You're looking for functional encryption (https://en.wikipedia.org/wiki/Functional_encryption). It lets you compute exactly an encryption of a pre-specified function of the input message and nothing else.
I think functional encryption is even less well developed than FHE. Most problems can't be expressed in functional encryption, and the security model is really iffy.
Consider reading [1] (also linked in OP) for a detailed article about a very talented lower caste person who gets hired at IIT Kanpur, only to be met with overt caste-based discrimination and harassment. You'd find it hard to claim caste-based discrimination doesn't exist after reading it. On a perhaps unrelated note, the author is Manindra Agarwal, who you may know as the A in the AKS primality test.
Yep. Indian and Indian Diaspora academia can be toxic. I remember hearing stories about a professor at a T10 CS Program who'd only give RAShips to people from the exact same subcaste community as him. There are plenty of issues with overt and covert toxicity among the South Asian community.
Also consider reading that caste violence is also directed at upper castes from lower castes. It is not a one sided thing. Left-leaning ruling party politicians in a state have shamefully called for a brahmin (upper caste) genocide.
>Caste-based surnames are extremely uncommon in South India (20% of India's population), and it's not even a recent thing.
No, caste-based surnames are uncommon among some upper caste communities. A significant chunk (Gowdas, Reddys, Nairs etc.) have surnames strongly linked to castes. And what you might refer to being a "recent thing" is having a western style surname at all.
>FWIW, as someone who has spent considerable time in Indian academia, this article reeks of BS. No one cares about your caste in Indian academia. The languages you speak, the part of India you come from, etc., cause a bigger divide than caste.
I've also spent time in Indian academia (and left it, for unrelated reasons) and can say that caste matters a lot, in a very insidious way. Respectfully, if you can't tell that Bulsara is a Gujarati surname (which means it could be a Hindu, Parsi or a Muslim surname, so may not even be linked to a caste as is the case with Freddie Mercury), then you may not know enough to comment on caste.
>How exactly did the author find their castes?
Perhaps try reading the article? He has even linked the RTI responses if you doubt him so much.
> I can assure you that the vast majority of upper-caste people here don't use a caste-based surname anymore.
Oh, I don't need assuring for this, this was the point I was making! Basically, some south Indian upper castes use their father's first name as their surname. And this in itself is a strong signifier that the person is from the upper caste!
And yes, some surnames like Bulsara are linked to a place, some are neutral like Kumar, or some are rare enough to not signify caste unless you really know. So what? Even now, a large chunk of the Indian population uses caste-linked surnames, and it is one way they get discriminated. This is the point he makes when he says "Typically, one's surname (last name) is a giveaway".
> RTI responses will only tell you the number of candidates who were hired through caste-based reservation.
No, the RTI responses that he has linked is for the "breakdown of faculty members in the respective category of reservation..." (see the linked pdf for IITD, for example), not if they were hired through caste-based reservation. The category of reservation being information that every Indian citizen is asked to provide in government forms.
This will be my last comment in this chain since this is going nowhere. Patronymics and matronymics are used by some south Indians, who are at the most 20% of the population. The simple point made in the OP is essentially that caste-based surnames are typical in India, and
which you have not refuted.
No, you don't have to fill your caste but you are typically expected to tick one of the SC/ST/OBC/General boxes (these being the categories of reservation), and then provide a proof if required. The sentence you quote refers to this, and not on how they were hired, which is what you are saying. RTI queries can absolutely answer things of this kind, please just read the question the OP asks in the linked pdfs.
His book The Principles of Art from 1938 is probably the best example. He offers a definition of art arrived at through ordinary language philosophy, and, along the way, also develops a theory of imagination, language, and anti-copyright.
You would. It’s important for the client to pace it’s requests in a way that does not reveal too much (for example, the client should not just request both chunks of the article at the same time). The best thing to do would probably be to have a ‘load more’ button at the bottom of a very long article that makes a separate request.
If you think about it, the pacing of user queries could always reveal something (if there’s a long gap between quarries, perhaps it’s a dense mathematics article?). So the best we can hope for is pacing requests either randomly, or for even further protection, perhaps making dummy requests on a fixed cadence.
