Encryption research: it's mathe-magics!
Cryptography allows you to guarantee the confidentiality of data in use as well as manage the access of encrypted data without having to choose between security and efficiency. On this page, you will find summaries of all topics covered by our cryptographic team including their contributions to public research.
More on Cosmian Github
Access Control: Covercrypt
In key-policy Attributes-Based Encryption, an access policy is encoded into the user’s secret key and ciphertexts are associated with a set of attributes. In ciphertext policy ABE, the secret key is associated with a set of attributes, and the access policy is encoded in the ciphertext.~~
Our team has developed a more efficient multi-user encryption solution, named Covercrypt. Covercrypt provides access rights to users with respect to an access policy expressed as the union of users’ rights.
This construction is inspired by the Subset Cover framework proposed by D. Naor, M. Naor, and J. Lotspiech, which enables to broadcast of encrypted information to a group of users that dynamically evolves.
Covercrypt has the same functionalities of key-policy Attribute-Based Encryption but with a simpler approach and a more efficient performance.
Searchable Encryption: Findex
Usually, it is not sufficient to encrypt a large database and outsource it to the cloud. As the encrypted data looks like completely random, it is for example, impossible to distinguish the documents related to the project you are working on from the others in the entire database. Even if you remember the last (encrypted) files you pushed, you do not know the added files by your colleagues.
Find more details in our technical documentation here.
To provide our own version of this protocol, our team of researchers and cryptogrpahers at Cosmian have developed Findex.
Findex is a Searchable Encryption library that allows the building of encrypted indexes that can be efficiently searched using encrypted queries and responses.
Intel® Software Guard eXtensions (SGX) offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels.
At Cosmian, we rely on Intel® SGX and Gramine-SGX, a lightweight guest OS designed to run a single Linux application with minimal host requirements. It is the foundation of Microservice Encryption which allows our users to expose a Python confidential web microservice in the cloud.
Computations over encrypted data using FHE
Fully Homomorphic Encryption is a form of encryption that allows performing or delegating any kind of computations on ciphertexts without having access to the underlying source data.
The results of these computations are also encrypted and only a user knowing the secret key is able to decrypt the result of the computation.
RESOURCE & ACADEMIC PAPERS
We are also interested in providing proof of correct homomorphic computations in interactive protocols between two users by reducing the amount of communication between the two parties compared to existing solutions. Such work finds applications to prove correct FHE computations in the context of private information retrieval or private set intersection computation with the help of homomorphic encryption
Computations over encrypted data : Providing Calculation Results over Private Data
Enabling someone to compute calculation results over private data is necessary in many data analysis use-cases where it is sensitive and not owned by the analyser.
Functional Encryption provides primitives to disclose the result of a computation on private and encrypted data without the input data itself, and can be made non-interactive (which is not the case in Multi-Party Computation constructions), and restricted to jointly established functions (for example, a summation), to prevent the use of undesirable calculations.
One of our cryptographer worked on a research paper which gives an interesting tool for many contexts in similarity or diagnoses calculations with private data from two independent parties, in the line of functional encryption.
More specifically, in graphs of banking transactions between private accounts spread across several banks, similarity measures between private graph nodes belonging to separate financial entities can help in the detection of money-laundering networks relying on banks not sharing their pattern observations, while keeping exclusive information encrypted so that it is never disclosed. (1)
(1) Read more information on the research paper here.
“Two-Client Inner-Product Functional Encryption, with an Application to Money-Laundering Detection“, (by Paola de Perthuis and David Pointcheval) published at CCS in November 2022.
We also wrote an implementation of Decentralized Multi-Client Functional Encryption (DMCFE) for inner-products; in this case, in an other fashion as in , the data is decentralized and there are no diagonal quadratic terms in the function, but only inner-products between the vector of the decryption key and the encrypted data. One typical application would be for an entity to collect the sum of users’ private data, for instance for mean calculations.
(2) Find more details on our implementation proposition in our GitHub here.
Computations over encrypted data : Calculations
on Graph-Structured Data
New database formats to draw a synthetic overview of data with many internal links have been increasingly using graph structures, which come up as a natural description tool (an example of this would be the widespread use of Neo4j). In particular, they are helpful in machine-learning contexts, when one uses this format to model the general behavior of complex systems in a succinct way. With current incentives to preserve data privacy even when it is large, uses up a lot of memory, and when calculations need to be performed on it, cryptographic solutions should be applied to this data structure, making use of its particularities to improve the efficiency of generic solutions.
Graphs are structures represented as nodes linked with oriented or non-oriented (weighted) edges. Nodes can hold individual values and characteristics to describe them (such as labels, vectors of values).
Our team has work on The CRYPTO4GRAPH-AI ANR project, in collaboration with the INRIA, Eccenca, and the Fraunhofer FIT. It aims at developing cryptographic solutions for graph-structures data. One of the first results for this project is in functional encryption (see the corresponding section for more information), with , which has noticeable applications in graphs of bank accounts and their transactions.
Download this file to read the full version of the paper.
Partnering with world-renowned cryptographic academic teams to release game-changing products.
Our latest news
Our latest news, updates, topics of interest, food for thoughts
The financial sector is increasingly embracing quantum computing for its transformative potential. This blog post will delve into how quantum computing is being leveraged in finance, how the U.S. is preparing for future quantum attacks, and how Cosmian is providing...
In today's digital age, the importance of data cannot be overstated. Everyone relies on vast databases, from scholars to businesses, to store, retrieve, and analyze information. With the rise of cloud services, big data has found a new home. However, with this...
The quantum wave is changing cybersecurity, bringing excitement and concern to cryptography. Business leaders prepare for a future where company and government data must be even more secure with Post-Quantum encryption. They visualize a digital realm of endless...