From f4d1b3bd4378ddba9a9f622578fef532f72eba05 Mon Sep 17 00:00:00 2001 From: Fabrice Mouhartem Date: Wed, 13 Jun 2018 18:12:40 +0200 Subject: [PATCH] Introduction --- chap-introduction.tex | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/chap-introduction.tex b/chap-introduction.tex index 8b13789..2c66349 100644 --- a/chap-introduction.tex +++ b/chap-introduction.tex @@ -1 +1,36 @@ +In the last two decades, the use of cryptography has shifted from military and commercial secrets to a broader public. +For instance, the Enigma machine had a design for military purpose, and another one for enterprise (Enigma A26). +As of now, about $60\%$ of the first million most visited websites propose an implementation of \texttt{https}, and so are most of the communications channels that electronic devices use (like \textit{Wifi Protected Access}). + +At the same time, the growth of exchanged data and the sensitivity of this information make it more and more important to protect these data efficiently. +While we are reaching the Moore's law barrier, other threats exist against nowadays cryptosystems. +For instance, the eventuality of the existence of a quantum computer with sufficient memory~\cite{Sho99} would break most of real-world cryptographic implementations, which mostly rely on number-theoretic assumptions. +In this context, it becomes important to design cryptographic schemes that are believed to be quantum-resistant. + +To address this problem, \textit{post-quantum cryptography} arose in the early 2000s. +The different candidates relies on different mathematical objects, such as lattices, error-correcting codes or systems of multivariate polynomials. +Recently, the National Institute of Standards and Technology (or \textit{NIST}) organised a competition to evaluates different post-quantum schemes for encryption and signatures~\cite{NIS17}. +In this competition, 82 protocols have been submitted out of which: 28 were lattice-based, 24 were code-based, 13 were multi-variate based, 4 were hash-based and the 13 left are categorized as ``other''. + +Though, real-world cryptography mainly aim at digital signatures and encryption schemes, as the NIST competition emphasize it. +Meanwhile, research in cryptology proposes different solutions to respond to more specific problems, such as designing electronic-cash system\footnote{Which is not to be confuse with cryptocurrency\ldots}~\cite{CFN88}, which is the digital analogue of real money that are delivered by an authority (the bank) and for which the use remains non-traceable by anyone. + +Such cryptographic constructions should moreover verifies some security requirements. +For instance, an encryption scheme has to hide a message in the presence of an eavedropper, or even an active adversary. +To guarantee these requirements, we also make security proofs. They mainly state that a cryptographic scheme is secure if some problems remain hard. + +At last but not least, the importance of privacy and data protection have been a hot topic in the last years, as reflects the development of the general data protection regulation law in 2016, which is finally implemented since may 25th. +Hence, it looks appealing to have privacy-preserving cryptographic constructions that would ideally resist to the eventuality of a quantum computer. +Nevertheless, the construction of such protocols mainly relies on ``zero-knowledge proofs'', which is a 2-party protocol between a prover and a verifier where the prover should convince the verifier of a statement without leaking any piece of information about this statement. +In the context of post-quantum cryptography, such proofs systems are still limited in power or costly to implement. + +\section{Privacy-Preserving Cryptography} + +In this context, privacy-preserving refers to the fact that a primitive should provide some functionality while holding sensitive information private. +An example of such primitives are \textit{anonymous credentials}. +This systems involves one (or more) credential issuer(s) and a set of users who have their own secret keys and pseudonyms that are bound to their secret. +Users can dynamically obtain credentials from an issuer that only knows users' pseudonyms and obliviously sign users' secret key as well as a set of attributes. +Later on, users can let themselves know to verifiers under a different pseudonym and demonstrate possession of a certification from the issuer, without revealing neither the signature nor the secret key. +This primitive thus allow a user to authenticate to a system, such as in anonymous access control, while preserving its anonymity. +In addition, the system is guaranteed that users indeed possess a valid credential.