Prof. Dr.-Ing. Tibor Jager

REWOCRYPT - Theoretically-Sound Real-World Cryptography

What is the problem/issue being addressed?

Modern cryptographic techniques enable us to construct cryptosystems in a theoretically sound way, underpinned by precise mathematical arguments and based on a (relatively) small number of computational hardness assumptions that can thoroughly be analyzed, independently of particular cryptographic constructions.

Today we have a large number of different accepted security definitions for many cryptographic primitives. A very important insight provided by theoretical cryptography is that we have understood that there may be many useful security notions for the same cryptographic primitive. Different applications may have different security requirements, therefore the "right" security notion depends on the given application. A proof of security holds only for the definition considered in the proof (and by trivial implication also for any weaker security definition, of course). Even a provably-secure cryptosystem can be completely insecure in practice, if the security model considered in the proof does not reflect the security requirements of the application properly.

In the recent past, we have seen a very large number of practical attacks on cryptosystems, which can be seen as a consequence of the fact that the security properties provided by a cryptosystem do not match the concrete security requirements of an application.

Why is it important for society?

Cryptography is a cornerstone of secure communication in a modern, increasingly interconnected and increasingly digitized society.

What are the overall objectives?

The main objective of the REWOCRYPT project is to close the gap between theoretical and real- world cryptography, by tackling the most important research challenge at the intersection of these areas: We want to achieve the same strong security guarantees for real-world cryptography that we are able to achieve in theoretical cryptography.

The theoretically-sound design and security analysis of real-world cryptography will improve our understanding of the security properties required from real-world cryptosystems, whether and how these can be achieved with efficient cryptographic constructions, and ultimately contribute to the prevention of practical attacks. This will be a significant improvement of the current state-of-the-art. Providing solid technical and methodological foundations for the theoretically-sound, practice-driven formal analysis of real-world cryptosystems is a ground-breaking contribution, which will significantly deepen our understanding of "secure" real-world cryptography in both theory and practice. By identifying new security notions and understanding if and how they can be achieved, or why they can not be achieved, one can also expect valuable further contributions to cryptographic theory.

Project-Related Publications

This sections detaild all project related publications sorted by work packages.

Pillar 1: Securely Combining Cryptography with the Application Layer

Work Package 1.1: How to use TLS 0-RTT Securely in Applications

Work Package 1.2: Secure Compress-then-Encrypt and How to Use Length-Hiding Encryption

Pillar 2: Possibility and Impossibility of Cryptographic Primitives for Real-World Applications

Work Package 2.1: Provably Secure Cryptographic Primitives for Modern Applications

Work Package 2.2: Overcoming Impossibility Results on Tight Real-World Security

Work Package 2.3: Systematic Study of the Secure Use of Legacy Cryptography

  • No research results have been published yet.

This project has received funding from the European Research Council (ERC) under the European Union's Horizon 2020 research and innovation programme (grant agreement No 802823).

Weitere Infos über #UniWuppertal: