Skip to content

Cryptographic Systems

Cloudproof Encryption is fundamentally the combination of 2 schemes: one for encryption using attributes (a hybrid KP-ABE + AES scheme) and one for quick, secure searches (an SSE scheme).

Cryptographic Papers

Cryptographic systems and primitives used by Cosmian Data Confidential are based on recent public cryptographic research and primitives developed by Cosmian cryptographers in partnership with world re-known Cryptographic Laboratories such as the ENS Crypto. Lab and the KU Leuven COSIC lab and Cosmian scientific advisors, namely Pr. David Pointcheval and Pr. Nigel Smart

The research papers are available either publicly or through NDA while in a patenting process. See below for details.

Code Implementation

Cosmian implements cryptographic schemes in Rust following the ANSSI guidelines.

The source code of the implementations is open-sourced or available under NDA while being patented. See below for details.

Hybrid Attribute Encryption Scheme: CoverCrypt

Cosmian uses a hybrid encryption scheme (KEM DEM): symmetric encryption of the clear text with a randomly generated ephemeral symmetric key, itself encrypted using a public key encryption scheme.

Symmetric key encryption: AES-256 GCM

When encrypting an arbitrary-sized clear text, a random 256bit ephemeral key is first generated using a Cryptographically Secure Pseudo-Random Number Generator (CS-PRNG).

This key is used to encrypt the data using AES-256 GCM. Whenever possible, the library will attempt to use the AES native CPU instructions when they are available for speed. Cosmian uses the Rust implementation of AES GCM.

The result of this first encryption is a ciphertext starting with a 96bit Nonce, followed by the data encrypted in counter mode, which length is equal to that of the clear text and ending with a 128bit authentication tag.

Public Key Encryption

The generated symmetric key is then encapsulated using a public key scheme. The mechanism is available in 2 flavors:

  • classic only: using Elliptic Curve encryption over Curve 25519
  • hybridized: the classic scheme hybridized with a post-quantum scheme: Kyber 512

Details of CoverCrypt cryptography and implementation in Rust are found on Github

The encryption of the symmetric key results in an encrypted “header” which is usually pre-prepended to the ciphertext generated by the symmetric key encryption. Using the native library, it is possible to generate the encrypted header and the symmetric ciphertext separately.

Searchable Encryption Scheme: Findex

Cosmian has developed a new fast Symmetric Searchable Scheme (SSE) codenamed Findex. The scheme is not publicly available while being patented, but we can disclose it under NDA.

Likewise, and for the same reason, the Rust implementation is not yet publicly available but is available under NDA.

© Copyright 2018-2022 Cosmian. All rights reserved