thesis/chap-introduction.tex
2018-06-13 18:12:40 +02:00

37 lines
4.2 KiB
TeX

In the last two decades, the use of cryptography has shifted from military and commercial secrets to a broader public.
For instance, the Enigma machine had a design for military purpose, and another one for enterprise (Enigma A26).
As of now, about $60\%$ of the first million most visited websites propose an implementation of \texttt{https}, and so are most of the communications channels that electronic devices use (like \textit{Wifi Protected Access}).
At the same time, the growth of exchanged data and the sensitivity of this information make it more and more important to protect these data efficiently.
While we are reaching the Moore's law barrier, other threats exist against nowadays cryptosystems.
For instance, the eventuality of the existence of a quantum computer with sufficient memory~\cite{Sho99} would break most of real-world cryptographic implementations, which mostly rely on number-theoretic assumptions.
In this context, it becomes important to design cryptographic schemes that are believed to be quantum-resistant.
To address this problem, \textit{post-quantum cryptography} arose in the early 2000s.
The different candidates relies on different mathematical objects, such as lattices, error-correcting codes or systems of multivariate polynomials.
Recently, the National Institute of Standards and Technology (or \textit{NIST}) organised a competition to evaluates different post-quantum schemes for encryption and signatures~\cite{NIS17}.
In this competition, 82 protocols have been submitted out of which: 28 were lattice-based, 24 were code-based, 13 were multi-variate based, 4 were hash-based and the 13 left are categorized as ``other''.
Though, real-world cryptography mainly aim at digital signatures and encryption schemes, as the NIST competition emphasize it.
Meanwhile, research in cryptology proposes different solutions to respond to more specific problems, such as designing electronic-cash system\footnote{Which is not to be confuse with cryptocurrency\ldots}~\cite{CFN88}, which is the digital analogue of real money that are delivered by an authority (the bank) and for which the use remains non-traceable by anyone.
Such cryptographic constructions should moreover verifies some security requirements.
For instance, an encryption scheme has to hide a message in the presence of an eavedropper, or even an active adversary.
To guarantee these requirements, we also make security proofs. They mainly state that a cryptographic scheme is secure if some problems remain hard.
At last but not least, the importance of privacy and data protection have been a hot topic in the last years, as reflects the development of the general data protection regulation law in 2016, which is finally implemented since may 25th.
Hence, it looks appealing to have privacy-preserving cryptographic constructions that would ideally resist to the eventuality of a quantum computer.
Nevertheless, the construction of such protocols mainly relies on ``zero-knowledge proofs'', which is a 2-party protocol between a prover and a verifier where the prover should convince the verifier of a statement without leaking any piece of information about this statement.
In the context of post-quantum cryptography, such proofs systems are still limited in power or costly to implement.
\section{Privacy-Preserving Cryptography}
In this context, privacy-preserving refers to the fact that a primitive should provide some functionality while holding sensitive information private.
An example of such primitives are \textit{anonymous credentials}.
This systems involves one (or more) credential issuer(s) and a set of users who have their own secret keys and pseudonyms that are bound to their secret.
Users can dynamically obtain credentials from an issuer that only knows users' pseudonyms and obliviously sign users' secret key as well as a set of attributes.
Later on, users can let themselves know to verifiers under a different pseudonym and demonstrate possession of a certification from the issuer, without revealing neither the signature nor the secret key.
This primitive thus allow a user to authenticate to a system, such as in anonymous access control, while preserving its anonymity.
In addition, the system is guaranteed that users indeed possess a valid credential.