CryptAnalytics: an ERC grant for cryptography which is better adapted to the cloud
With the CryptAnalytics project, David Pointcheval of the DI ENS laboratory (CNRS/ENS Paris/Inria) aims to find new applications for functional multi-client encryption. He developed this technology himself and it offers the possibility of creating statistics based on data stored in a cloud without there being any confidentiality issues.
The success of the cloud has brought consequences with it namely that all this remotely stored data must be effectively protected. David Pointcheval, CNRS research professor and director of the École Normale Supérieure's Computer Science Department (DI ENS, CNRS/ENS Paris/Inria), works on finding cryptographic solutions to secure this wave of dematerialisation. The European Research Council has just awarded his team an ERC Proof of Concept (PoC) grant intended to help scientists to develop and apply the results of a previous ERC grant project.
"CryptAnalytics is an extension of CryptoCloud which we finished working on just six months ago," explains David Pointcheval. "The aim of that first project was to use cryptography to bring confidentiality to the cloud. This concept is not limited to user privacy and also involves anonymity and secrecy of processing. More and more individuals and companies outsource their data to a cloud which means they need to be able to access and use it without the host or unknown people learning sensitive information."
CryptoCloud's biggest breakthrough was to have developed functional multi-client encryption. This means users can share data on a cloud while controlling what others know about it. It is a system that, for example, enables a user to put the marks of a class online and choose who can see everything and who only has access to averages or results per subject. It is even possible to obtain statistics on values entered by people independently. Another important part of this system is the "zero-knowledge proof" which ensures that a calculation has been carried out correctly by the host using data from a cloud but without compromising privacy.
David Pointcheval gives the following example: "Imagine insurance companies that want to share their customers' incidents or claims between them but don't want to give information to their competitors. Functional multi-client encryption makes it possible to obtain overall statistics without revealing anything about individual data that might be harmful to one of the companies taking part. Our work is also of interest for the stock market sector and for medical data processing. These are the types of use cases that we want to target in the framework of the ERC PoC."
David Pointcheval and his team will be accompanied in the latest project stage by the start-up Cosmian which specialises in confidential data processing. They will collaborate to scale up the work, test its effectiveness and select the types of data that are best suited to these cryptographic technologies. The team has recruited a developer and now aims to define more use cases to work with during this 18-month ERC PoC project.
From a more technical standpoint, certain cryptographic issues will also have to be dealt with. The algorithms must be protected by algorithmic locks that are difficult to solve and therefore complicated to break. During the ERC project, the advantages and disadvantages have to be weighed up for all the potential solutions which include the factorisation of large integers, a discrete logarithm in various groups, Euclidean networks and so forth.
"The size of the data we handle and they way they are used have an impact on these choices," continues David Pointcheval. "Large objects used in small quantities each time have to be processed differently from a very large number of small data. Different structures are used according to the situation involved and we have to find the right compromise for scaling up."