Final Report Summary - CRYPTOCLOUD (Cryptography for the Cloud)
Many companies have already started the migration to the Cloud and many individuals share their personal informations on social networks.
While some of the data are public information, many of them are personal and even quite sensitive.
Unfortunately, the current access mode is purely right-based: the provider first authenticates the client, and grants him access, or not, according to his rights in the access-control list.
Therefore, the provider itself not only has total access to the data, but also knows which data are accessed, by whom, and how: privacy, which includes secrecy of data (confidentiality), identities (anonymity), and requests (obliviousness), should be enforced.
Moreover, while high availability can easily be controlled, and thus any defect can immediately be detected, failures in privacy protection can remain hidden for a long time.
The industry of the Cloud has introduced a new implicit trust requirement: nobody has any idea at all of where and how his data are stored and manipulated, but everybody should blindly trust the providers.
The providers definitely do their best, but this is not enough. Privacy-compliant procedures cannot be left to the responsibility of the provider: however strong the trustfulness of the provider may be, any system or human vulnerability can be exploited against privacy.
The ERC CryptoCloud Project has studied several cryptographic primitives to reduce the privacy risks.
First, new secure multi-party computation protocols have been proposed, as efficient alternative to the famous, but inefficient, Fully Homomorphic Encryption. Some tailored homomorphic constructions have also been designed for specific use-cases. Basically, this allows to players to make computations on encrypted inputs, and the result can be open by a target user only.
But the main outcome of the project is definitely the variants of Functional Encryption: given a functional decryption key associated to a function f, applied on a ciphertext of x, one gets f(x) and nothing else. The multi-client setting has been defined, which allows aggregations of private inputs coming from distrustful sources. This a very technical primitive that has already found concrete instantiations with applications to real use-cases. The dynamic setting will find even more applications.
Eventually, to reduce trust assumptions, we studied traceability feature that allows to trace back a defrauder in case of abuse, even if anonymity is a priori guaranteed.
While some of the data are public information, many of them are personal and even quite sensitive.
Unfortunately, the current access mode is purely right-based: the provider first authenticates the client, and grants him access, or not, according to his rights in the access-control list.
Therefore, the provider itself not only has total access to the data, but also knows which data are accessed, by whom, and how: privacy, which includes secrecy of data (confidentiality), identities (anonymity), and requests (obliviousness), should be enforced.
Moreover, while high availability can easily be controlled, and thus any defect can immediately be detected, failures in privacy protection can remain hidden for a long time.
The industry of the Cloud has introduced a new implicit trust requirement: nobody has any idea at all of where and how his data are stored and manipulated, but everybody should blindly trust the providers.
The providers definitely do their best, but this is not enough. Privacy-compliant procedures cannot be left to the responsibility of the provider: however strong the trustfulness of the provider may be, any system or human vulnerability can be exploited against privacy.
The ERC CryptoCloud Project has studied several cryptographic primitives to reduce the privacy risks.
First, new secure multi-party computation protocols have been proposed, as efficient alternative to the famous, but inefficient, Fully Homomorphic Encryption. Some tailored homomorphic constructions have also been designed for specific use-cases. Basically, this allows to players to make computations on encrypted inputs, and the result can be open by a target user only.
But the main outcome of the project is definitely the variants of Functional Encryption: given a functional decryption key associated to a function f, applied on a ciphertext of x, one gets f(x) and nothing else. The multi-client setting has been defined, which allows aggregations of private inputs coming from distrustful sources. This a very technical primitive that has already found concrete instantiations with applications to real use-cases. The dynamic setting will find even more applications.
Eventually, to reduce trust assumptions, we studied traceability feature that allows to trace back a defrauder in case of abuse, even if anonymity is a priori guaranteed.