Scroll Top

Applied Cryptography

Applied cryptography is huge area of research that approaches cryptography from an engineering perspective. The following are the topics we have been working on more recently.

Proxy Re-Encryption

Proxy Re-Encryption (PRE) is a special type of public key encryption cryptosystem that allows a third party, the proxy, to transform a given ciphertext so that it can be decrypted with a different private key than the initially intended. This extra functionality opens the door to many new applications.

One particular application of PRE is secure access delegation, where the proxy can grant access to encrypted data without being able to access it [1]. In particular, we have developed two Proof-of-Concept implementations for Identity Management as a service using SAML [2] and OpenID [3], where the identity provider holds encrypted identity attributes and re-encrypt them to the corresponding services providers without being able to access them in any moment. In the same line, we proposed to integrate proxy re-encryption into big data infrastructures [4] to simplify key management. Based on this work, we started working with ZeroDB Inc. on the implementation of this concept (Crypto@ZeroDB). As part of this collaboration, we jointly produced three patents that were granted in 2020 for the resulting technology: US10581603B2US20170323114A1 and US10574440B2. Another application we have worked on is escrowed decryption. In [5] we proposed the use of a committe of custodians that are able to compute re-encryption key to inspect data under investigation when requested by law.

Research lines

During our research we noticed although PRE is inherently more complex than regular Public Key Encryption (PKE), attack models for PRE have not been developed further than those inherited from PKE. In [6] we address this gap and define a parametric family of attack models for PRE, based on the availability of both the decryption and re-encryption oracles during the security game. This family enables the definition of fine-grained security notions for PRE, ranging from “plain” IND-CPA to “full” IND-CCA. In relation to this analysis, in [1] we propose an extension of the Fujisaki-Okamoto transformation for PRE, which achieves a weak form of CCA-security in the random oracle model, and we describe the sufficient conditions for applying it. In [7], we analyze how key compromise affects the protocol by Nguyen et al. presented at ESORICS 2016. We show how key compromise (or even compromise of encryption tokens) allows to break forward security and leads to key compromise impersonation attacks. In [8] paper we presented NTRUReEncrypt, a bidirectional and multihop proxy re-encryption scheme based on NTRU, a widely known lattice-based cryptosystem.

Multi party Computation

Multi party Computation (MPC) is family of protocols in cryptography that enable a group of distrustful parties to jointly perform computations on their private inputs while ensuring the privacy of the inputs and the correctness of the protocol.

In [9], we perform a Systematic Literature Review of Private Set Intersection (PSI), a particular MPC problem where the challenge is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. We also conduct a performance analysis of the reviewed schemes using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.

One area in which MPC is becoming more and more relevant is Blockchain, as MPC can enable confidential computation in an environment that is designed with transparency in mind. In [10] we extend Hyperledger Besu’s design for private transactions, offering better security properties and a finer grain customization. We cover two specific MPC applications, Private Set Intersection and Byzantine Fault-Tolerant Random Number Generation and propose a mechanism to run them using smart contract interfaces.

In [11] we propose a framework for cost-effective and publicly verifiable confidential computations in blockchain, by relying on MPC committees and Zero- Knowledge Proofs. Our framework supports arbitrary computations on confidential data enforced by Smart Contracts. Addition- ally, staking, incentives, and cheat identification are provided as solutions to enhance trust. We also provide a technical solution to embed Secure Multi-Party Computations within Smart Contracts by using the Promise programming pattern.

References

  1. David Nuñez and Isaac Agudo and Javier Lopez (2016): On the Application of Generic CCA-Secure Transformations to Proxy Re-Encryption. In: Security and Communication Networks, vol. 9, pp. 1769-1785, 2016, ISSN: 1939-0114.
  2. David Nuñez and Isaac Agudo (2014): BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service. In: International Journal of Information Security, vol. 13, pp. 199-215, 2014, ISSN: 1615-5262.
  3. David Nuñez and Isaac Agudo and Javier Lopez (2012): Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services. In: IEEE CloudCom 2012, pp. 241 – 248, IEEE Computer Society IEEE Computer Society, Taipei, Taiwan, 2012, ISSN: 978-1-4673-4509-5.
  4. David Nuñez and Isaac Agudo and Javier Lopez (2014): Delegated Access for Hadoop Clusters in the Cloud. In: IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2014), pp. 374-379, IEEE IEEE, Singapore, 2014, ISBN: 978-1-4799-4093-6.
  5. David Nuñez and Isaac Agudo and Javier Lopez (2019): Escrowed decryption protocols for lawful interception of encrypted data. In: IET Information Security, vol. 13, pp. 498 – 507, 2019, ISSN: 1751-8709.
  6. David Nuñez and Isaac Agudo and Javier Lopez (2015): A Parametric Family of Attack Models for Proxy Re-Encryption. In: 28th IEEE Computer Security Foundations Symposium, pp. 290-301, IEEE Computer Society IEEE Computer Society, Verona, Italy, 2015, ISSN: 1063-6900.
  7. David Nuñez and Isaac Agudo and Javier Lopez (2017): The fallout of key compromise in a proxy-mediated key agreement protocol. In: 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’17), pp. 453-472, Springer Springer, Philadelphia, USA, 2017, ISBN: 978-3-319-61176-1.
  8. (): . .
  9. Daniel Morales and Isaac Agudo and Javier Lopez (2023): Private set intersection: A systematic literature review. In: Computer Science Review, vol. 49, no. 100567, 2023, ISSN: 1574-0137.
  10. Daniel Morales and Isaac Agudo and Javier Lopez (2023): Integration of MPC into Besu through an extended private transaction model. In: IEEE International Conference on Metaverse Computing, Networking and Applications, pp. 266-273, IEEE Computer Society IEEE, Kyoto, Japan, 2023.
  11. Daniel Morales and Isaac Agudo and Javier Lopez (2024): Toward a Framework for Cost-Effective and Publicly Verifiable Confidential Computations in Blockchain. In: IEEE Communications Magazine, Forthcoming, ISSN: 1558-1896.