Blog / Engineering

Bye Bye pgp keys hello cryptocontext and pre shared secrets

5 min read

Share

Cosmian • Jul 08, 2022

Table of Contents

Top

All you need is a CryptoContext

Pre-Shared Secrets create a zero-trust service

Coming soon

Today, we’re launching a new feature. You can now create a new Secure Computation without installing anything but our Python client.

Why we removed PGP keys

In the previous version of Secure Computation, every participant had to generate a PGP key pair. Then, they could sign any operation with their public key: send encrypted code, encrypted data, or pull the encrypted result.

But generating a PGP key pair requires a third-party tool, like GPG, which creates a lot of friction. You must download, install, and then call it with Python’s subprocess. Pretty inconvenient, right? Since we want to make Secure Computation as easy as possible, we thought hard to find how to remove this step.

Screenshot of the previous version of Secure Computation documentation with PGP key

Our documentation explained how to generate PGP key pairs

All you need is a CryptoContext

Instead of PGP, you can now generate all your keys with Cosmian’s Python Client using our new function CryptoContext(). This function automatically creates:

  • an XSalsa20-Poly1305 symmetric key (used to encrypt your code, your data, or to decrypt your result)
  • an Ed25519 key pair (used to sign your operation with the enclave)

The code is available publicly on Github, but if you are uber paranoid, you can create the keys yourself.

Pre-Shared Secrets create a zero-trust service

We also used PGP to verify the participants’ identities without relying on Cosmian. Indeed, public servers like keys.openpgp.org let you confirm that you own an email address associated with a public key.

In this new version, we replaced this with Pre-Shared Secrets. A Secure Computation Pre-Shared Secret is a list of three words picked in the BIP39 wordlist and shared between the participants. Since this message does not go through Cosmian services, you can be sure that an attacker cannot impersonate a participant.

Please check our documentation if you want a more detailed overview of our protocol security. And if you need a quickstart example, we also got you covered!

Coming soon

What if you could run a Secure Computation without any client? Soon, you will be able to create a computation, encrypt your code and data, and decrypt your result straight from Cosmian Console.

Screenshot of Secure Computation next release

Preview of our next release

Mrs Paola de Perthuis is currently completing her PhD Thesis in Cryptography at Cosmian and Ecole Normale Supérieure (ENS Ulm).

To read the full academic paper: MyOPE: Malicious securitY for Oblivious Polynomial Evaluation https://eprint.iacr.org/2021/1291

SCN is the leading European conference on Security and Cryptography for Networks.

Next Posts

Cosmian parmi les 100 innovations qui changent tout.

Read Article

At SCN 2022, Paola de Perthuis, Cryptographer at Cosmian, will present her joint work paper on MyOPE – Malicious security for Oblivious Polynomial Evaluation

Read Article

Deeptech Cosmian raises €4.2m to accelerate the deployment of its privacy-by-default solutions using advanced cryptography.

Read Article

Ubiquitous Encryption is secure, with high performance. And yes, it’s open-source.

No More Excuses. Move to data/s.

Cosmian makes no tracking for advertising and does not collect any personal data. Cookies are used for statistical or operational purposes, as well as for analysis, allowing for continuous improvement of the website. Cosmian uses the Matomo Analytics tool, an audience measurement solution that uses cookies with a configuration that complies with the data protection legislation and the recommendations of the CNIL (Commission Nationale de l'Informatique et des Libertés). This configuration allows to anonymise visitor's data and to limit the storage period of this data to a maximum of 13 months. With this configuration, the prior consent to the deposit of Matomo Analytics cookies is not required. However, you can still choose not to allow these cookies (by clicking here ) or at any time by consulting our Privacy Policy.

For more information please consult our Privacy Policy