Best Place To BuildProf. Shweta Agrawal, CSE | "Real-life cryptography is cooler than Imitation Game-the movie"| Ep.13
CHAPTERS
Meet Prof. Shweta Agrawal at IIT Madras: why “real-life cryptography” matters
The host introduces Prof. Shweta Agrawal (CSE, IIT Madras) and frames the episode as a practical, curiosity-driven tour of cryptography beyond pop-culture references like The Imitation Game. The conversation sets expectations: cryptography is not just war-time codebreaking, but a foundational technology shaping everyday digital trust.
- •Podcast context: “Best Place To Build” at IIT Madras Innovation Hub
- •Guest background and recognition (chair professorship, awards)
- •Cryptography positioned as broader and “cooler” than movie portrayals
- •Setup for core themes: secrecy, attackers, hardness, and real-world relevance
Cryptography in one sentence: secrecy, privacy, and trust goals
Shweta defines cryptography as the art of keeping secrets, then expands it to multiple goals beyond confidentiality—like authentication and proving identity. The chapter clarifies that cryptography is about enabling secure interaction under adversarial conditions.
- •Cryptography as “art of keeping secrets”
- •Multiple goals: private communication, authentication/identity, secure protocols
- •Security framed as achieving goals “in a secret manner”
- •Cryptography as a science/engineering of trust under threat models
From Caesar cipher to modern crypto: lessons from Enigma and provable security
A historical arc connects ancient ciphers to WWII-era cryptanalysis and the modern emphasis on mathematical guarantees. Shweta explains the key shift: rather than relying on “smart people built a hard code,” modern cryptography aims to reduce attacks to solving well-studied hard problems.
- •Ancient roots: Caesar cipher and substitution ideas
- •WWII and Enigma as a turning point for cryptographic thinking
- •Modern cryptography: security reductions to hard math problems
- •Goal: confidence through decades of scrutiny + mathematical proof frameworks
Why everyday people and businesses need cryptography
Cryptography is grounded in everyday scenarios: protecting online payments from eavesdroppers and enabling collaboration without revealing sensitive data. The discussion introduces secure computation ideas such as multiparty computation for joint decisions (e.g., mergers) while preserving privacy.
- •Online shopping/payment data traveling over networks needs protection
- •Eavesdroppers can intercept data if not encrypted
- •Business privacy: compute merger profitability without revealing assets
- •Multiparty computation: learn only the output, not each other’s inputs
Attackers, eavesdroppers, and threat models as algorithms
Shweta reframes adversaries as algorithms rather than people, emphasizing formal threat models. The chapter distinguishes passive listening (eavesdropping) from active attackers who can modify communications, highlighting why cryptographic definitions must anticipate many attack types.
- •Attacker = algorithm in cryptographic modeling
- •Eavesdropper is a passive attacker subtype
- •Active attacks: modification/injection of messages
- •Security depends on explicitly modeling attacker capabilities
What makes a problem “hard”: efficiency, polynomial time, and security parameters
Hardness is defined in computational terms: no efficient (polynomial-time) probabilistic algorithm should solve the underlying problem within any reasonable timeframe. The conversation links this to practical security choices—tuning parameters based on how long data must remain secure.
- •“Hard” = no efficient probabilistic algorithm exists (assumed)
- •Efficiency benchmark: polynomial time vs infeasible runtimes
- •Practical interpretation: even fastest supercomputers can’t solve in time
- •Security parameters vary by application horizon (years vs centuries)
Algorithms and RSA public-key encryption: falling in love with crypto
The host probes what an algorithm is, then the discussion pivots to cryptographic algorithms like RSA and AES, with RSA explored in depth. Shweta explains public-key encryption: anyone can encrypt with a public key, but only the holder of the secret key can decrypt—making key management central.
- •Algorithm as step-by-step mapping from input to desired output
- •Cryptography uses algorithms; RSA as a famous example
- •Public key vs secret key: open encryption, restricted decryption
- •Security focus shifts to protecting the secret key (and key-leak risks)
P vs NP, and why quantum computing changes the rules (including breaking RSA)
Shweta introduces P vs NP as a foundational open problem and relates it to cryptography’s need for problems that resist efficient solving. The chapter then explains how quantum algorithms can make classically hard problems easy—RSA being the headline example—forcing the field to plan for post-quantum security now.
