Přepis řeči - IS MULTIPARTY COMPUTATION ANY GOOD IN PRACTICE?

0:00:13	so for of a let's oil they and so is yes we can do what to but the computation of
0:00:18	uh every for you can compute everything in the group the domain
0:00:21	the question is our fusion
0:00:22	so that me start by saying what the what is more D the computation
0:00:27	so uh went to day now there's you go online line in to play park or what happens is that
0:00:30	you are here with your friends and a on a
0:00:33	online server
0:00:34	you connect to some central that service that is the for you
0:00:37	and then gives to the card and then you can play pocket
0:00:39	but course what happens if uh
0:00:41	uh you playing with power what happens if the central server is ga a controlled by a it and there
0:00:46	is one of the play is also part
0:00:48	well than they can easily like a a low together right and then the the part of controlling the survey
0:00:53	can give very good cards to is the this find then but as everyone it
0:00:58	so might about the computation uh at about the combination is uh all the sets of the cryptographic techniques that
0:01:03	allow you to instead of having the central server
0:01:06	the second to split the the to in the service i'm among the players so everybody has run a piece
0:01:11	of software on their machines
0:01:12	that um rates the that simulates the presence of this that serve
0:01:16	oh oh do these you know way that even if everyone else is a pilot uh then you can sleep
0:01:20	play poker
0:01:21	uh very
0:01:23	because we don't wanna as mine
0:01:25	so
0:01:26	this is gonna be a
0:01:28	how a technical talk up not
0:01:29	and i is something about the the application of and P C and uh are the been using the real
0:01:34	word
0:01:35	i'm gonna to find a security model because a market at are for so i like security definitions
0:01:39	and then i'm gonna present just to of the results of that think you should be aware of
0:01:43	uh one because it's very important and other one is because i done it so i think if you know
0:01:47	about
0:01:48	um
0:01:49	so let's start from the beginning
0:01:51	so not about the computation of been introduce uh a more than a almost thirty years ago by and the
0:01:55	we out
0:01:56	uh but you have to wait until at to the the yet two thousand to that seeing the first efficient
0:02:02	solution
0:02:03	the that
0:02:04	can be using in practice uh
0:02:05	so that from two thousand you see a lot of uh
0:02:08	but the types an implementation of uh
0:02:10	but the goes from about the computation
0:02:12	and that because some of them P C a a
0:02:15	by you so
0:02:16	in that wording electronic action privacy was every
0:02:19	privacy preserving operation see "'cause" you know processing so basically every time you want to compute on something and you
0:02:24	can about the privacy of your input
0:02:26	and the correctness of a result
0:02:28	you want to come in not cut the mpc dot
0:02:31	so for instance a a a a this is a a start from a then use paper
0:02:36	uh uh then is people are uh ensure the they have had insurance and then when the get seek a
0:02:40	uh they they have
0:02:42	big problem them man you like the six uh are they have to a about the signal and the get
0:02:46	to to the insurance and ask for their money
0:02:48	this a problem because the see people could enjoy this is mine and
0:02:51	could that them to to do with their problem
0:02:53	and uh so on is a solution of this could be that i be that's an insurance company could perform
0:02:58	form uh the intersection of the database base once you know i to check
0:03:01	we should get some mine
0:03:02	of course this is a privacy present these is a privacy sensitive
0:03:05	uh kind of computation because
0:03:07	you don't want the medical records of
0:03:10	the patient to be square as or the in for insurance data
0:03:13	and we can solve this problem using a C
0:03:15	oh example was the from a from then mike
0:03:18	uh these the is the a base the first the time that and P C has been used to move
0:03:22	real money
0:03:24	in this case the so
0:03:26	should should this missing then mike the they you have a should that contract is a bit contract so they
0:03:30	are be you know that's them
0:03:32	a many should is they can grow i mean you get be they can set
0:03:35	and uh the can exchange is these objects these objects are like or C and the wanted to that are
0:03:39	mean you know the the price of
0:03:40	with for exchanging this kind of comedy
0:03:43	so you can do a an option i everyone is i want to buy a this price i want to
0:03:47	buy so much of this price and
0:03:49	then that it can
0:03:50	make is nice by find the equally equilibrium point
