Description du projet
Des solutions cryptographiques dont la sécurité a été prouvée
Avec l’avènement des chaînes de blocs, l’imminence des ordinateurs quantiques et les vastes inquiétudes concernant la protection de la vie privée, les entreprises se tournent vers des solutions cryptographiques sophistiquées adaptées à leurs besoins spécifiques. Malheureusement, la conception et la mise en œuvre de la cryptographie sont sujettes à des erreurs, comme en témoigne une longue histoire de défauts de conception, de bogues de mise en œuvre et d’attaques très médiatisées. Les résultats du projet Circus du CER proposent une solution qui utilise la vérification formelle pour construire des logiciels de cryptographie assortis de preuves de sécurité et d’exactitude vérifiées par des machines. Le projet Cryspen, financé par l’UE, propose de créer une société qui assurera la transition du logiciel de recherche développé par le projet Circus vers des solutions cryptographiques vérifiées, prêtes à l’emploi et de qualité industrielle, en C, Rust et JavaScript. Le projet entend financer le transfert technique des résultats de la recherche et le développement commercial de la nouvelle société.
Objectif
Modern web applications routinely rely on standardized cryptographic protocols and algorithms to protect sensitive user data. Furthermore, with the advent of blockchains, the imminence of quantum computers, and widespread concerns about privacy in an era of surveillance and machine learning algorithms, enterprises are increasingly turning to sophisticated non-standard cryptographic solutions customized for specific usage scenarios. Unfortunately, cryptographic design and implementation is notoriously error-prone with a long history of design flaws, implementation bugs, and high-profile attacks. This leaves software companies with a difficult choice: every time they deploy a new crypto standard or an innovative cryptographic application that improves the security and privacy of their users, they risk exposing embarrassing flaws in their design or code.
The research results of ERC Circus offer a way out of this conundrum by advocating the use of formal verification to build cryptographic software with machine-checked proofs of security and correctness. A landmark output from this project is HACL*, a verified high-performance cryptographic library which is currently used by mainstream software like Mozilla Firefox, Linux Kernel, Tezos Blockchain, and ElectionGuard. We propose to establish a company (called Cryspen) that will transition the research software developed in ERC Circus towards a production-quality ready-to-use verified cryptographic software stack. In addition, Cryspen will offer a developer-friendly verification framework that can be used to build new custom cryptographic solutions in C, Rust, and JavaScript. The goal of this Proof-of-Concept proposal is to fund the initial technical transfer of research software to Cryspen and the business development of this company. Once this transfer is complete, Cryspen will be able to offer long-term service contracts to existing and new users of HACL*, and offer software contracts to enterprises interested in deploying verified cryptographic software.
Champ scientifique
- natural sciencescomputer and information sciencessoftware
- humanitieshistory and archaeologyhistory
- natural sciencescomputer and information sciencescomputer securitycryptography
- engineering and technologyelectrical engineering, electronic engineering, information engineeringelectronic engineeringcomputer hardwarequantum computers
- natural sciencescomputer and information sciencesartificial intelligencemachine learning
Mots‑clés
Programme(s)
- HORIZON.1.1 - European Research Council (ERC) Main Programme
Régime de financement
HORIZON-ERC-POC - HORIZON ERC Proof of Concept GrantsInstitution d’accueil
78153 Le Chesnay Cedex
France