Projects in Cryptography
Agile and Easy-to-use Integration of PQC Schemes
Asymmetric cryptography, which is widely used everyday for authentication and key exchange in communication protocols, is threatened by the ongoing development of Quantum-Computers. Quantum Computers have the potential to defeat the security of classical algorithms like RSA or ECDH and break the underlying mathematical problems within the next view years. To further ensure security, the National Institute of Standards and Technology (NIST) started a process in 2016 to find novel, quantum-resistant algorithms (PQC) for execution on classical computers, equivalent to the classical ones. These novel algorithms have to be accessable to software-developers as well as beeing tested and integrated into existing software.
The PQC-Integration-Project develops concepts for easy and safe integration of quantum-safe cryptography with a focus on crypto-agility. Further research aspects are performance in real-world applications, usability – including safe and easy to use API’s, as well as concepts to migrate large infrastructures.
CRYPTOECONOMICS – Cryptography and Game Theory for Decentralized Exchanges
Over the last decade, blockchain technology has received enormous attention. Second-generation blockchains provide a distributed, trusted data processing platform that is publicly accessible to everyone and on which decentralized applications can be run. In the course of this, decentralized finance (DeFi) is also becoming increasingly important, as it offers a significantly cheaper and more efficient alternative for classicl financial products (e.g. lending or trading platforms).
The research in the "CRYPTOECONOCMICS" project aims to address some of the main shortcomings of the current state of the art in designing protocols for DeFi and to make the underlying blockchain infrastructure more robust to power DeFi applications. The main focus is on decentralized exchanges (DEXes), one of the core components of the DeFi ecosystem that enable the exchange of digital assets. Their main innovation is the automated market maker (AMM). AMMs work fundamentally different from classical order-based exchanges and are realized via a public smart contract that runs fully autonomous. This makes AMMs also particularly susceptible to cyberattacks as an adversary has full knowledge of all trades, and once a trade is executed it is impossible to reverse the transaction.
High Performance Implementations of PQC Schemes
Cryptographic primitives are fundamental mechanisms of communication protocols like Transport Layer Security (TLS), Virtual Private Networks (VPNs), and the Domain Name System Security Extensions (DNSSEC) and they are used, e.g., to build up a Public-key Infrastructure (PKI) or to enable Remote Attestation of devices to verify their trustworthiness. Since the communication in such scenarios follows the Client-Server principle, there are typically a few servers but many clients. Especially if there is a huge number of clients as in financial transactions, online shopping, eGovernment applications, or fleet and device management, servers are single points of cryptographic computations and have to handle a high work load.
Therefore, the requirements for these systems are to provide high performance (high throughput and low latency) and to manage a high amount of keys and certificates. Additionally, the requirement of forward secrecy involves the generation of ephemeral keys for each established connection.
To harden cryptographic mechanisms, resistance against implementation attacks, e.g., timing attacks, has to be provided. Specifically for Hardware Security Modules (HSMs) and their variants that are used in environments with high security requirements, e.g., in Certificate Authorities (CAs) or government networks, a high adversary motivation must be expected.
Therefore, implementations in software and hardware of cryptographic schemes have to be hardened also against physical implementation attacks such as side-channel attacks and fault injections.
In contrast to the established classical public-key cryptographic schemes like RSA, DSA, DH, and their ECC-variants, the properties to fulfill these requirements are unknown or insufficiently examined for post-quantum schemes.
LEAK - Leakage Models for Masking: Bridging the gap between theory and practice
Side-channel attacks are among the most devastating attacks against cryptographic implementations. They exploit physical leakages such as power consumption, electromagnetic radiation, or the running time of a device to extract sensitive information about the secret key. Indeed, it was shown that many modern schemes, such as post-quantum schemes, are particularly vulnerable to those attacks. The project LEAK aims to analyze the latest cryptographic primitives and to develop concrete leakage countermeasures based on masking schemes. The focus here is ensuring efficiency and security by modeling the side-channel information through concrete measurements. As a case study, the new techniques will be evaluated on an established symmetric cryptographic scheme and on one of the post-quantum schemes that are standardized by NIST.
With the rapid advances towards powerful Quantum Computers, Post-Quantum Cryptography (PQC) becomes ever more crucial for the security of data and services. Thus, PQC algorithms have seen rapid development as well, as shown by the large number of entries to the recent NIST PQC evaluation and standardization effort.
However, to enable the efficient application of PQC in practice, a three-way abstraction gap between 1) cryptographers who design PQC algorithms, 2) platform experts who realize these algorithms on hardware, and 3) software developers who want to use the algorithms must be closed.
PORTUNUS aims to achieve this by enabling a more agile development of new or improved PQC algorithms, their efficient mapping to different execution platforms such as CPUs, GPUs, FPGAs and ASICs, and their easy deployment for use in application-software by developers who are not IT security experts.
PQC Building Blocks for eCard Applications - Quantum-resilient PACE
Quantum computers weaken currently used cryptography and thereby threaten the IT security in all areas of daily life. In the project PQC-PACE we deal with migrating electronic identity documents (eCards) to quantum-resilient schemes, so-called post-quantum cryptography (PQC).
As part of a bigger research effort, we concentrate on the PACE protocol which is at the heart of many eCard security mechanisms. This includes the analysis of the current state-of-the-art in both PQC and eCards, the underlying infrastructures, challenges, and possible solutions starting from the hardware and infrastructures, over scheme suitability and protocol design, and all the way up to a full-scale approach for PQC migration and crypto-agility. The proposed research helps paving the way towards securing eCards against the threat of quantum computers, enable crypto-agility, and provide building blocks for similar systems.
Quantum-Resistance of Symmetric-Key Primitives
Quantum-Resistance of Symmetric-Key Primitives" investigates the cryptographic strength of symmetric-key primitives in the presence of quantum attacks. So far, most quantum-resistant cryptographic solutions focus on public-key primitives, including public-key encryption and signatures. The reason is that quantum computers are known to solve problems like Diffie-Hellman and RSA significantly faster, and most public-key schemes are based on such problems. The project complements these investigations by looking into the effects of quantum attacks for symmetric-key primitives.