CROSSING Collaboration Award

The CROSSING Collaboration Award is presented for excellent internal collaborative work and outstanding progress in research collaborations within CROSSING, for which all members of the CRC are eligible. It is awarded annually by the CROSSING directorate.

Eligible for the Award is any collaboration between projects, for example joint publications, contributions to CogniCrypt, joint software tools or demonstrators or joint bachelor or master thesis.

Winners of the Collaboration Award get a trophy and certificate, and each collaborator receives funds for conference or workshop participation (travel, accommodation, conference fee), freely selectable by the price winners.

Poulami Das (S7), Siavash Riahi (S7), Patrick Struck (P1) and Andreas Erwig (S7) (from left to right); not in the photo: Nabil Alkeilani Alkadri (P1)

Abstract
Most blockchain solutions are susceptible to quantum adversaries as they rely on cryptography that is known to be insecure in the presence of quantum adversaries. In this work, we advance the study of quantum-resistant blockchain solutions by giving a quantum-resistant construction of a deterministic wallet scheme.
In cryptocurrencies, money is transfered via transactions. A transaction is valid only when signed with the sender's secret key. This makes secret keys of users an attractive target to attackers. Deterministic wallets are frequently used in practice in order to securely store user's keys. A deterministic wallet has two components – usually the sensitive secret key is stored in a so-called cold wallet which is most of the time online, whereas the public key is stored in an online wallet called the hot wallet. Recently, Das et al. developed a formal model for the security analysis of deterministic wallets and proposed a generic construction from certain types of classical signature schemes that exhibit key rerandomization properties. For security in a quantum world, it is therefore mandatory to show that the generic construction proposed in this paper is secure against quantum adversaries and to design post-quantum secure signature schemes with key rerandomization to instantiate this generic construction.

Link to the Paper
Deterministic Wallets in a Quantum World

Contact
Project P1, Project S7

Tommaso Frassetto, Ghada Dessouky and Shaza Zeitouni with Prof. Thomas Schneider (on behalf of Ágnes Kiss) and Prof. Stefan Katzenbeisser (on behalf of Giulia Traverso) and Spokesperson Prof. Johannes Buchmann (from left to right); Photo: Ann-Kathrin Braun

Abstract

Due to advances in cryptanalysis and quantum computing, longterm secure storage of sensitive data cannot rely on current encryption, especially when the storage service is hosted by third-party cloud computing providers. One approach to achieve long-term secure storage is secret sharing-based distributed storage systems, where shares of data are generated and distributed to multiple storage servers. Data confidentiality and integrity are maintained by periodically renewing the shares and verifying the consistency of the shares using commitment schemes. However, protecting outsourced data in such scenarios remains prohibitively costly and impractical: Share renewal requires an information-theoretically secure channel between any two storage servers and long-term confidential commitment schemes are computationally impractical for large files.

In this paper, we present Safe, a secret sharing-based long-term secure distributed storage system that leverages a Trusted Execution Environment (TEE). Share generation and renewal are performed inside the TEE and the shares are securely distributed to the storage servers.We propose optimized protocols for Safe where significantly fewer information-theoretically secure channels are required than in state-of-the-art long-term secure storage systems, and computationally binding commitment schemes are replaced by more efficient computationally secure signatures. We prototype Safe protocols using a TEE instantiation, and show their efficiency, even for large files, compared to existing schemes. Safe is TEEagnostic, as it allows seamless migration from one TEE to another while maintaining the same security guarantees.


Link to the Paper

Safe: A Secure and Efficient Long-Term Distributed Storage System


Contact

Project P3, Project E4, Project S2, Project S6

Oleg Nikiforov, Alexander Sauer, Matthias Geihs, Denis Butin and CROSSING Spokesperson Prof. Johannes Buchmann (from left to right)

Abstract

Sensitive digital data, such as health information or governmental archives, are often stored for decades or centuries. The processing of such data calls for long-term security. Secure channels on the Internet require robust key establishment methods. Currently used key distribution protocols are either vulnerable to future attacks based on Shor's algorithm, or vulnerable in principle due to their reliance on computational problems. Quantum-based key distribution protocols are information-theoretically secure and offer long-term security. However, significant obstacles to their real-world use remain. This paper, which results from a multidisciplinary project involving computer scientists and physicists, systematizes knowledge about obstacles to and strategies for the realization of long-term secure Internet communication from quantum-based key distribution. We discuss performance and security particulars, consider the specific challenges arising from multi-user network settings, and identify key challenges for actual deployment.


