The Learning with Errors (LWE) problem has become a central building block of modern cryptographic constructions. We will discuss hardness results for concrete instances of LWE. In particular, we discuss algorithms proposed in the literature and give the expected resources required to run them. We consider both generic instances of LWE as well as small secret variants. Since for several methods of solving LWE we require a lattice reduction step, we also review lattice reduction algorithms and propose a refined model for estimating their running times. We also give concrete estimates for various families of LWE instances, provide a Sage module for computing these estimates and highlight gaps in the knowledge about algorithms for solving the Learning with Errors problem.

The concept of delegated quantum computing is a quantum extension of  
the classical task of computing with encrypted data without decrypting  
them first. Many quantum protocols address this challenge for a  
futuristic quantum client-server setting achieving a wide range of  
security properties. The central challenge of all these protocols to  
be applicable for classical tasks (such as secure multi party  
computation or fully homomorphic encryption) is the requirement of a  
server with a universal quantum computer. By restricting the task to  
classical computation only, we derive a protocol for unconditionally  
secure delegation of classical computation to a remote server that has  
access to basic quantum devices.

Finding rational points on curves - Jennifer Balakrishnan (Mathematical Institute, Oxford)

From cryptography to the proof of Fermat's Last Theorem, elliptic curves are ubiquitous in modern number theory.  Much activity is focused on developing methods to discover their rational points (those points with rational coordinates).  It turns out that finding a rational point on an elliptic curve is very much like finding the proverbial needle in the haystack.  In fact, there is no algorithm known to determine the group of rational points on an elliptic curve.

Hyperelliptic curves are also of broad interest; when these curves are defined over the rational numbers, they are known to have finitely many rational points.  Nevertheless, the question remains: how do we find these rational points?

I'll summarize some of the interesting number theory behind these curves and briefly describe a technique for finding rational points on curves using (p-adic) numerical linear algebra.

____________________________

Analysis, prediction and control of technological progress - François Lafond (London Institute for Mathematical Sciences, Institute for New Economic Thinking at the Oxford Martin School, United Nations University - MERIT)

Technological evolution is one of the main drivers of social and economic change, with transformative effects on most aspects of human life.  How do technologies evolve?  How can we predict and influence technological progress?  To answer these questions, we looked at the historical records of the performance of multiple technologies.  We first evaluate simple predictions based on a generalised version of Moore's law, which assumes that technologies have a unit cost decreasing exponentially, but at a technology-specific rate.  We then look at a more explanatory theory which posits that experience - typically in the form of learning-by-doing - is the driver of technological progress.  These experience curves work relatively well in terms of forecasting, but in reality technological progress is a very complex process.  To clarify the role of different causal mechanisms, we also study military production during World War II, where it can be argued that demand and other factors were exogenous.  Finally, we analyse how to best allocate investment between competing technologies.  A decision maker faces a trade-off between specialisation and diversification which is influenced by technology characteristics, risk aversion, demand and the planning horizon.

Derived geometry and approximations - Pavel Safronov

Derived geometry has been developed to address issues arising in geometry from a consideration of spaces with intrinsic symmetry or some singular spaces arising as complicated intersections.  It has been successful both in pure mathematics and theoretical physics where derived geometric structures appear in quantum gauge field theories such as the theory of quantum electrodynamics.  Recently Lurie has developed a transparent approach to deformation theory, i.e. the theory of approximations of algebraic structures, using the language of derived algebraic geometry.  I will motivate the theory on a basic example and explain one of the theorems in the subject.

_______________________________

How magnets and mathematics can help solve the current water crisis - Ian Griffiths

Although water was once considered an almost unlimited resource, population growth, drought and contamination are straining our water supplies.  Up to 70% of deaths in Bangladesh are currently attributed to arsenic contamination, highlighting the essential need to develop new and effective ways of purifying water.

Since arsenic binds to iron oxide, magnets offer one such way of removing arsenic by simply pulling it from the water.  For larger contaminants, filters with a spatially varying porosity can remove particles through selective sieving mechanisms.

Here we develop mathematical models that describe each of these scenarios, show how the resulting models give insight into the design requirements for new purification methods, and present methods for implementing these ideas with industry.

Given a hypersurface, the Bernstein-Sato polynomial gives deep information about its singularities.  It is defined by a D-module (the algebraic formalism of differential equations) closely related to analytic continuation of the gamma function. On the other hand, given a hypersurface (in a Calabi-Yau variety) one can also consider the Hamiltonian flow by divergence-free vector fields, which also defines a D-module considered by Etingof and myself. I will explain how, in the case of quasihomogeneous hypersurfaces with isolated singularities, the two actually coincide. As a consequence I affirmatively answer a folklore question (to which M. Saito recently found a counterexample in the non-quasihomogeneous case): if c$ is a root of the b-function, is the D-module D f^c / D f^{c+1} nonzero? We also compute this D-module, and for c=-1 its length is one more than the genus (conjecturally in the non-quasihomogenous case), matching an analogous D-module in characteristic p. This is joint work with Bitoun.
 

STAR-Vote is voting system that results from a collaboration between a number of
academics and the Travis County, Texas elections office, which currently uses a
DRE voting system and previously used an optical scan voting system. STAR-Vote
represents a rare opportunity for a variety of sophisticated technologies, such
as end-to-end cryptography and risk limiting audits, to be designed into a new
voting system, from scratch, with a variety of real world constraints, such as
election-day vote centers that must support thousands of ballot styles and run
all day in the event of a power failure.
We present and motivate the design of the STAR-Vote system, the benefits that we
expect from it, and its current status.

This is based on joint work with Josh Benaloh, Mike Byrne, Philip Kortum,
Neal McBurnett, Ron Rivest, Philip Stark, Dan Wallach
and the Office of the Travis County Clerk