There is currently a large interest in the applications of the Blockchain technology. After the well known success of the cryptocurrency Bitcoin, several other real-world applications of Blockchain technology have been proposed, often raising privacy concerns. We will discuss the potential of advanced cryptographic tools in relaxing the tension between pros and cons of this technology.

I will explain our recent description of the fundamental degrees of freedom underlying a generalized Kahler structure. For a usual Kahler
structure, it is well-known that the geometry is determined by a complex structure, a Kahler class, and the choice of a positive(1,1)-form in this class, which depends locally on only a single real-valued function: the Kahler potential. Such a description for generalized Kahler geometry has been sought since it was discovered in1984. We show that a generalized Kahler structure of symplectic type is determined by a pair of holomorphic Poisson manifolds, a
holomorphic symplectic Morita equivalence between them, and the choice of a positive Lagrangian brane bisection, which depends locally on
only a single real-valued function, which we call the generalized Kahler potential. To solve the problem we make use of, and generalize,
two main tools: the first is the notion of symplectic Morita equivalence, developed by Weinstein and Xu to study Poisson manifolds;
the second is Donaldson's interpretation of a Kahler metric as a real Lagrangian submanifold in a deformation of the holomorphic cotangent bundle.

Tight security is increasingly gaining importance in real-world
cryptography, as it allows to choose cryptographic parameters in a way
that is supported by a security proof, without the need to sacrifice
efficiency by compensating the security loss of a reduction with larger
parameters. However, for many important cryptographic primitives,
including digital signatures and authenticated key exchange (AKE), we
are still lacking constructions that are suitable for real-world deployment.

This talk will present the first first practical AKE protocol with tight
security. It allows the establishment of a key within 1 RTT in a
practical client-server setting, provides forward security, is simple
and easy to implement, and thus very suitable for practical deployment.
It is essentially the "signed Diffie-Hellman" protocol, but with an
additional message, which is crucial to achieve tight security. This
message is used to overcome a technical difficulty in constructing
tightly-secure AKE protocols.

The second important building block is a practical signature scheme with
tight security in a real-world multi-user setting with adaptive
corruptions. The scheme is based on a new way of applying the
Fiat-Shamir approach to construct tightly-secure signatures from certain
identification schemes.

For a theoretically-sound choice of parameters and a moderate number of
users and sessions, our protocol has comparable computational efficiency
to the simple signed Diffie-Hellman protocol with EC-DSA, while for
large-scale settings our protocol has even better computational per-
formance, at moderately increased communication complexity.