0:03:52	but the farmers as don't want to tell each other are much they were willing to buy and sell for
0:03:56	because that to be as information about their own farm
0:03:58	and uh then is is a very technological advances so they use mpc P C
0:04:03	to to to the mean this price
0:04:04	uh the problem the computation last on thirty minutes
0:04:07	and that's uh is that back call is that not
0:04:09	well if it's a task that have to do only once a maybe is good
0:04:13	and for that's a motion are probably a kind a we kind of security so passive security and uh it
0:04:18	assumed that the magic of the party to be honest
0:04:21	and that i don't like uh
0:04:23	i
0:04:24	being the mean value of don't believe that the harness is the that a much as of people are honest
0:04:29	so i another example that that are the from last week a is that the there is an L on
0:04:33	tongue and group of people that
0:04:35	more less to the same they have a nice website we a nice logo
0:04:39	and uh so i C to company scene is tongue the wanted to benchmark a i guess each that they
0:04:43	want to do a whether for
0:04:45	i'm do we by are employ use so much revenue you we get four
0:04:49	money we spend and they want to to compare information with each other the one i stack statistics
0:04:53	uh uh of course these this
0:04:55	all season for the uh these data is the
0:04:58	to be get it so that using uh and P C to do this
0:05:02	but as a nice solution was the share mine
0:05:03	only gives you this kind of weak secure
0:05:07	so what is the security model i keep saying security T but what do i mean when i a secure
0:05:11	so a first of all can this computation to me computation is just a quit
0:05:15	well we have a
0:05:16	from now on um only gonna talk about two five is but you can generalise to more so the have
0:05:20	and your bob that have some input
0:05:22	let's say that beats right we can do everything the bit
0:05:25	and the want to some with made a multiplication addition on this bits
0:05:29	so that is computation from
0:05:31	so computation means that every all the input i get by it that's why there is a a the log
0:05:35	that to show that these
0:05:37	uh input that product and that's all the gates are encrypted because all these the internal values should be
0:05:42	uh a get by but also a of the it should be encrypted that in the sense that they
0:05:46	a the should produce that i with they should be sick you L the get to be sick
0:05:51	in particular it a is crap it she's up by she should be able to do things like a all
0:05:55	i want to learn
0:05:56	this intermediate audio or or maybe
0:05:58	i one the output to be these beat that i design
0:06:01	yeah does that
0:06:02	uh problem problem in terms of privacy and correctness
0:06:06	so do the mean wanna say secure
0:06:08	uh this is kind of a card last year because they come from the could start a few what most
0:06:12	of you come from the
0:06:13	signal processing work
0:06:14	so
0:06:15	intuitively we are agree that a locally secure if no one can a it if not not back again
0:06:21	learn an information
0:06:22	unfortunately approach security is
0:06:25	a a a a a lot X
0:06:27	uh uh isn't a list of a tax there isn't a book that you can buy where you read a
0:06:30	lot X and then you
0:06:32	reasons uh any such a thing maybe you make your system C Q against that kind of a tax and
0:06:35	then to more they come up with the
0:06:37	another kind of attack and then what do you do
0:06:39	so in cryptography
0:06:41	uh we believe that security is not a probably they can be checked empirically
0:06:44	so what we do we want to prosecute
0:06:47	so but it not for the case of multi body computation the stand the model of a for probably security
0:06:52	is the i don't work i real work by like
0:06:55	so
0:06:57	the top or the or what they called the i word is what you want
0:07:00	so you want you have a T symbol
0:07:02	you want what you really like is that the magical about where you can put a input and get the
0:07:06	now
0:07:07	the medical box
0:07:08	uh computes the function as it's the supposed to do and the and never really that being
0:07:14	right
0:07:14	a four it is no such my scale but box and what to do in fact is you do some
0:07:18	kind of the got be brother but what part six exchange
0:07:21	so um the message right
0:07:24	so
0:07:27	yeah that the world is secure by definition right there is no way of attacking able
0:07:31	but in the uh dulles could be applied since you could cheat in the problem
0:07:34	and many i what does it mean that you think that this
0:07:37	information does not reveal
0:07:39	uh anything about the inputs
0:07:42	the to formalise these is to say that uh to create that ideal adversary adversity what because a later
0:07:48	but leaves in the i don't word