- •P: efficiently solvable; NP: efficiently verifiable
- •Cryptography needs some NP problems not in P (at least)
- •Quantum setting differs; some problems become easy with quantum algorithms
- •RSA believed hard classically but easy for quantum (Shor-type impact)
Research focus: computing on encrypted data and the structure–randomness tightrope
Shweta describes her theoretical cryptography work, especially the challenge of meaningful computation on encrypted data—motivated by ML and sensitive datasets (e.g., genomic research). She explains the conceptual paradox: ciphertext must look like random noise to attackers, yet contain hidden structure enabling computation and correct decryption.
- •Core question: can you run ML/analytics on encrypted data?
- •Genomic/medical research example with millions of private records
- •Encryption requires ciphertext indistinguishability (“looks like junk”)
- •Yet computation requires latent structure: cryptography as a “dance” between structure and randomness
Functional encryption: authorization to compute (and only compute) approved functions
The episode formalizes the earlier idea as functional encryption: encryption stays general-purpose, while decryption keys encode which function outputs are learnable. Shweta highlights a stronger notion of control—keys that open results only if the computation was authorized and done correctly—and connects this to quantum-resilient constructions.
- •Functional encryption enables controlled computation on ciphertexts
- •Encryption not tied to one request; multiple authorized functionalities possible
- •Keys can restrict what is learned to approved outputs
- •Emphasis on post-quantum security for these advanced primitives
Attribute-based encryption and lattice-based cryptography: practical access control and post-quantum foundations
Shweta explains attribute-based cryptography as a special case: keys carry attributes, and policies determine access (e.g., faculty/staff can decrypt, students cannot). She then contrasts this with lattice-based cryptography, which is about building schemes from lattice hard problems—valuable both for post-quantum security and for enabling new, more powerful cryptographic capabilities.
- •Attribute-based: decrypt if attributes satisfy an access policy
- •Access control embedded cryptographically, not just administratively
- •Lattice-based crypto: hardness assumptions different from factoring/discrete log
- •Lattices offer both post-quantum promise and new cryptographic “opportunity space”
What computer science really is: computing, complexity, systems, and ML (not just coding)
Shweta challenges the common misconception that computer science equals programming, using Dijkstra’s quote about “knife science.” She maps major CS subfields—theory/complexity, systems, and machine learning—emphasizing that programming is a tool, not the definition of the discipline.
- •CS is about computing: what’s computable, what’s efficient, what’s hard
- •Theory/complexity connects directly to cryptography and hardness
- •Systems: OS, compilers, networks, programming languages
- •ML/AI: learning, cognition, creativity—exploding interest and enrollment
Career choices, student pressure, and India’s cryptography rise (plus CyStar’s cybersecurity mission)
The conversation turns to why one should study CS and how students often choose based on status or pay rather than fit—creating intense pressure. Shweta then describes India’s progress in public-key cryptography over the past decade and introduces CyStar, a cybersecurity center uniting theory, applied security, and real-world modeling/outreach.
- •Choosing fields: interest and informed exposure vs societal/job pressure
- •Student stress and the “pressure cooker” effect
- •India’s improved presence at top cryptography venues over ~10 years
- •CyStar: security/cryptography/trust/reliability; theory + applied + bridge-building + outreach
Women in STEM, Shweta’s personal journey back to India, Atma Shraddha, and art–cryptography parallels
Shweta discusses the “leaky pipeline” for women in STEM—strong performance early, thinning representation in leadership—and the subtle biases that persist. She shares her exploratory path into cryptography, her intentional decision to return to India to give back, and the need for national self-belief (Atma Shraddha). The episode closes by linking cryptography to abstract expressionism: both balance structure and randomness in pursuit of beauty.
- •Women in STEM: attrition with seniority; leadership bias examples
- •Personal path: broad curiosity, chance exposure to crypto, commitment to theory
- •Return-to-India motivation: opportunity scarcity + desire to contribute
- •Atma Shraddha: challenging the reflex that “good work only happens abroad”
- •Art connection: cryptography as abstract expressionism—form vs formlessness
