Attribute-Based Encryption
Attribute-based encryption (ABE) is an advanced encryption technique which allows the enforcement of role-based access control on a cryptographic level. Concretely, a party can encrypt a message under a policy (ciphertext-policy ABE) such that any other party can retrieve the plain text if and only if its set of attributes satisfies the policy.
In practice, ABE is either based on lattices or bilinear pairings (over elliptic curves). Whereas the former is post-quantum secure, the latter is more relevant to practical applications.
At the Chair for Security Engineering we focus on the efficient implementation of pairing-based ABE schemes. As part of a currently on-going submission, we systematically optimized and benchmarked 9 ABE schemes and achieved significant speed-up for several use-cases. We are also developing tools to automatically identify and apply structural optimizations to the schemes itself and obtain runnable code directly from mathematical specifications.
With our research we contribute towards bringing ABE to real-world applications, such that sensitive data can be kept safe; even in cases with non-trivial access control requirements.
Quantum-Secure Cryptography
Quantum-secure or post-quantum cryptography describes a class of (classical) cryptographic schemes and algorithms that provide security even in presence of an adversary with access to a (large-scale) quantum computer. This field of research has been gaining relevance fast over the last years as the vast majority of currently used encryption schemes do not share this property. The algorithm to break cryptography based on factorization or the discrete logarithm problem has already been found in 1994 - and the quantum hardware needed to apply it gets closer to existence every year.
Post-quantum cryptography comes in a variety of flavors: The currently most popular schemes rely on mathematical problems on lattices (e.g. ML-KEM/Kyber or ML-DSA/Dilithium), while others are based on codes (e.g. BIKE), multivariate quadratic equations (e.g. MAYO), isogenies (e.g. CSIDH) or hash-functions (e.g. Sphinx+). At the chair for Security Engineering, we are not analyzing those fairly new schemes with regards to their foundational mathematical security properties. We rather evaluate them when being implemented in soft- and hardware, meaning when facing an attacker that might be getting side-channel information from the physical device or is able to actively fault computations.
Can we find practical attacks on relevant implementations of PQC algorithms? What parts or values are sensitive and need side-channel protection? How can we efficiently protect PQC-schemes and with what techniques? Can we develop tailored, efficient attack countermeasures on those new schemes or their essential sub-functions? Regarding those implementation security questions, the SecEng team is also involved in the development of new schemes like BIKE and the new Korean PQC standard HAETAE.