0:07:50	and the goal of the similar as or is that by only seeing the input and output of the computation
0:07:55	so
0:07:55	the
0:07:57	by doing but is supposed to do in other word
0:07:59	so be able to produce some kind of trust pretty transcript of the problem of that looks the same
0:08:04	at these one you
0:08:05	and then if you can prove that is uh transcript the are in this transcript the are indistinguishable
0:08:10	then say a probabilistic
0:08:12	with for problem or T we say that if a have adverse that is a similar in that a word
0:08:17	uh such that this uh the output of that were send up output of the symbol with are indistinguishable
0:08:21	then we can lower protocol sick Q
0:08:23	and need to db does means because the children saying distinguishable and the i don't were the secure but the
0:08:28	thing is and then also the real what is secure
0:08:32	so there are many uh a kind of a that one can can see
0:08:36	uh
0:08:37	in the paper in the preceding that are there is much more than this but
0:08:40	i think the most important got session is uh about the level of corruption and that you allow
0:08:44	so we can can see the passive adversaries that try that that of the brother exactly as it had them
0:08:49	but then try to the crypt
0:08:51	the what they get
0:08:53	then you of active adversary that the do whatever they want and that's the one i'm more calm i most
0:08:57	concerned with
0:08:58	and then there's summing somewhere in between
0:09:00	also the number of corruption option is very important
0:09:02	so you can have an honest majority and in this case you can even get perfect security information-theoretic security
0:09:08	and then and this problem was a really really efficient
0:09:11	in that case is a you can can the as much a key that by the ways the only meaningful
0:09:16	uh the and if you look at the but the case right if you into to if two but these
0:09:20	are both a on is then
0:09:21	there is no need for target
0:09:24	so i'm concerned with the design of majority
0:09:26	i think about that
0:09:27	oh
0:09:28	uh
0:09:30	and
0:09:31	in this C use cryptographic primitives so a but each a is much higher there two
0:09:36	to two we dishonest majority
0:09:38	then we don't as much
0:09:40	okay
0:09:41	so that i was that's are uh
0:09:44	security more the let's look at some of the techniques that we have
0:09:49	so
0:09:50	i assume that you're of for that with the concept of a an encryption
0:09:54	so a public encryption the is a system or where you have a public in a secret key you have
0:09:58	an encryption function
0:09:59	that takes uh message put into a separate text
0:10:01	and are the caption function that with that of the secret key can retrieve the message from the group is
0:10:06	used
0:10:07	and what you want this for the encryption to be meaningful look at you want the the decryption to be
0:10:11	correct so if you in something a decree the you get the same
0:10:14	and also you want been think we should but
0:10:16	basically this is that this is a we are
0:10:20	this is a version that feeding one line but but signal them saying is that even if you a link
0:10:24	point beat i do zero one
0:10:26	that was say shouldn't be able to tell you
0:10:28	a if and you these encryption of a beat that is you one one give it to that at and
0:10:32	just the a you what is this
0:10:33	well that was they shouldn't be able to get we'd much more than one out probability
0:10:37	so is best are those used to guess
0:10:39	so that's what we want from secure
0:10:41	but now want to compute on the data right
0:10:43	so that would like to have
0:10:45	some kind of uh uh we to compute on the data
0:10:48	so
0:10:49	that's homomorphic norfolk encryption so if you start from two cipher text
0:10:52	C one and C two C one is an encryption of fixed one in C two is of is two
0:10:56	you would like to have some way of computing on the data
0:11:00	you can have an addition you could you but what might want to on addition so you take that use
0:11:04	cipher for text
0:11:05	you combine them together in some way
0:11:07	and then you get then you separate text and now you want then use i've text two
0:11:11	to be an encryption of the sum
0:11:13	of the original plain text
0:11:15	and this is important and that this these addition function is not using the secret key
0:11:18	is not the creating summing and encrypting again
0:11:21	the addition function is combining the cipher text in the group that the domain
0:11:24	to get the
0:11:26	to get an use separate text that in the that this um
0:11:29	in the where you can define a
0:11:31	a multiplication requirement okay
0:11:34	so
0:11:34	is there anything like that can can something like do exist yeah actually
