Many variants of computational privacy problems are being formalized cryptographically and solutions are being proposed. Success has been achieved in various degrees in many of them. We give a whirlwind tour of those techniques here. 1 and discuss the challenges associated with each of these for adopting to Cloud Computing. A. ully !omomorphic "ncryption #!"$ %n addition to the &eygen' "ncrypt' (ecrypt methods of )ublic &ey "ncryption #)&"$ schemes' these schemes provide an additional algorithm "valuate. Such algorithm allows com*putations over encrypted data' based on mathematical property called homomorphism that performs basic operations li+e ad*dition and multiplication on cipher te,t. -ecent brea+throughs in !" ./0 has got them wide attention and they are often thought to be cryptographic holy grail. 1hey are currently highly inefficient and not practical .20. 3sing these schemes' in any of the Cloud deployment methods' a client encrypts the data using the )ublic &ey and outsources it to a Cloud server for any computations. 1he server would perform computations over the encrypted data using the "valuate method and the )ublic &ey and returns the results in encrypted form. 1he client then decrypts the results locally using )rivate &ey. !" schemes are two party #one client and server$ model. 4iao et all proposed protocols for Multi 3ser systems .50' that are based on symmetric !omomorphic "ncryption scheme that could evaluate functions only on polynomials. 1heir protocols are tightly coupled with their scheme. Such limitation to two party model' ma+e them suitable for outsourcing intensive sci*entific computations but not for commercial Cloud applications yet. Similar concern was raised by (i6+' 7uels in their con*tradictory paper .10. 1hey claim multi client applications would be impossible due to additional functionality needed li+e access control' re*encryption etc. We believe such additional functionality is purely application of !" 8 . 1hese schemes are safe only in semi*honest adversarial model where the Cloud service provider is assumed to be honest in performing the computations but are curious to get more information than they are ought to +now. 9ut in real world' we cannot assume any degree of honesty' some adversary compromising the Cloud platform itself might turn the provider malicious to corrupt the data and:or computations. or this reason ;erifiability of computation is very important' the current proposed techniques that suit in Cloud Computing setup are still nascent .<0 .=0. !" schemes are malleable > by design. or this reason' they would be prone to adaptive chosen cipher te,t #CCA8$ attac+' in which an attac+er gradually reveals the decryption +ey or plain te,t itself. 1his is also equivalent to' informally' an adversary being able to distinguish the cipher te,t based on the message they encrypt. %n practice' malleability is avoided using padding methods li+e ?A") or )&CS1 Also popular )&" schemes li+e -SA in their basic form are deterministic in nature. %t means encrypting the same message any number of times would yield same cipher te,t. 1his would lea+ information to an adversary if the data contains repeated patterns. %n practice' the encryption process is made proba*bilistic using padding methods. So the choice of )&" schemes underlying !" schemes should be inherently probabilistic in nature' else their ability to compute over encrypted data might be lost due to padding. @ittle is +nown yet on how !" schemes can ensure opera*tional privacy. So far only evaluation of encrypted polynomials is possible.A0. %f !" can guarantee operational privacy then it might contradict very important results on program obfuscation .1B0. ew researchers even proved that achieving multi user computational privacy implies program obfuscation .10. So it is open problem still if !" can guarantee generic operational privacy in Cloud setup. 9. Server aided Secure Multiparty Computation Secure Multiparty Computation #SMC$ solves the problem of evaluating a function 6ointly by multiple parties on their private inputs .110. %n their basic form these techniques have been developed for few distrustful parties to evaluate a com*mon function over their private inputs. 1hese protocols are highly interactive in nature. Also no assumptions are made on computational resources available with the parties. All the parties would carryout same amount of wor+ which is contrary to Cloud Computing setting. 1o adapt these techniques for an asymmetric setting li+e Cloud Computing where the server has massive amounts of computing power relative to the users' Server aided SMC techniques have been proposed .180 undamentally SMC has been proposed to carry out the computations among untrusted parties. Where as in Cloud Computing model trusted parties need to carry out computation in the presence of an untrusted server. "ven in a multiuser scenario' the user trusts #with various degrees$ rest of the users e,cept for the server. or e,ample' %f )atient !ealth -ecords processing is out sourced to a Cloud server' the patient would trust and share parts of the information with (octors' %nsurance Companies' (rug -esearchers etc with various degrees but may not trust the remote Cloud server itself where the processing is being carried out. SMC also does not ma+e any assumptions on computing resources available with participants. 9ut where as in Cloud Computing setup' server has massive computing power com*pared to the user. SMC are highly interactive protocols that e,pect the users to be always online' where as in Cloud model this e,pectation may not be reasonable. When 6ust two users are involved who donCt trust each other' these techniques can be adapted for few applications in Cloud setup. 9ut when the number of users grow in SMC the protocol interactions visually represent more of mesh but where as in Cloud Computing they represent a hub*spo+e model' the hub being the server. Also set of literature e,ists for achieving multi party com*putation using threshold homomorphic encryption .1>0' .1/0 and also multi*+ey homomorphic encryption .120. 