Presented by: Ngoc Ky NGUYEN
Institution: École Normale Supérieure de Paris
Doctoral School: Sciences Mathématiques de Paris Centre (ED386)
Specialty: Informatique
Date: 03 December 2024
With the generalisation of TLS over the Web, the confidentiality of communications has been reinforced. However, this also led to new attack vectors for adversarial agents to attack directly the individual machines via their browsers, while bypassing all the tools for data-flow analysis, because everything is transmitted through an encrypted channel. Therefore, in order to detect or prevent the attacks, many systems operate by stopping the encrypted channel and continuing to analyse the data packets in the clear, which thus affects badly the confidentiality. This thesis is going to study the cryptographic mechanisms that allow guaranteeing the confidentiality of data, at the same time permitting the analysis to ensure the security of the users and systems. This will require adapting the techniques of functional encryption (FE) or attribute-based encryption (ABE), which enable the monitors to extract only the useful information for the cybersecurity purposes. The main setting of our studies is FE with multiple users, in particular where we allow multiple clients to independently encrypt their partial data, or multiple senders to independently generate their partial functional decryption keys. These partial ciphertexts or partial keys can be later jointly combined, only if they are associated to some identical tag, e.g. a timestamp. We obtain various results with respect to the security notions of FE in this setting, both definitionally and constructively. On one hand, we give a definitional framework for multi-client FE with fine-grained access control over keys, which is furthermore generalized to function classes that authorize some auxiliary public inputs at the time of encryption. On the other hand, we revisit the widely used security model of decentralized multi-client FE and refine existing unnatural constraints of the model. Last but not least, we provide concrete constructions in regards of the particular function class for computing inner products, by leveraging the power of dual pairing vector spaces in the bilinear group setting.