Encryption, the conversion of data into a form that cannot be easily understood by unauthorized people, is an important security control for wireless communication. It’s what allows people to securely use credit cards to make online purchases, physicians to exchange data about patients, and governments to securely communicate instructions to their military. In each of those examples, making sure the encrypted data gets to the correct party, is correctly decrypted, and then securely stored, requires a trusted mediator, typically known as the server. But as servers become subject to physical or software compromise, and pressure increases for more people to store data with third party cloud services, the need for a new encryption strategy has emerged.

Functional encryption represents a new vision for designing cryptosystems that simultaneously achieve flexible data sharing and strong security. In these systems, only users with specific attributes that match the encryption policy of the data are able to decrypt the document.

“Cryptography can be a great tool for meeting the challenges in balancing usability with security and privacy, but there is much work to be done in making it flexible and comprehensive enough to extend to all of these new kinds of potential applications,” says Allison Lewko, assistant professor of computer science. “Obtaining provable security for new kinds of cryptosystems often involves a great deal of elegant mathematics, and this is why I like working on these kinds of problems—I like the combination of challenging mathematics and real-world motivations.”

Lewko’s work develops new techniques to achieve flexible data sharing and enhanced security. Her research has the potential for real-world impact. Consider the example of a physician sharing patient information. Functional encryption could allow the physician, who is sending the patient data, to control what different recipients of the same data will see. A consulting physician might have access to all of the data, but an insurance company might have a more restricted view.

“The main idea is to give the person doing the encryption the flexibility to very precisely control how to share portions or functions of their data with various categories of other people. The challenge is to do this with high efficiency while maintaining strong security guarantees,” she says.

Lewko also specializes in creating combinatorial and probabilistic tools for understanding and addressing the core complexity of fundamental problems. “I am most proud of my collaborative work that has resulted in a rich mathematical framework for obtaining stronger provable security guarantees than were previously attainable for many kinds of cryptosystems,” she says.

Prior to joining Columbia Engineering in fall 2013, Lewko was a postdoctoral researcher at Microsoft Research New England, where she designed error-tolerant algorithms. She is a faculty affiliate of Columbia’s Data Science Institute and the Institute’s Cybersecurity Center.

BS, Princeton University, 2006; MS, University of Cambridge, 2007; PhD, University of Texas at Austin, 2012

—by Amy Biemiller