1hese tech*niques require few of the users to collaborate interactively to decrypt the final result' which is not reasonable to assume especially in the Cloud Computing +ind of setup. So for the reasons stated above adapting SMC or its variants for Cloud Computing setup may not be of much help. Also there is literature around realizing SMC protocols using !". %t would be interesting though to see if !" can be realized using SMC. C. unctional "ncryption 1raditional encryption schemes are all*or*nothing meaning either the cipher te,t can be decrypted in its entirety or nothing can be done. 9ut often applications would need users to have access control over the data' that could reveal parts of the data based on predefined privileges. %nterestingly below are few schemes that allow to do same %dentity based encryption Attribute based encryption )redicate*based encryption %n all of the above techniques' the data owner encrypts the data using public +ey and also predefines granular access privileges for the rest of the users to access it. 3sers would then get secret +eys from a trusted +ey server and then decrypt parts of the encrypted data based on their assigned privileges. Such property is very important when different levels of access control needs to be enforced on the encrypted data. 9ut by design they do not provide ?utput )rivacy required in Cloud Computing set up. Deneralization of the above techniques has been formal*ized as unctional "ncryption.150. Such generalization is an important step towards a unified theory for computational privacy. %nterestingly its relations with !" has been studied .1<0 and connections have been established. 1his gives us a hope that unctional encryption can be further generalized with additional restrictions for output privacy. (. %nstance hiding #%!$ %f a user wants to outsource the computation of a function for a particular input , #instance$. She transforms the input , to an encrypted input y #thus hides it$ in such a way that the server cannot infer , from y and sends to the server. 1he server computes the function on y and returns the result. 1he user then transforms the result f#y$ bac+ to the value of f#,$. 1hese techniques are called %nstance !iding techniques .1=0 as they hide the actual inputs from the server. 1he functions that can be evaluated this way are called encryptable functions. ew protocols were also proposed to achieve operational privacy .1A0 using these techniques. )rima acie these techniques loo+ they can be adapted for Cloud setting. 9ut it has been proved that not all functions are encryptable' this means not many functions can be evaluated when the real input instances are hidden from the server. %f there arenCt many encryptable functions then the results loo+ contradicting with recent brea+throughs of !" schemes. !" schemes aim to perform generically all functions by computing fundamental operations li+e add' multi on trans*formed inputs. ?f course there is no formal analysis done on connections between both of them. ". Superimposing encrypted data Although not so popular' its been proposed that efficient encryption of data is possible using time*reversal transforma*tions .8B0. urther using this technique' the possibilities of processing over encrypted data has been e,plored using super imposing such encrypted data .810. %nterestingly these techniques are inspired from principles of )hysics. Euoting verbatim from their wor+ 1he fact that two cipherte,ts can be superimposed while each retains its original pattern is analogous to the superposition of waves Fot much analysis is available on these techniques. We admit our own limited +nowledge in this area to do thorough analysis. We mention this' so that the community may find it useful to +now an obscure technique. . !ardware approaches 1amper )roof !ardware approaches have been proposed to process encrypted data. %n short' the devices have the decryption +ey built in' all the inputs are fed to the device in encrypted form' the processing is done by decrypting them and the results are re*encrypted again. ew approaches proposed could achieve operational privacy by running en*crypted programs.880. ew techniques were even successful in evading few types of side channel attac+s.8>0 !ardwiring of the decryption +ey is ris+y proposition' compromise of the +ey through any side channel attac+s would render the device useless and compromised for ever. "ven if re+eying was possible' it would be costly affair. 1he success of Cloud Computing can be attributed to optimum utilization of underlying hardware resources using ;irtualization. Abstraction of a virtual machine gives the fle,ibility to run on programs on shared resources. So adopting techniques that require specialized hardware would lose such abstraction and fle,ibility. Also manufacturing specialized hardware' would shoot up the prices thus defeating the purpose of moving to Cloud. "ven if the additional cost is amortized over a period of time' its highly unreasonable to assume the users decryption +ey to be residing in the datacenter of Cloud server for which user has no control. D. Specialized ?perations a$ )ro,y re encryptionG techniques allows to translate a cipher te,t encrypted under one +ey to cipher te,t encrypted under another +ey without every decrypting it' provided some additional information .8/0' .820. 1hese techniques are used in distributed secure storage. b$ Searchable encryptionG techniques allows to perform search over encrypted data .850' .8<0. 1hese techniques have been improved and implemented in M%1Cs cryptdb pro6ect .8=0. c$ SE@*Aware encryptionG is a strategy rather than a technique in itself. %ts based on the fact that all SE@ Eueries are made up of well defined primitive operations li+e add' equality' order chec+ etc. So a collection of encryption schemes that allow these operations have been engineered into an -(9MS application. 1his made possible to e,ecute SE@*li+e queries on encrypted databases .8=0. 1hese specialized techniques cater to small subset of func*tionality that can achieved. inding connections and realiza*tions of these specific techniques with much more generic techniques li+e !" or " might give us insights into possible efficient solutions.