0:11:38	even the
0:11:40	we'll build the gum scheme is uh the more we could expect a multiplication
0:11:45	and if you want to T scheme uh you have a scheme we have a have a scheme
0:11:49	it too
0:11:49	uh more time to get to be but we have also them
0:11:52	and more recently a people that that uh this covering some creep the system that are
0:11:57	additionally digitally on a of peak then you can do one would be vacation
0:12:00	so that light to compute a bit more
0:12:03	you and could the system is based on padding so G is that be with the lot is
0:12:07	and now a couple of years ago a this uh you to break through that is they put "'em" more
0:12:10	peak encryption scheme by gender
0:12:13	the a bit would think allows use compute on uh everything
0:12:17	so
0:12:17	for what we can keep she's beautiful it allows you compute everything every function on your
0:12:22	on your input i single encryption decryption of those some that and then you can some the data are more
0:12:26	divided it you can be any function
0:12:28	and the we and this was the map it was good that it seem to be uh absolutely impractical but
0:12:34	at or that
0:12:35	i don't think at nine but the this uh
0:12:38	ragged get the for the put a pick encryption is based on lattices is is
0:12:41	so i that this is just a a real the points
0:12:43	is a S is that discrete creates group of a a vector space
0:12:48	uh and you can have a basis of these the of this space so we can have this model on
0:12:52	of these long one
0:12:53	and the might one is a good one because it allows you to compute the all the points we a
0:12:57	big one it's either they're to to to solve some problem
0:13:00	so one of the problem that is at to solve in uh in these this if you only about a
0:13:04	long base
0:13:05	is to find the "'cause" is that the problem so if i give it is red point
0:13:08	and ask you which point is close you are not able to do that
0:13:12	and you can make an encryption all of these so you take a lot this point X and you are
0:13:15	down or vector
0:13:16	E
0:13:17	and this is a good encryption if you have a secret key so if you have a good luck is
0:13:20	days you can
0:13:21	recover big big point and find their or
0:13:24	if you have a only the public you can not do that
0:13:27	and now you can in
0:13:28	in this error vector you can encode or beat so you can uh the find is that are back to
0:13:33	to be two times some
0:13:35	random random that and then you put the a bit in one of the position of the vector i
0:13:40	now if you have to back to of this power men some them together
0:13:43	well
0:13:43	that you at this point and you like this point
0:13:46	there are some to gather and also of this to be uh good pitching comes there and then basically you
0:13:50	have an addition model
0:13:52	so this system is the additive T or more
0:13:56	is a problem that that are blows so you can only do a limited amount of operation you can't keep
0:14:00	adding a a a uh for a
0:14:03	and and other thing to i'm is is that these vectors
0:14:06	and not only that those you know that this but you can also look at them as polynomials
0:14:09	well no male small or the
0:14:11	so
0:14:12	we just in on it
0:14:13	and then you seven a multiplication operation
0:14:15	that no less in the same way it gives you that if you multiply to to cipher text to get
0:14:20	uh uh and the recreational also in the in the thing thing
0:14:25	uh so as this though do that so we can only do a limited number of a patient
0:14:29	but for uh these gentry found is a great way of uh
0:14:34	using them a mapping properties
0:14:35	black too uh the query
0:14:38	a a for a text
0:14:39	in to the crypt of them are typically inside the cipher text
0:14:42	so we can the crypt the i a separate X to of the better and get that new cipher for
0:14:47	text
0:14:48	with uh with a smaller
0:14:50	and not gonna tell you more about these all good
0:14:52	uh
0:14:53	and then you have that the uh so last week at you okay of that all that that act that
0:14:56	this scheme is the implemented it
0:14:58	and it doesn't take as long as we would have like that so this is a a reasonable level of
0:15:02	security
0:15:03	and the can uh compute in a of degrees to hundred
0:15:06	and the every multiplication cost the zero point one second
0:15:09	is not as bad as we thought
0:15:11	a of that these if you want to do the for them more pick one
0:15:14	then we takes much more and then every multiplication takes three mean used to do
0:15:19	uh is that is an you technology but it's
0:15:22	it's that and uh someone is actually by think of the for that so
0:15:25	the
0:15:26	following
0:15:27	but i think i want to talk about this to but the computation
0:15:30	uh so the more uh a stand up about
