Skip to main content

Cryptography with Low Complexity

Article Category

Article available in the folowing languages:

What online security can learn from wedding party planning

Complex cryptographic tools might increase security, but come at a price as computers struggle to decode messages. The CLC project aimed to find cryptographic solutions that are simple yet secure.

Fundamental Research

Cryptography is an essential part of modern life, securing our communications when we bank, shop and interact online. Even so, the cost of online fraud and identify theft in the EU is measured in billions of euro every year. One simple answer might be to make our security software more difficult to crack, but this comes at a price. “In particular, advanced cryptographic tools are not deployed because they are kind of slow, or have a high cost,” explains Benny Applebaum, professor in the School of Electrical Engineering at Tel Aviv University. “The goal is to minimise the complexity and get the best efficiency you can for a cryptographic task.” Applebaum led the EU-funded Cryptography with Low Complexity (CLC) project which addressed this issue. “If I want to send something in secrecy, I have to embed my message inside some computationally hard problem, one that is hard to solve,” says Applebaum. Computational hardness can be considered a resource used to guarantee secrecy, but this hardness also slows down the process of sending the message. “The general question is: can I use hard problems, but make the process fast?” he adds.

Party planning

To achieve this, his team turned to a class of problems called constraint satisfaction problems. These are easy to posit, yet hard to solve. An example is the challenge to seat a group of wedding guests around a set of tables, with many overlapping rules about which guests can or cannot share a table. “The rules are simple, but solving it can be very hard,” he notes. “You don’t know how to do it without trying all the solutions, which is hard to do.” Specifically, Applebaum and his team analysed these problems to quantify their level of hardness. They then developed advanced cryptographic tools that could reduce the computational complexity while maintaining the hardness of the problem. “Along the way, we gained better understanding of this kind of constraint satisfaction problem, which is important in the theory of computer science,” says Applebaum. “The approach we’ve taken here is to say, you don’t have to do so many complicated things for security. Just a small level of complication can be enough.”

Security detail

While these cryptographic principles are straightforward in theory, putting them into practice is more difficult, and a decision has to be made about the level of security desired. “To deploy cryptography in the real world, we must have a concrete estimation regarding the hardness of the problem in order to find the best trade-off between efficiency and security,” he explains. “This is a subtle task. We now have some estimations, and we’re beginning to understand what’s reasonable and what’s not.” The work was supported by the European Research Council. “This helped a lot with hiring students and postdocs, and before the pandemic, travelling round the world and inviting colleagues to Israel. To meet together, talk and exchange ideas, is very valuable.” Further applications for Applebaum’s research include new tools for secure multiparty computation, a security paradigm that allows distributed computation over private information, an important function in analysing health or financial data. Together with co-authors, the team designed protocols with a minimal amount of interaction, suggested novel approaches for securely distributing information between distrustful servers, and developed protocols for securely computing arithmetic operations natively and efficiently without translating them into binary operations.


CLC, computation, complex, online security, constraint satisfaction problems, cryptographic tools, multiparty, paradigm, protocol

Discover other articles in the same domain of application