Technology
We believe in security models backed
by mathematics
Here below is the scope of modern cryptographic academic fields we dive into and contribute to.
Access Control
In key-policy Attributes-Based Encryption, an access policy is encoded into the user’s secret key and ciphertexts are associated with a set of attributes. In ciphertext policy ABE, the secret key is associated with a set of attributes, and the access policy is encoded in the ciphertext.~~
To implement the Covercrypt algorithm: check out Cosmian GitHub repository here for ore information.
Our approach
Our team has developed a more efficient multi-user encryption solution, named Covercrypt. Covercrypt provides access rights to users with respect to an access policy expressed as the union of users’ rights.
This construction is inspired by the Subset Cover framework proposed by D. Naor, M. Naor, and J. Lotspiech, which enables to broadcast of encrypted information to a group of users that dynamically evolves.
Covercrypt has the same functionalities of key-policy Attribute-Based Encryption but with a simpler approach and a more efficient performance.
Searchable Encryption
Usually, it is not sufficient to encrypt a large database and outsource it to the cloud. As the encrypted data looks like completely random, it is for example, impossible to distinguish the documents related to the project you are working on from the others in the entire database. Even if you remember the last (encrypted) files you pushed, you do not know the added files by your colleagues.
Find more details in our technical documentation
Our approach
Our team has developed a more efficient multi-user encryption solution, named Covercrypt. Covercrypt provides access rights to users with respect to an access policy expressed as the union of users’ rights.
This construction is inspired by the Subset Cover framework proposed by D. Naor, M. Naor, and J. Lotspiech, which enables to broadcast of encrypted information to a group of users that dynamically evolves.
Covercrypt has the same functionalities of key-policy Attribute-Based Encryption but with a simpler approach and a more efficient performance.
Academic papers
Read a critically acclaimed thesis, which won the GDR security prize in 2019, about Searchable Encryption.
More academics papers on that topic:
Search algorithms for encrypted data – thesis by Raphael Bost
Secure Enclave
Intel® Software Guard eXtensions (SGX) offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels.
More information on Intel® SGX & Gramine SGX
Our approach
At Cosmian, we rely on Intel® SGX and Gramine-SGX, a lightweight guest OS designed to run a single Linux application with minimal host requirements. It is the foundation of Microservice Encryption which allows our users to expose a Python confidential web microservice in the cloud.
Computations over encrypted data using Fully Homomorphic Encryption
The results of these computations are also encrypted and only a user knowing the secret key is able to decrypt the result of the computation.
Our approach
A Heatmap is a graphical representation of the distribution of points. It is very useful to represent habits, buying or energy consumption for example.
With the collaboration of researchers at Leuven, we have proposed two methods for fast computation of Heatmaps over encrypted data using fully homomorphic encryption.
We are also interested in providing proof of correct homomorphic computations in interactive protocols between two users by reducing the amount of communication between the two parties compared to existing solutions. Such work finds applications to prove correct FHE computations in the context of private information retrieval or private set intersection computation with the help of homomorphic encryption.
Academic papers
The result of some of the team’s work on this topic can be find in the research paper MyOPE: Malicious securitY for Oblivious Polynomial Evaluation, (by Malika Izabachène, Anca Nitulescu, Paola de Perthuis and David Pointcheval), which was published and presented at SCN in September 2022.
Read the full version here.
Resources
The source code is public and can be found here
The two methods have been described in the paper Homomorphically counting elements with the same property, published at PoPets in July 2022,
Got a few minutes to spare?
Computations over encrypted data : Providing Calculation Results over Private Data
Enabling someone to compute calculation results over private data is necessary in many data analysis use-cases where it is sensitive and not owned by the analyser.
Functional Encryption provides primitives to disclose the result of a computation on private and encrypted data without the input data itself, and can be made non-interactive (which is not the case in Multi-Party Computation constructions), and restricted to jointly established functions (for example, a summation), to prevent the use of undesirable calculations.
Our approach
One of our cryptographer worked on a research paper which gives an interesting tool for many contexts in similarity or diagnoses calculations with private data from two independent parties, in the line of functional encryption.
More specifically, in graphs of banking transactions between private accounts spread across several banks, similarity measures between private graph nodes belonging to separate financial entities can help in the detection of money-laundering networks relying on banks not sharing their pattern observations, while keeping exclusive information encrypted so that it is never disclosed. (1)
We also wrote an implementation of Decentralized Multi-Client Functional Encryption (DMCFE) for inner-products; in this case, in an other fashion as in [PP22], the data is decentralized and there are no diagonal quadratic terms in the function, but only inner-products between the vector of the decryption key and the encrypted data.
One typical application would be for an entity to collect the sum of users’ private data, for instance for mean calculations.
Academic papers
Read more information on the research paper “Two-Client Inner-Product Functional Encryption, with an Application to Money-Laundering Detection“, (by Paola de Perthuis and David Pointcheval) published at CCS in November 2022.
Resources
Find more details on our implementation proposition in our GitHub.
Computations over encrypted data : Calculations on Graph-Structured Data
Graphs are structures represented as nodes linked with oriented or non-oriented (weighted) edges. Nodes can hold individual values and characteristics to describe them (such as labels, vectors of values).
Our approach
Our team has work on The CRYPTO4GRAPH-AI ANR project, in collaboration with the INRIA, Eccenca, and the Fraunhofer FIT. It aims at developing cryptographic solutions for graph-structures data.
One of the first results for this project is in functional encryption (see the corresponding section for more information), with [PP22], which has noticeable applications in graphs of bank accounts and their transactions.
Academic papers
Read the full version of the paper “Two-Client Inner-Product Functional Encryption, with an Application to Money-Laundering Detection”.
We’re constantly in search of world-class partners
Whether with expertise in advanced cryptography, GenAI or Confidential Computing, consider a partnership with Cosmian. Together, we can create a more secure environment for users worldwide.
ACADEMIC
Client-side Encryption
We start with a high-performance, client-side encryption library with post-quantum resistance and access control.
Key Management System (KMS)
A cloud-based Key Management Service for your encryption keys and certificates remains accessible to you alone.
Searchable Encryption
Need to find files with full confidentiality? Our encrypted index allows you to search your information and keeps all queries and results readable for your eyes only.
Verifiable Confidential Virtual Machine (VM)
We reinforce your data protection with a verifiability agent that verifies the integrity of each data environment.
Confidential AI
We protect your data while fine-tuning your GenAI model, ensuring the security of your data while unlocking a wide range of possibilities.
Secure Enclave
Intel® Software Guard eXtensions (SGX) offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX ..
— There are no limits
Find us on
the Marketplaces
Regain control now on your data and applications in the cloud, subscribe to our cloud marketplaces offering on AWS, Azure and Google Cloud.
