Cloudproof Encryption is fundamentally the combination of 2 schemes: one for encryption using attributes (a hybrid KP-ABE + AES scheme) and one for quick secure searches (an SSE scheme).
Cryptographic systems and primitives used by Cosmian Data Confidential are based on recent public cryptographic research and primitives developed by Cosmian cryptographers in partnership with world re-known Cryptographic Laboratories such as the ENS Crypto. Lab and the KU Leuven COSIC lab and Cosmian scientific advisors,namely Pr. David Pointcheval and Pr. Nigel Smart
The research papers are available either publicly or trough NDA while in patenting process. See below for details.
Source code of the implementations is open-sourced or available under NDA while being patented. See below for details.
Hybrid Attribute Encryption Scheme (KP-ABE GPSW + AES-256 GCM)¶
Cosmian uses an hybrid encryption scheme: symmetric encryption of the clear text with a randomly generated symmetric, itself encrypted using a public key encryption scheme.
Symmetric key encryption: AES-256 GCM¶
When encrypting an arbitrary sized clear text, a random 256 bit AES key is first generated using a Cryptographically Secure Pseudo-Random Number Generator (CS-PRNG).
This key is used to symmetrically encrypt the data using AES-256 GCM. Whenever possible, the library will attempt to use he AES native CPU instructions when they are available for speed. Cosmian uses the Rust implementation of AES GCM.
The result of this first encryption is a ciphertext starting with a 96 bit Nonce, followed by the data encrypted in counter mode which length is equal to that of the clear text and ending with a 128 bit authentication tag.
Public Key Encryption: KP-ABE GPSW¶
The generated symmetric key is then encrypted using a public key scheme: Cosmian uses an implementation of a Key Policy Attributes Based Encryption (KP-ABE) called GPSW.
Cosmian implementation in Rust of GPSW is available in the abe_gpsw Github repository with additional details and documentation on the scheme. The code is available under the MIT license.
GPSW is based on pairings and is implemented by Cosmian over the BLS12-281 scheme to achieve 128 bit of security. The the BLS12-381 curve is also implemented in Rust and is also available under the MIT license in the cosmian_bls1_381 Github repository
The encryption of the symmetric key results in an encrypted “header” which is usually pre-prepended to the ciphertext generated by the symmetric key encryption. Using the native library, it is possible to separately generate the encrypted header and the symmetric ciphertext.
Symmetric Searchable Encryption Scheme (SSE)¶
Cosmian has developed a new fast Symmetric Searchable Scheme (SSE) codenamed Findex. The scheme is not publicly available while being patented but can be disclosed under NDA.
Likewise, and for the same reason, the Rust implementation is not yet publicly available but can be obtained under NDA.