Prof. Dr. Dennis Hofheinz, Karlsruher Institut für Technologie
Prof. Dr. Eike Kiltz, Ruhr-Universität Bochum


In our modern digital society, cryptography is vital to protect the secrecy and integrity of transmitted and stored information. Settings like digital commerce, electronic banking, or simply private email communication already rely on encryption and signature schemes. However, today's cryptographic schemes do not scale well, and thus are not suited for the increasingly large sets of data they are used on. For instance, the security guarantees currently known for RSA encryption -- the most commonly used type of encryption scheme -- degrade linearly in the number of users and cipher texts. Hence, larger settings (such as cloud computing, or simply the scenario of encrypting all existing email traffic) may enable new and more efficient attacks. To maintain a reasonable level of security in larger scenarios, RSA key lengths must be chosen significantly larger, and the scheme becomes very inefficient. Besides, a switch in RSA key lengths requires an update of the whole public key infrastructure, an impossibility in truly large scenarios. Even worse, when the scenario grows beyond an initially anticipated size, we may lose all security guarantees. 

The goal of this proposal is to offer a toolbox of cryptographic schemes that are suitable for huge sets of data. For instance, we plan to devise practical encryption schemes whose security does not degrade in the number of users and ciphertexts. Thus, parameter suggestions for our schemes can be made without knowing the size of the application they are used in. Furthermore, it should be possible to adapt the desired level of security on the fly, without adapting an existing public key infrastructure. Finally, our schemes should be practical and serve as a potential plug-in replacement of commonly used cryptographic schemes. In particular, the scalable nature of our schemes also makes them not only more secure, but also potentially more efficient in larger settings. We believe that now is exactly the right time for this endeavor. On the one  hand, only the recent emergence of "big data'' applications (in which massive amounts of users exchange massive amounts of data) makes truly scalable cryptographic schemes necessary. On the other hand, the  necessary technical tools to construct scalable cryptographic primitives have been developed only recently.