Link to the Paper

The Status of Quantum-Based Long-Term Secure Communication over the Internet


Contact

Project P4, Project S4, Project S6

Prof. Marc Fischlin, Christian Weinert (S6), Stefan Krüger (E1), Daniel Demmler (E4) and Felix Günther (S4) (from left to right)

Abstract

There exists an extensive body of research demonstrating that application developers often fail to correctly and securely use cryptographic APIs and, as a result, produce insecure code. They mainly struggle with the cryptographic domain knowledge required to decide which algorithms are appropriate to use to perform a certain task and how to properly configure them. In addition, due to the low-level design of most cryptographic APIs, developers often face problems identifying the correct order of method calls and parameter values. When surveyed, developers indicate that they desire API design to be more high-level, more examplerich documentation showcasing common use cases of the API, as well as assistance tools that support them in using such APIs. In our work that was accepted at the ASE 2017 Tool Demonstrations track, we presented CogniCrypt, a tool that assists developers with the use of cryptographic APIs. CogniCrypt is implemented as an Eclipse plugin to smoothly integrate into any application developer’s workflow and assists the developer in two ways. First, for a number of common programming tasks that involve cryptography, CogniCrypt facilitates the generation of code snippets that implement the respective task in a secure manner. Currently, CogniCrypt supports tasks such as data encryption, communication over secure channels, and long-term archiving. Second, CogniCrypt continuously performs a suite of static code analyses in the background to ensure a secure integration of the generated code into the developer’s project. Since the code analysis runs independently of code generation, CogniCrypt still supports developers to produce secure code if they prefer to write the code themselves or are not aware of CogniCrypt’s full functionality. This video demo showcases the main features of CogniCrypt: youtube.com.


Link to the Paper

CogniCrypt: Supporting Developers in using Cryptography


Contact

Project E1, Project E4, Project S4, Project S6

Michael Zohner (E3), Shaza Zeitouni (S2), Daniel Demmler (E4), Ghada Dessouky (P3) and Prof. Johannes Buchmann (from left to right)

Abstract

In the recent years, secure computation has been the subject of intensive research, emerging from theory to practice. In order to make secure computation usable by non-experts, Fairplay (USENIX Security 2004) initiated a line of research in compilers that allow to automatically generate circuits from high-level descriptions of the functionality that is to be computed securely. Most recently, TinyGarble (IEEE S&P 2015) demonstrated that it is natural to use existing hardware synthesis tools for this task.

In this work, we present how to use industrial-grade hardware synthesis tools to generate circuits that are not only optimized for size, but also for depth. These are required for secure computation protocols with non-constant round complexity. We compare a large variety of circuits generated by our toolchain with hand-optimized circuits and show reduction of depth by up to 14%. The main advantages of our approach are developing customized libraries of depth-optimized circuit constructions which we map to high-level functions and operators, and using existing libraries available in the industrial-grade logic synthesis tools which are heavily tested. In particular, we show how to easily obtain circuits for IEEE 754 compliant floating-point operations.

We extend the open-source ABY framework (NDSS 2015) to securely evaluate circuits generated with our toolchain and show between 0.5 to 21.4 times faster floating-point operations than previous protocols of Aliasgari et al. (NDSS 2013), even though our protocols work for two parties instead of three or more. As application we consider privacy-preserving proximity testing on Earth.


Link to the Paper

Automated Synthesis of Optimized Circuits for Secure Computation


Contact

Project P3, Project S2, Project E4

Juliane Krämer (P1), Niklas Büscher (S5), Prof. Johannes Buchmann, Florian Göpfert (P1) (from left to right)

Abstract

The learning with errors problem (LWE) is one of the most important problems in lattice-based cryptography. The goal of the LWE challenge is to determine the practical hardness of LWE, to gain an overview of the best known LWE solvers, and to motivate additional research eff?ort in this direction. The team has set up a web page that presents the LWE challenge to the community. At this page, all instances can be downloaded. Furthermore, solutions can be submitted and correct solutions will be displayed in a hall of fame.

The LWE challenge is not only a collaboration between CROSSING projects P1 (Florian Göpfert, Juliane Krämer) and S5 (Niklas Büscher) but also with international partners – University of California, San Diego (UCSD), University of Tartu and TU Eindhoven – and an industry partner, Cybernetica.


Link to the Paper

Creating Cryptographic Challenges Using Multi-Party Computation: The LWE Challenge

Link to the LWE Challenge

Website of the LWE Challenge

Contact

Project P1, Project S5