TOCNeT | Teaching Old Crypto New Tricks

Summary
The bulk of the research in modern cryptography goes into constructing new schemes for which stronger security guarantees can be proven. However, often it is not clear if simple existing schemes already provide the required security, and we just don’t know how to prove it. As these new schemes are usually less efficient, they are not being applied resulting in a large discrepancy between the security that applied schemes are supposed to provide and what is actually proven. This project aims at closing this gap in different contexts: we will revisit simple schemes (including widely deployed ones) using new tools, developed by us and others in the last years, towards proving much stronger security properties than what is currently known. Three research directions in which we have already made substantial progress and which we will further investigate are:
Adaptive Security: Often we can prove a scheme secure against selective adversaries, while in practice stronger adaptive security is required. Until recently this was the case for constrained PRFs, the popular LKH multicast encryption and all known proxy re-encryption schemes. Last year we introduced the “nested hybrids” proof technique, which allowed us to prove adaptive security of these schemes. We will further develop and apply this technique.
Symmetric Cryptography: Although symmetric schemes are the work horses of crypto, for most of them we only have non-tight security proofs which leave a huge gap to the best known attacks. We recently proved tight security bounds for HMAC (used for authentication in SSL/TLS, SSH and IPsec) and the Sponge family used in the SHA3 standard.
Pseudoentropy: Computational notions of entropy have found many applications in the last few years. The tools available to manipulate pseudoentropy yield poor quantitative bounds, resulting in impractical schemes. We will continue our research towards establishing the exact necessary security degradation for manipulating pseudoentropy.
Unfold all
/
Fold all
More information & hyperlinks
Web resources: https://cordis.europa.eu/project/id/682815
Start date: 01-04-2016
End date: 31-03-2021
Total budget - Public funding: 1 882 244,00 Euro - 1 882 244,00 Euro
Cordis data

Original description

The bulk of the research in modern cryptography goes into constructing new schemes for which stronger security guarantees can be proven. However, often it is not clear if simple existing schemes already provide the required security, and we just don’t know how to prove it. As these new schemes are usually less efficient, they are not being applied resulting in a large discrepancy between the security that applied schemes are supposed to provide and what is actually proven. This project aims at closing this gap in different contexts: we will revisit simple schemes (including widely deployed ones) using new tools, developed by us and others in the last years, towards proving much stronger security properties than what is currently known. Three research directions in which we have already made substantial progress and which we will further investigate are:
Adaptive Security: Often we can prove a scheme secure against selective adversaries, while in practice stronger adaptive security is required. Until recently this was the case for constrained PRFs, the popular LKH multicast encryption and all known proxy re-encryption schemes. Last year we introduced the “nested hybrids” proof technique, which allowed us to prove adaptive security of these schemes. We will further develop and apply this technique.
Symmetric Cryptography: Although symmetric schemes are the work horses of crypto, for most of them we only have non-tight security proofs which leave a huge gap to the best known attacks. We recently proved tight security bounds for HMAC (used for authentication in SSL/TLS, SSH and IPsec) and the Sponge family used in the SHA3 standard.
Pseudoentropy: Computational notions of entropy have found many applications in the last few years. The tools available to manipulate pseudoentropy yield poor quantitative bounds, resulting in impractical schemes. We will continue our research towards establishing the exact necessary security degradation for manipulating pseudoentropy.

Status

CLOSED

Call topic

ERC-CoG-2015

Update Date

27-04-2024
Images
No images available.
Geographical location(s)
Structured mapping
Unfold all
/
Fold all
Horizon 2020
H2020-EU.1. EXCELLENT SCIENCE
H2020-EU.1.1. EXCELLENT SCIENCE - European Research Council (ERC)
ERC-2015
ERC-2015-CoG
ERC-CoG-2015 ERC Consolidator Grant