Tuesday, May 26, 2009

Announcement: 2nd Annual Privacy Law Scholar Conference, June 4-5 2009

The 2nd Annual Privacy Law Scholars Conference (PLSC) will be held at the Claremont Resort in Berkeley, CA, on June 4-5. PLSC is an academic paper workshop, and there are no panels of boring talking heads. Instead, we have two days of intense discussion about privacy issues.

If you have students who are interested in working in the privacy field, I strongly encourage you to pass on info about the event. It's free, and about 100 privacy academics (predominately law, but also econ and some computer science, including Peter Neumann, Chris Soghoian, and Jeff Jonas, the inventor of NORA) participate, as well as 50 leading legal practitioners. It's a wonderful opportunity to network, share ideas,etc.

Schedule and information

The password to all papers is plsc2009.

Send email to choofnagle at law.berkeley.edu if you would like to participate.

Thursday, May 14, 2009

Mathematical Advances Strengthen IT Security

ACM TechNews is running an article about a new cryptography approach based on the mathematical theory of elliptic curves, a leading candidate to replace the widely used RSA public key security system.

Elliptic curves are equasions with two variables, e.g., x and y, including terms where both x and y are raised to powers of two or more. The possibilities for elliptic curves and other modern mathematical techniques were discussed at a recent workshop organized by the European Science Foundation (ESF).
“The impact of the elliptic curve method for integer factorisation (developed by my PhD advisor Hendrik Lenstra) has played a role in introducing elliptic curves to cryptographers, albeit for attacking the underlying problem on which RSA is based (the difficulty of factoring integers),” said David Kohel, convenor of the ESF workshop, from the Institut de Mathematiques de Luminy in Marseille, France.

Kohel describes the advantage of elliptic curve cryptography as its immunity to the specialized attacks that have degraded the strength of RSA (smaller keys can be used to provide the same levels of protection).
"In general, the cryptographer has the benefit over the cryptanalyst (the person attacking the cryptosystem) as he or she can select the key size for any desired level of security, provided everyone has the same base of knowledge of best attacks on the underlying cryptosystem," he says.

See details in European Science Foundation.