PhD Defense

I defended my thesis entitled "Homomorphic Cryptography and Privacy" on Thursday 20th, May 2021.

The manuscript is available here.

Jury

  • Dario Catalano - Université de Catane, Italie (Rapporteur)
  • Caroline Fontaine - CNRS/ENS Paris-Saclay (Examinatrice)
  • Benoit Libert - CNRS/ENS Lyon (Rapporteur)
  • Duong Hieu Phan - Telecom Paris (Directeur de thèse)
  • David Pointcheval - CNRS/ENS Paris (Directeur de thèse)
  • Olivier Sanders - Orange Labs (Examinateur)

Abstract

With the massive use of dematerialized storage, homomorphism has become one of the most widely used properties in cryptology. In this thesis we will study how to use it in concrete multi-users protocols requiring not only confidentiality but also anonymity, authentication or verifiability. Homomorphic encryption schemes, homomorphic digital signatures and homomorphic zero-knowledge proofs will be used together, but each time restricted to achieve the desired level of security.

First, the confidential aspect is studied for computations on large outsourced databases. Being able to apply functions on encrypted data without having to download and decrypt it entirely may be essential and allows to take advantage of the computational power of the server. This can also be interesting when a third-party company without right-access to the database wants to obtain the result of a computation. However, some guarantees on the learned information need to be taken. To this end, we present a decentralized encryption scheme that allows controlled evaluation of quadratic functions on outsourced data thanks to a group of controllers.

However, sometimes confidentiality of the data is not the most desired property for a system as it does not protect the sender. For electronic voting, each encrypted ballot must be associated with its voter to verify that he is allowed to vote. After the voting phase, anonymity is achieved by shuffling so that, during the count, which corresponds to the decryption, no link between votes and voters can be made. We propose a new construction of mix-network based on linearly homomorphic signatures which allows for the first time a verification which is cost-independent of the number of mix-servers. This scalable mix-net improves the efficiency compared to already known constructions, especially with an increasing number of shuffles.

Nevertheless, with perfect anonymity comes the threat of malicious use of the system. Cryptology must consider these possible abuses and we propose the first multi-authority anonymous credential protocol with traceability property: a user asks a credential issuer for a credential and uses it to access a system while remaining anonymous. In case of abuse, an authority can revoke anonymity and trace a malicious user. The scheme is as efficient as the previously known credential schemes while achieving the multi-credential issuer functionality.