Jump to content
image picture stylised brain

Cryptography Consulting and Standardization

The AIT research group in cryptography is providing consulting services for industry as well as for research and development projects in design, development, application and standardization of modern cryptography.

Advanced Cryptographic Solution for Security in Modern ICT

The cryptography team at AIT has experience in the development of novel primitives, schemes and protocols with advanced features often helpful in the context of modern IT applications. We are researching advanced cryptographic schemes for dynamic and flexible data sharing, privacy enhancing technologies and online privacy, post-quantum cryptography as well as distributed systems. Particularly, we work on cryptographic building blocks such as attribute-based encryption (ABE) for strong access control on the mathematical level, encrypted attribute-based credentials (EABCs) and redactable signatures for better online privacy, post-quantum digital signatures, proxy re-encryption (PRE) for delegating decryption capabilities and multi-party computation (MPC) for privacy preserving data processing. 

We have expertise in various cryptographic techniques allowing to obtain strong provable security guarantees including advanced cryptographic building blocks in different domains such as cloud computing and distributed-ledger technologies. The team has a good understanding of novel trends and emerging cryptographic methods which can be applied to better secure IT solutions. Consulting our experts early in your design process can lead to great benefits for your system developers in the form of a sound security architecture and less weakness in your new products. 

 

Privacy-Preserving Cryptography 

Many every-day applications are using cryptographic mechanisms for protecting the integrity and confidentiality of data being transferred, stored, or processed. However, they were often not designed to protect the privacy of the user owning this information. For instance, in the case of identity management, cryptography is being used to ensure that only an eligible user is able to connect to a service. However, this guarantee comes at the cost of identifying users, either to an online identity provider, or to the service to which to user is authenticating herself. As another example, in the case of data sharing, the confidentiality and integrity are protected, but the identities of neither sender nor receiver remain hidden from the cloud provider being used for the data exchange. In both cases, this allows for detailed profiling of users. 

With recent European legislation such as the General Data Protection Regulation (GDPR) or the upcoming ePrivacy regulation, the sensitivity of such metadata has been highlighted by the legislator, resulting in potentially high fines if the users' privacy is not sufficiently protected by a service provider. 

At AIT, we have a proven track record in the development of technologies that allow, e.g., for privacy-enhancing authentication, data processing, or data sharing through advanced cryptographic primitives such as (encrypted) attribute-based credentials, multi-party computation, or secret sharing. Our offer ranges from consultancy regarding best-practices and existing solutions in the domain, up to the development of novel cryptographic mechanisms for the specific needs of individual stakeholders.

 

Quantum-Safe Cryptography 

Asymmetric (or public-key) cryptography used today is based on the hardness of factoring large composite numbers or solving the discrete logarithm problem in finite groups, and in particular elliptic curves or multiplicative groups of finite fields. In the 1990s it was already theoretically shown that there are efficient quantum algorithms to solve those types of problems. Hence, all asymmetric schemes currently in use would be instantaneously insecure if a sufficiently powerful quantum computer would be available. While little progress has been made in the area of high-performance quantum computers for a long time, research has intensified in recent years. Although the state-of-the-art is still several orders of magnitude away from quantum computers which could be dangerous to currently used asymmetric cryptography, the rapid progress significantly increases the risk. Therefore, protocols and systems involving asymmetric cryptography should transition to so-called post-quantum secure (or quantum-safe) cryptographic schemes – schemes which rely on mathematical problems that are resistant to attacks by quantum computers – to mitigate the risk and to provide long lasting security guarantees. 

Together with a team of international researchers, we designed the post-quantum secure digital signature scheme Picnic. It is built from symmetric-key primitives such as block ciphers and hash functions with well-understood post-quantum security combined with zero-knowledge proof systems. Consequently, the design does not rely on the hardness of more structured mathematical problems. The scheme is currently a candidate in the second round of NIST’s ongoing Post-Quantum Cryptography standardization effort. Besides our work on signature schemes, we also designed various other post-quantum cryptographic technologies, e.g. with built-in privacy features. 

Based on our experience we obtained from designing and implementing post-quantum secure cryptographic technologies, we offer teaching and consultancy on post-quantum cryptography.

 

Cryptography Standardisation

Additionally, we are actively contributing to international standards in cryptography and privacy. Therefore, we are aware of most recent trends and can deliver first hand information about ongoing initiatives and emerging trends. We can also assist in own standardization efforts with guidance and drafting support. 

Currently, the group is developing standards at the International Organization for Standardization (ISO) and the European Telecommunications Standards Institute (ETSI). In ISO we are involved in IT Security techniques subcommittee (JTC1/SC27) driving emerging cryptographic methods and privacy technologies. Additionally, we are active in ETSI TC CYBER and, as an example, contributed in ETSI STF529 to the standardisation of attribute-based encryption (ABE) in ETSI TS 103 532 “Attribute Based Encryption for Attribute Based Access Control”.  Additionally, we are involved in the National Institute of Standards and Technology (NIST) post-quantum cryptography competition with our experts for quantum-safe cryptography (see Picnic