0:15:33	and i'm looking at a job at P with active the corruption
0:15:37	we that one of the parties crap
0:15:39	so the first but because solution was from two years ago and they could evaluate that the gets a segment
0:15:43	in a recent work of me with some of my quarters
0:15:46	we but that to twenty thousand gates a second
0:15:48	but it doesn't gets the second is uh a more try
0:15:53	so i'll do we do these uh
0:15:55	very briefly it's an T base probable
0:15:57	and the a be this task but then each have believed to be really expensive because they quite public key
0:16:02	technology
0:16:03	uh uh C a target piece fast because it only uses a symmetric
0:16:08	but as you know the results are or something "'cause" i bit encryption right if you want to send a
0:16:12	a a a when you open a necessary connection what to do is that you send
0:16:15	and he S it key using a say because i say is bad and then uh a S is good
0:16:20	in the same way we can do the same with the or be that's that
0:16:22	so we can do a a a a a little bit of real a to has but using public key
0:16:26	cryptography
0:16:27	and then you can extend them using only the symmetric key operation
0:16:32	and that for all based on but a cheap because they only basically only but asymptotically they only require
0:16:37	a symmetric uh cryptography
0:16:38	and that's very P
0:16:40	so and a bin is task good an object of this way a where you have a
0:16:43	uh a a the which two messages is the time one
0:16:46	and i with the receiver that to this uh think matt and that's and signal
0:16:50	well that's and than anything about sigma and that is that's and and other message
0:16:54	this is the same as a very small computation so on a that's is actually a a a uh one
0:16:58	bit computation
0:17:00	and if and combine them get together to get a big computation
0:17:04	we need in these the work was to find a way to uh preserve the security also when
0:17:09	uh uh the the the these crap that but i'm not gonna do anything about that
0:17:13	because is looking about of me so really gonna you about the uh uh i one good i wanna leave
0:17:18	space for question
0:17:19	so
0:17:19	the message of these is the following techniques for a P C are getting faster and faster genetic techniques for
0:17:24	N P C
0:17:25	so don't be afraid of using a a you know of writing your
0:17:28	uh signal processing out if you know
0:17:30	uh as a sec with because we can compute a circuits it's fast and fast
0:17:35	so twenty thousand that will and gates per second the that we can do now maybe few years we will
0:17:39	be able to emulate late that one mhz secure process
0:17:43	a it's going fast
0:17:45	and the maybe to was uh to the for a signal processing but then that's what one of the challenge
0:17:50	i think is the most interesting for a processing is that
0:17:53	uh in cryptography we want everybody to be every bit to be protected because we can about the privacy of
0:17:57	every bit
0:17:57	but a signal processing have a lot of data maybe not that of this need to be protected uh
0:18:03	the same way
0:18:04	and that a it could be interesting to find some reasonable security to model
0:18:08	two
0:18:08	to actually model this fact that the you know not all of the signal should be protecting the same way
0:18:13	steve we can F's
0:18:14	some reasonable sick using the finish on
0:18:16	to capture this problem
0:18:17	thank you to much
0:18:24	time for a couple of questions
0:18:27	yes
0:18:37	thank very much for this very nice
0:18:39	station
0:18:40	fast
0:18:41	i i have a small question about your lost more
0:18:44	really
0:18:45	um we we are dealing with
0:18:47	know
0:18:47	is
0:18:48	but
0:18:49	so many of
0:18:49	like
0:18:50	like it
0:18:51	so yeah image
0:18:52	you that that maybe not every bit is
0:18:54	really important
0:18:56	so for example if we want to in the this system using a i
0:18:59	crypto the system
0:19:00	we always use at thousand bits
0:19:04	key
0:19:05	so do you think that maybe if we use a hundreds
0:19:07	it's
0:19:08	a
0:19:09	but you okay
0:19:10	or or how can be apply
0:19:13	so
0:19:13	it's not so for us
0:19:15	to i will eat the security because we are application orient people what your a over
0:19:19	so what you thing about that
0:19:21	so actually
0:19:23	is is a is gonna be some worse because as you you can not use the so
0:19:28	when it would but you can do multiplication in with a lot of bits five you have you have this
0:19:31	big secure the model and that this be one thousand bits
0:19:35	they you can pack all them information inside the
0:19:37	in on seven X and then you can do operation would big the
0:19:42	a not of the at the same time
0:19:43	uh used so you only care about on the be so you make the keys is smaller of course you
