What is the problem/issue being addressed?
Modern techniques enable us to construct cryptosystems in a theoretically sound way, underpinned by mathematical arguments and based on a (relatively) small number of computational hardness assumptions that can be analyzed independently of particular cryptographic constructions. A very important insight provided by theoretical cryptography is that we have understood that there may be many useful security notions for the same cryptographic primitive. Different applications may have different security requirements, therefore the "right" security notion depends on the given application. In the recent past, we have seen a very large number of practical attacks on cryptosystems, which can be seen as a consequence of the fact that the security properties provided by a cryptosystem do not match the concrete security requirements of an application. This project aims to close this gap and addresses various concrete research questions motivated by the current state of the art.
Why is it important for society?
Secure communication is essential to our everyday lives, society, and economy, and this dependence is growing. The security of this communication is protected by cryptographic protocols. This project contributes to protecting the security, privacy, and thus the freedom of citizens and thus our society.
What are the overall objectives?
The main objective of the REWOCRYPT project is to close the gap between theoretical and real-world cryptography, by tackling the most important research challenge at the intersection of these areas: We want to achieve the same strong security guarantees for real-world cryptography that we are able to achieve in theoretical cryptography. The theoretically-sound design and security analysis of real-world cryptography will improve our understanding of the security properties required from real-world cryptosystems, whether and how these can be achieved with efficient cryptographic constructions, and ultimately contribute to the prevention of practical attacks. This will be a significant improvement of the current state-of-the-art. Providing solid technical and methodological foundations for the theoretically-sound, practice-driven formal analysis of real-world cryptosystems is a ground-breaking contribution, which will significantly deepen our understanding of "secure" real-world cryptography in both theory and practice. By identifying new security notions and understanding if and how they can be achieved, or why they can not be achieved, one can also expect valuable further contributions to cryptographic theory.