Cryptography allows you to guarantee the confidentiality of data in use as well as manage the access of encrypted data without having to choose between security and efficiency. On this page, you will find summaries of all topics covered by our cryptographic team including their contributions to public research.
More on Cosmian Github
Access Control: Covercrypt
In key-policy Attributes-Based Encryption, an access policy is encoded into the user’s secret key and ciphertexts are associated with a set of attributes. In ciphertext policy ABE, the secret key is associated with a set of attributes, and the access policy is encoded in the ciphertext.~~
To implement the Covercrypt algorithm: check out Cosmian GitHub repository here for more information.
Our team has developed a more efficient multi-user encryption solution, named Covercrypt. Covercrypt provides access rights to users with respect to an access policy expressed as the union of users’ rights.
This construction is inspired by the Subset Cover framework proposed by D. Naor, M. Naor, and J. Lotspiech, which enables to broadcast of encrypted information to a group of users that dynamically evolves.
Covercrypt has the same functionalities of key-policy Attribute-Based Encryption but with a simpler approach and a more efficient performance.
Searchable Encryption: Findex
Usually, it is not sufficient to encrypt a large database and outsource it to the cloud. As the encrypted data looks like completely random, it is for example, impossible to distinguish the documents related to the project you are working on from the others in the entire database. Even if you remember the last (encrypted) files you pushed, you do not know the added files by your colleagues.
Read a critically acclaimed thesis, which won the GDR security prize in 2019, about Searchable Encryption here.
More academic papers on that topic:
Searchable Encryption is a cryptographic protocol designed to securely make search queries on an untrusted cloud server. With encrypted indexes, large databases can securely be outsourced without compromising usability. After a search request, the cloud server can answer the list of all the entries matching the requested keyword without knowing either the keyword or the entries as everything is encrypted.
To provide our own version of this protocol, our team of researchers and cryptogrpahers at Cosmian have developed Findex.
Findex is a Searchable Encryption library that allows the building of encrypted indexes that can be efficiently searched using encrypted queries and responses.
Intel® Software Guard eXtensions (SGX) offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels.
More information on Intel® SGX & Gramine SGX
At Cosmian, we rely on Intel® SGX and Gramine-SGX, a lightweight guest OS designed to run a single Linux application with minimal host requirements. It is the foundation of Microservice Encryption which allows our users to expose a Python confidential web microservice in the cloud.
Computations over encrypted data using FHE
Fully Homomorphic Encryption is a form of encryption that allows performing or delegating any kind of computations on ciphertexts without having access to the underlying source data.
The results of these computations are also encrypted and only a user knowing the secret key is able to decrypt the result of the computation.
A Heatmap is a graphical representation of the distribution of points. It is very useful to represent habits, buying or energy consumption for example. With the collaboration of researchers at Leuven, we have proposed two methods for fast computation of Heatmaps over encrypted data using fully homomorphic encryption.
RESOURCE & ACADEMIC PAPERS
The source code is public and can be found here.
The two methods have been described in the paper Homomorphically counting elements with the same property, published at PoPets in July 2022,
We are also interested in providing proof of correct homomorphic computations in interactive protocols between two users by reducing the amount of communication between the two parties compared to existing solutions. Such work finds applications to prove correct FHE computations in the context of private information retrieval or private set intersection computation with the help of homomorphic encryption
Computations over encrypted data : Providing Calculation Results over Private Data
Enabling someone to compute calculation results over private data is necessary in many data analysis use-cases where it is sensitive and not owned by the analyser.
Functional Encryption provides primitives to disclose the result of a computation on private and encrypted data without the input data itself, and can be made non-interactive (which is not the case in Multi-Party Computation constructions), and restricted to jointly established functions (for example, a summation), to prevent the use of undesirable calculations.
One of our cryptographer worked on a research paper which gives an interesting tool for many contexts in similarity or diagnoses calculations with private data from two independent parties, in the line of functional encryption.
More specifically, in graphs of banking transactions between private accounts spread across several banks, similarity measures between private graph nodes belonging to separate financial entities can help in the detection of money-laundering networks relying on banks not sharing their pattern observations, while keeping exclusive information encrypted so that it is never disclosed. (1)
(1) Read more information on the research paper here.
“Two-Client Inner-Product Functional Encryption, with an Application to Money-Laundering Detection“, (by Paola de Perthuis and David Pointcheval) published at CCS in November 2022.
We also wrote an implementation of Decentralized Multi-Client Functional Encryption (DMCFE) for inner-products; in this case, in an other fashion as in [PP22], the data is decentralized and there are no diagonal quadratic terms in the function, but only inner-products between the vector of the decryption key and the encrypted data. One typical application would be for an entity to collect the sum of users’ private data, for instance for mean calculations.
(2) Find more details on our implementation proposition in our GitHub here.
Computations over encrypted data : Calculations
on Graph-Structured Data
New database formats to draw a synthetic overview of data with many internal links have been increasingly using graph structures, which come up as a natural description tool (an example of this would be the widespread use of Neo4j). In particular, they are helpful in machine-learning contexts, when one uses this format to model the general behavior of complex systems in a succinct way. With current incentives to preserve data privacy even when it is large, uses up a lot of memory, and when calculations need to be performed on it, cryptographic solutions should be applied to this data structure, making use of its particularities to improve the efficiency of generic solutions.
Graphs are structures represented as nodes linked with oriented or non-oriented (weighted) edges. Nodes can hold individual values and characteristics to describe them (such as labels, vectors of values).
Our team has work on The CRYPTO4GRAPH-AI ANR project, in collaboration with the INRIA, Eccenca, and the Fraunhofer FIT. It aims at developing cryptographic solutions for graph-structures data. One of the first results for this project is in functional encryption (see the corresponding section for more information), with [PP22], which has noticeable applications in graphs of bank accounts and their transactions.
Download this file to read the full version of the paper.
Partnering with world-renowned cryptographic academic teams to release game-changing products.
Why Ubiquitous Encryption is key to cloud security.
Blog / SecurityWhy Ubiquitous Encryption is key to cloud security.ShareCosmian • March 28, 2023Table of ContentsTopCloud Act: a sword of Damocles hanging over data confidentiality.Tools adapted to modern...
At SCN 2022, Paola de Perthuis, Cryptographer at Cosm …
Blog / CryptographyAt SCN 2022, Paola de Perthuis, Cryptographer at Cosmian, will present her joint work paper on MyOPE - Malicious security for Oblivious Polynomial EvaluationShareCosmian • Sep 13,...
Deeptech Cosmian raises €4.2m to accelerate the dep …
This financing, mainly operated by La Banque Postale - via its new 115K innovation fund - and Elaia Partners, historical investor, will allow the French encryption specialist to accelerate the distribution of its first products and continue to innovate. Its ambition...