0:19:47	can do that because of of i think is not secure anymore
0:19:49	right
0:19:50	so
0:19:52	the problem and that is that and that's not gonna be a to uh uh with when the time goes
0:19:56	because in ten years from now you still gonna be looking at maybe image job you know maybe is they
0:20:00	want to the computation on
0:20:01	thirty it's
0:20:02	but in ten is from now but a keys should be eight thousand bits
0:20:06	so this your security requirements is going well the computation is not going so yeah
0:20:11	the the fact the now we can pick other information in yeah and that's meaningful
0:20:14	it's kind of an not the fact that of the the the the the fact that you know right now
0:20:17	it's more or less the same
0:20:19	but it's uh but is not gonna scowl we well in the future
0:20:22	so mm
0:20:24	so think that actually
0:20:26	you know a just where
0:20:27	this security to by means there and the we should be couple of the security by me that
0:20:31	and the computation so from once in from one hand you have the the size of a computation maybe be
0:20:36	to to it is enough
0:20:37	from the other hand of the C parameter is going uh
0:20:40	uh fast
0:20:41	that you think should be the couple and that's i think but
0:20:43	uh
0:20:45	are other process at doing not not only
0:20:50	yeah
0:20:54	we'll to but that's
0:20:56	you can explain as in layman's terms what the gender group she
0:20:59	does how why does it
0:21:01	so i to me
0:21:03	the problem was a talking about it's of a is a but up is a V and then to be
0:21:07	from this you have to a choose lies that i was i but from them
0:21:11	so i should
0:21:11	thank that
0:21:12	uh uh this paper is spend so it's a score the implementing gentry E the system and it's a a
0:21:18	you you can understand that
0:21:20	i think a it's a is not too hard
0:21:22	so i well it's a problem of fig
0:21:25	at the P Z the
0:21:28	so it's a it's basically doing
0:21:30	uh multiplication polynomials
0:21:32	well i that's a key or that some of the study
0:21:34	uh and then you have to understand that this what action back i think the signal processing community
0:21:39	uh understands
0:21:40	but and the sense that this is but then
0:21:42	many other the committees is because you use and lot is this and the coding data
0:21:47	some because of that the problem is not
0:21:49	two five i i way from you know the coding problem
0:21:52	so
0:21:53	i would recommend it to me that paper
0:21:56	very quick question
0:22:01	high uh just reminding in the first question usually in signal processing we are basically doing operation on
0:22:09	samples that's
0:22:10	can be let's say and can you on eight bits
0:22:13	yeah excel is and kind in a bit
0:22:16	that's it's using you new
0:22:18	crypt the system how many be i need to presents that simple now
0:22:22	so uh
0:22:24	in a in just to map in in in my work
0:22:27	you know not for my work uh basically have a bit that's an expansion factor of
0:22:31	uh
0:22:32	well and bits that's say like that
0:22:33	so uh the security is uh
0:22:35	i every a bit for able to so the was are
0:22:41	so i of it is presented as one bit
0:22:44	and then we have a make an information to mac
0:22:46	so i from a synthetic make uh
0:22:48	if T be it's one and that twenty bits
0:22:50	so that an expansion factor that is not the lot about i the will this uh problem of X a
0:22:55	uh the
0:22:56	well
0:22:57	we can take it is applying but the it's it's even big
0:23:00	it's in but then than this but yeah you have a the the the the that
0:23:03	but
0:23:04	yeah that's a C at beats wonder bit
0:23:07	but that's is that the minimum the security uh use the one beats become one hundred bits yeah such set
0:23:11	and that yeah that's a huge overhead for us are there any can of
0:23:16	research in trying to regroup
0:23:18	for as
0:23:19	it would be re groping samples together a but being able to do operation on
0:23:24	parts of the be uh on segments of the beats
0:23:27	with is in the encrypted so you can do that that really it is not this work is another piece
0:23:31	of work well i do i have the computation
0:23:33	well i have the mac and where i uh okay we'd numbers model not be well the number so maybe
0:23:38	arithmetic computation of but number of one hundred twenty bits it's for the sense and the mac is the same
0:23:43	size in that case have an a of factor of two
0:23:45	i guess but uh the and uh uh then you need to use a if we can keep some basic
0:23:49	you but it too
0:23:51	yeah we've think it up right
0:23:54	alright
0:23:55	thank you

IS MULTIPARTY COMPUTATION ANY GOOD IN PRACTICE?

Secure Signal Processing

Přednášející: Claudio Orland, Autoři: Claudio Orlandi, Aarhus University, Denmark