Cryptographic protocols lie at the core of sound and trustworthy solutions to protect the integrity and secrecy of data stored in private computers and remote servers; and programs executed on hand held devices and remote host computers. Such protocols are guaranteed to preserve some pre-defined security requirements in the face of malicious attacks.
The starting point of this research project is that the nature of these attacks has changed fundamentally in recent years. A fast growing worldwide trend is to view computation as a commodity. Organizations or individuals may pay specialized providers (such as the Amazon EC2) to carry out desired computations for them. This trend (often called ``Cloud Computing'') carries with it great promise in terms of overall computing efficiency, power consumption, and financial flexibility. However, it also opens the door to much more acute security threats than those we have encountered so far. Without additional protection, the client must completely trust the provider to perform the computation correctly, and at the same time keep the secrecy of the clients' most sensitive private data. Putting in protection to reduce this trust is a delicate and complex challenge which requires a paradigm shift. Traditional cryptographic techniques and concepts seem to be insufficient to address these new threats and opportunities
In this project, we propose to address several challenges arising due to this new computing reality. These include: (1) Designing techniques for securing remote executable code both to safeguard the underlying algorithms and to enable limited time execution. (2) Designing techniques for achieving security against computational side-channel attacks on programs executed in hostile environments, (3) Diversifying the constructions of homomorphic encryption and further exploring their potential to current applications.
Intellectual Merit and Broad Impact: Protecting the electronic information world is paramount to the success and stability of modern society. The main goal of this project is to develop techniques for the security of remotely executed programs and cryptographic primitives. We ask basic questions underlying the development of such techniques: Can we build cryptographic primitives that resist various forms of inadvertent information leakage, such as the ones that occur due to side-channel attacks? can the computational assumptions that we have made thus far withstand the existence of extra auxiliary information about their solutions? Can fully homomorphic encryption schemes be demonstrated that possess other useful properties such as leakage-resilience, circular security and the ability to test the ciphertext for predefined predicates? Progress on any of these questions will significantly enhance our tool kit for the remote storage of data and program execution. We believe that this project addresses the most important area of investigation in cryptography today and will have broad impact on teaching us how to utilize remote computers to run your computations maintaining security. This may have far reaching conclusions for the safe use of cloud computing.
