Cryptographic Foundations for Future-proof Internet Security

Today, the world is more connected than ever before. In 2018, already over half of the world`s population is online, which amounts to more than 4 billion people. The modern Internet includes computing paradigms such as cloud computing or the Internet of Things (IoT) which entirely changed the way we communicate and process data and which types of data are communicated over public networks. Huge amounts of potentially sensitive data now leave classical security perimeters and are processed and accessed by multiple different (untrusted) entities potentially in an ad-hoc fashion. The devices found on the Internet range from classical servers, desktops and laptops to (small) physical devices, home appliances or other items embedded with electronics, software, sensors, or actuators. These developments can bring additional comfort and increased quality of living to individuals and help to make many of our daily tasks much less complicated. However, the Internet is also a place where users are prone to become victims of criminal actions like data and identity theft and the Internet is also increasingly intertwined with a geopolitical environment making users prone to being surveilled or even controlled. To achieve strong security and privacy guarantees, cryptography is the foundational technology. Today, much of our personal freedom and the power to guarantee and maintain a free society depends on cryptographic primitives incorporated in the security protocols used within the Internet. While regulations like the upcoming EU General Data Protection Regulation (GDPR) promote the usage of cryptography to protect sensitive data, revelations about activities of governmental agencies have revealed worrying information. Governmental agencies have subverted cryptographic software products, certification authorities, backdoored cryptographic schemes or influenced and weakened cryptographic standardization processes. Besides providing governmental institutions means to spy on citizens, such practices are highly vulnerable to also be exploited by non- governmental adversaries. Many of the cryptographic schemes used to secure today`s Internet were not designed with the functionality and the security requirements in mind that come along with tomorrow`s envisioned use-cases on the Internet. This requires novel and typically more sophisticated cryptographic schemes that consider aspects that were not known or of interest in the early days of the Internet. Cryptography, which is capable to secure a future-proof Internet, needs to consider all these issues, but additionally needs to be flexible enough to work on both ends of the spectrum, i.e., resource constrained IoT devices as well as cloud-powered services. In addition, one needs to consider more recent aspects such as security in the presence of powerful quantum computers. Within PROFET we aim at designing cryptography that is subversion resilient by design and secure in the presence of powerful quantum computers and thus capable to securing tomorrow`s Internet.

Cryptographic mechanisms underlying today's Internet were not designed with the functionality and the security requirements in mind that come along with envisioned and in part already widely deployed use-cases. Those cover many popular application domains (implicitly) used by many people. Examples are cloud computing, e.g., outsourcing storage and services to large providers, the Internet of things (IoT), e.g., smart homes or connected vehicles, as well as the so called Web3, i.e., decentralized applications built upon blockchain technology. Importantly, due to the prevalent use of the Internet, much of our personal freedom and the power to maintain a free society depends on cryptographic primitives (e.g., signatures and encryption) incorporated in today's security protocols. While regulations like the EU General Data Protection Regulation (GDPR) prescribe the usage of cryptography to protect sensitive data, revelations about activities of governmental agencies have revealed worrying information. Examples include subverting cryptographic software products, subverting certification authorities, backdooring cryptographic schemes or influencing and weakening cryptographic standardization processes. Besides providing institutions means to spy on citizens, such practices are highly vulnerable to also be exploited by non-governmental adversaries. The focus of this project was on the cryptography required to secure the Internet of tomorrow. We have focused on two important aspects: First, designing cryptography that is resilient to subversion or disincentivizes such approaches by design. Here our particular focus was on the subversion of parameters used by cryptographic schemes and a property called forward secrecy. Latter means that even in case a decryption key leaks, the "damage" is very local in that the key cannot be used anymore to decrypt old but only very recent ciphertexts. Second, our focus was on designing cryptographic schemes that remain secure in the presence of powerful quantum computers, i.e., provide post-quantum security. In both aspects, among various interesting theoretical results, we have significantly contributed to the practical understanding. When it comes to parameter subversion, we have significantly contributed to the practical usability of so called non-interactive zero-knowledge (NIZK) proofs. In particular, the development of such proof systems that remain secure and provide the strongest security guarantees even if the setup is subverted. This is a very active field and with the growing popularity of cryptocurrencies and blockchains we have seen a "Cambrian explosion" in their research and practical deployment. In context of forward security, we have contributed to the design of secure communication protocols that have an important property called zero round-trip time (0-RTT), i.e., where encrypted data can already be sent in the first message of the sender in the protocol. Finally, in several domains studied in the project we have proposed the first post-quantum constructions, most notable for succinct NIZK proofs (so called zk-SNARKs).