Ignorance is Bliss: Building Systems with Nothing to Lose

As social and financial interactions move online, computers store and compute on increasing amounts of sensitive personal information. While cryptography has offered us many theoretical tools to allow privacy-preserving computation on secret data , industry routinely uses cryptography merely to address basic threats such as third-party eavesdropping. This poses a problem, as there appears to be an increasing consensus — even in industry — that it is risky to trust service providers with access to this information. To address this, we need systems that provide useful features that users expect, but do not expose information to theft even when the provider is fully malicious. This approach does more than protect user privacy: if the system is ignorant of both data and cryptographic keys, system security may reduce to a simple matter of detection and re-initialization. In this talk, I will explore the challenges in building "intentionally ignorant" systems by examining the design of Zerocash, a deployed anonymous alternative to Bitcoin, and cryptographic attacks arising from failures in the design of Apple's iMessage end-to-end encrypted messaging service.
Ian Miers is a Ph.D. student at Johns Hopkins University working on applied cryptography and privacy enhancing technologies advised by Prof. Matthew Green. His work includes anonymous cryptocurrencies (Zerocoin and Zerocash), decentralized anonymous credentials, and secure messaging including attacks on Apple iMessage and scalable searchable encryption for cloud based email. His work has been featured in the Washington Post, the New York Times, Wired, and The Economist , among others. He is one of the founders of ZCash, a company which has commercially deployed Zerocash.