Rechercher des projets européens

Teaching Old Crypto New Tricks (TOCNeT)
Date du début: 1 avr. 2016, Date de fin: 31 mars 2021 PROJET  TERMINÉ 

The bulk of the research in modern cryptography goes into constructing new schemes for which stronger security guarantees can be proven. However, often it is not clear if simple existing schemes already provide the required security, and we just don’t know how to prove it. As these new schemes are usually less efficient, they are not being applied resulting in a large discrepancy between the security that applied schemes are supposed to provide and what is actually proven. This project aims at closing this gap in different contexts: we will revisit simple schemes (including widely deployed ones) using new tools, developed by us and others in the last years, towards proving much stronger security properties than what is currently known. Three research directions in which we have already made substantial progress and which we will further investigate are: Adaptive Security: Often we can prove a scheme secure against selective adversaries, while in practice stronger adaptive security is required. Until recently this was the case for constrained PRFs, the popular LKH multicast encryption and all known proxy re-encryption schemes. Last year we introduced the “nested hybrids” proof technique, which allowed us to prove adaptive security of these schemes. We will further develop and apply this technique. Symmetric Cryptography: Although symmetric schemes are the work horses of crypto, for most of them we only have non-tight security proofs which leave a huge gap to the best known attacks. We recently proved tight security bounds for HMAC (used for authentication in SSL/TLS, SSH and IPsec) and the Sponge family used in the SHA3 standard. Pseudoentropy: Computational notions of entropy have found many applications in the last few years. The tools available to manipulate pseudoentropy yield poor quantitative bounds, resulting in impractical schemes. We will continue our research towards establishing the exact necessary security degradation for manipulating pseudoentropy.

Coordinateur

Details