Here are some books that I've read with some remarks which you may find useful.
- "Cryptography: A Very Short Introduction" by Piper and Murphy - This is a book in the Very Short Introduction series, so is a bit light on the math. If that's what you are looking for though, this is a good resource.
- "Cryptography Made Simple" by Nigel Smart - The choice of topics is quite eclectic (in the best way possible!). For ex. it is the first general crypto book I've read which talks about lattices (most post-quantum world crypto schemes are lattice based) and things like commitments and zero-knowledge proofs. Develops just the right amount of math to talk about a lot of different things.
- "Cryptography: Theory and Practice" by Stinson and Paterson - adequate, covers the usual topics (plus a chapter on post-quantum crypto).
- "Introduction to Modern Cryptography" by Katz and Lindell - basically a reference for the theory side of crypto. Quite math heavy (or to be more accurate, notation heavy, like theoretical crypto tends to be).
- "Real-World Cryptography" by David Wong - I have not read another crypto book which tackles as many topics, it has chapters on e2e encryption, cryptocurrency and hardware crypto. Is a bit too hand-wavey and doesn't properly explain the math sometimes, but it is great for self-learners and people who are looking for a book on topics not covered in other books.
- "Serious Cryptography" by Jean-Philippe Aumasson - from the No Starch Press stable. The exposition is quite good, and finds a decent balance between making it approachable and getting the details right.
- "Understanding Cryptography" by Paar and Pelzl - decent coverage of fundamental primitives (block/stream ciphers, public key encryption, hashes, signatures etc) but feels a bit outdated. For ex. there is a whole chapter on DES.
This is not specific to Hindi though, almost all Indian languages (except for maybe Urdu), use this arrangement known as the Varnamala. This collation order has to do with these languages using scripts descended from the Brahmi script.
This is the webpage of TFHE, a recent and quite fast FHE scheme - https://tfhe.github.io/tfhe/ . They have a (surely incomplete) list of applications. I work in a somewhat related field, and I know that current FHE schemes can be used for things like voting and computing basic statistics when the data size is smallish.
As KenoFischer says, they are not the same ciphertext, even if we consider a non homomorphic encryption system. Enc is basically a random algorithm, and we need it to return different ciphertexts for the same plaintext, otherwise it would be easy to break - if I know Enc(1) and the scheme is additive, then I'd know Enc(n) for all n...
Are there any existing FHE algorithms with that property, or is it just a theoretical goal for the field?
Every time I've heard FHE mentioned, I've had the same "this sounds like it has all the problems of ECB mode plus some new ones" reaction. This article (like all of the ones I've read) doesn't seem to cover how what you're describing would be achieved.
What is the input to the algorithm that makes two identical cleartexts encrypt to different ciphertexts? In a traditional block cipher, it would be an IV or a "confounder", but IVs are included with the ciphertext, so I'm assuming it's more like a "confounder".
If an FHE algorithm that exists today has this property, how does essentially randomizing the ciphertext not break the ability to perform calculations on it? It seems like whatever does the randomizing would need to be known to all parties in order to take it into account, and so anyone could factor it out in some way to get back to ciphertexts that are identical for identical cleartexts.
Yes, all existing FHE schemes have this property (called semantic security). The encryption algorithm is a randomized algorithm, which takes the plaintext and a random value as input (just like an IV). Note that we're talking about public-key crypto here, which is a different primitive from the symmetric crypto you're thinking of. Each key is actually a key pair consisting of a secret key and a public key. Such cryptosystems are based on some mathematical trapdoor: only with the secret key are you able to "undo" the randomization and learn the plaintext. It therefore doesn't matter if you want to undo the randomization on a direct encryption of a plaintext, or whether the ciphertext is the sum of several ciphertexts.
If you want to see how this works on a bit more technical level, look at the ElGamal cryptosystem [1]. It is in fact partially homomorphic (you can add ciphertexts, but cannot multiply), and it's probably the easiest to understand system with this property.
