LWE problem (and its ring version) in cryptographic literature is due to its versatility -- virtually any cryptographic primitive that one may want to construct can be constructed based on the presumed hardness of LWE. Furthermore, the basic primitives, such as encryption and signature schemes, can be built securely and efficiently based on this problem. On the other hand, there has been a pronounced lack of success in constructing practical LWE-based primitives with more advanced features.

I believe that if we are to move beyond the basic primitives and still hope to have reasonably practical constructions, then we will need to look past LWE. In particular, rather than relying on LWE for hardness, it will be necessary to actually understand where LWE gets its hardness from and build primitives directly based on this source. In this talk, I will discuss the "basic" lattice problems of which LWE is just a particular instance, and discuss what structure we would ideally want from them in order to realize more advanced, yet still efficient, cryptographic constructions.

[slides]### Daniel J. Bernstein (University of Illinois at Chicago and Eindhoven University of Technology)

#### The first 10 years of Curve25519

Curve25519 is an elliptic curve deployed in Apple's iOS (iPhone, iPad, etc.); the TextSecure (Signal) messaging system; the standard OpenSSH remote-login software; the Tor network; Google's QUIC protocol; and many other applications. This talk will explore old and new security issues and implementation issues surrounding ECC, with particular attention to the Ed25519 public-key signature system (joint work with Duif, Lange, Schwabe, and Yang) and the X25519 public-key encryption system.

[slides]