It’s mathe-magics!

State-of-Art encryption techniques now allow for processing calculations over sensitive data without ever accessing nor exposing the data in clear text.

More on Cosmian Github

Access control:
CoverCrypt

Searchable Encryption: Findex

Secure Enclave

Fully Homomorphic Encryption

Providing Calculation Results over Private Data

Calculations on
Graph-Structured Data

Access Control: CoverCrypt

In key-policy Attributes-Based Encryption, an access policy is encoded into the user’s secret key and ciphertexts are associated with a set of attributes. In ciphertext policy ABE, the secret key is associated with a set of attributes, and the access policy is encoded in the ciphertext.~~

RESOURCE

To implement the CoverCrypt algorithm: check out Cosmian GitHub repository here for more information.

Our approach

Our team has developed a more efficient multi-user encryption solution, named CoverCrypt. CoverCrypt provides access rights to users with respect to an access policy expressed as the union of users’ rights.

This construction is inspired by the Subset Cover framework proposed by D. Naor, M. Naor, and J. Lotspiech, which enables to broadcast of encrypted information to a group of users that dynamically evolves.

CoverCrypt has the same functionalities of key-policy Attribute-Based Encryption but with a simpler approach and a more efficient performance.

Searchable Encryption: Findex

Usually, it is not sufficient to encrypt a large database and outsource it to the cloud. As the encrypted data looks like completely random, it is for example, impossible to distinguish the documents related to the project you are working on from the others in the entire database. Even if you remember the last (encrypted) files you pushed, you do not know the added files by your colleagues.

RESOURCE
Find more details in our technical documentation here.

ACADEMIC PAPERS

Read a critically acclaimed thesis, which won the GDR security prize in 2019, about Searchable Encryption here.

More academic papers on that topic: 

Our approach

Searchable Encryption is a cryptographic protocol designed to securely make search queries on an untrusted cloud server. With encrypted indexes, large databases can securely be outsourced without compromising usability. After a search request, the cloud server can answer the list of all the entries matching the requested keyword without knowing either the keyword or the entries as everything is encrypted.

To provide our own version of this protocol, our team of researchers and cryptogrpahers at Cosmian have developed Findex.

Findex is a Searchable Encryption library that allows the building of encrypted indexes that can be efficiently searched using encrypted queries and responses.

Secure Enclave

Intel® Software Guard eXtensions (SGX) offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels.

RESOURCE

More information on Intel® SGX & Gramine SGX

Our approach

At Cosmian, we rely on Intel® SGX and Gramine-SGX, a lightweight guest OS designed to run a single Linux application with minimal host requirements. It is the foundation of Microservice Encryption which allows our users to expose a Python confidential web microservice in the cloud.

Computations over encrypted data using FHE

Fully Homomorphic Encryption is a form of encryption that allows performing or delegating any kind of computations on ciphertexts without having access to the underlying source data.

The results of these computations are also encrypted and only a user knowing the secret key is able to decrypt the result of the computation.

Our approach

A Heatmap is a graphical representation of the distribution of points. It is very useful to represent habits, buying or energy consumption for example. With the collaboration of researchers at Leuven, we have proposed two methods for fast computation of Heatmaps over encrypted data using fully homomorphic encryption.

RESOURCE & ACADEMIC PAPERS

The source code is public and can be found here.

The two methods have been described in the paper Homomorphically counting elements with the same property, published at PoPets in July 2022,

We are also interested in providing proof of correct homomorphic computations in interactive protocols between two users by reducing the amount of communication between the two parties compared to existing solutions. Such work finds applications to prove correct FHE computations in the context of private information retrieval or private set intersection computation with the help of homomorphic encryption

ACADEMIC PAPERS

The result of some of the team’s work on this topic can be find in the research paper MyOPE: Malicious securitY for Oblivious Polynomial Evaluation, (by Malika Izabachène, Anca Nitulescu, Paola de Perthuis and David Pointcheval), which was published and presented at SCN in September 2022. Read the full version here.

Computations over encrypted data : Providing Calculation Results over Private Data

Enabling someone to compute calculation results over private data is necessary in many data analysis use-cases where it is sensitive and not owned by the analyser.
Functional Encryption provides primitives to disclose the result of a computation on private and encrypted data without the input data itself, and can be made non-interactive (which is not the case in Multi-Party Computation constructions), and restricted to jointly established functions (for example, a summation), to prevent the use of undesirable calculations.

Our approach

One of our cryptographer worked on a research paper which gives an interesting tool for many contexts in similarity or diagnoses calculations with private data from two independent parties, in the line of functional encryption.

More specifically, in graphs of banking transactions between private accounts spread across several banks, similarity measures between private graph nodes belonging to separate financial entities can help in the detection of money-laundering networks relying on banks not sharing their pattern observations, while keeping exclusive information encrypted so that it is never disclosed. (1)

ACADEMIC PAPERS

(1) Read more information on the research paper here.

Two-Client Inner-Product Functional Encryption, with an Application to Money-Laundering Detection“, (by Paola de Perthuis and David Pointcheval) published at CCS in November 2022.

We also wrote an implementation of Decentralized Multi-Client Functional Encryption (DMCFE) for inner-products; in this case, in an other fashion as in [PP22], the data is decentralized and there are no diagonal quadratic terms in the function, but only inner-products between the vector of the decryption key and the encrypted data. One typical application would be for an entity to collect the sum of users’ private data, for instance for mean calculations.

RESOURCE

(2) Find more details on our implementation proposition in our GitHub here.

Computations over encrypted data : Calculations
on Graph-Structured Data

New database formats to draw a synthetic overview of data with many internal links have been increasingly using graph structures, which come up as a natural description tool (an example of this would be the widespread use of Neo4j). In particular, they are helpful in machine-learning contexts, when one uses this format to model the general behavior of complex systems in a succinct way. With current incentives to preserve data privacy even when it is large, uses up a lot of memory, and when calculations need to be performed on it, cryptographic solutions should be applied to this data structure, making use of its particularities to improve the efficiency of generic solutions.

Graphs are structures represented as nodes linked with oriented or non-oriented (weighted) edges. Nodes can hold individual values and characteristics to describe them (such as labels, vectors of values).

Our approach

Our team has work on The CRYPTO4GRAPH-AI ANR project, in collaboration with the INRIA, Eccenca, and the Fraunhofer FIT. It aims at developing cryptographic solutions for graph-structures data. One of the first results for this project is in functional encryption (see the corresponding section for more information), with [PP22], which has noticeable applications in graphs of bank accounts and their transactions.

RESOURCE

Download this file to read the full version of the paper. 

Academic Community

Partnering with world-renowned cryptographic academic teams to release game-changing products.

Academic Community

We partner with world-renowned cryptographic academic teams

Latest News

Our latest news, updates, topics of interest, food for thoughts.

Cosmian makes no tracking for advertising and does not collect any personal data. Cookies are used for statistical or operational purposes, as well as for analysis, allowing for continuous improvement of the website. Cosmian uses the Matomo Analytics tool, an audience measurement solution that uses cookies with a configuration that complies with the data protection legislation and the recommendations of the CNIL (Commission Nationale de l'Informatique et des Libertés). This configuration allows to anonymise visitor's data and to limit the storage period of this data to a maximum of 13 months. With this configuration, the prior consent to the deposit of Matomo Analytics cookies is not required. However, you can still choose not to allow these cookies (by clicking here ) or at any time by consulting our Privacy Policy.

For more information please consult our Privacy Policy