On the Practicability of Information-Theoretic Cryptography

Cryptography is considered the strongest technical control to protect data, but state-of-the-art methods suffer from shortcomings when applied in cloud computing or the Internet of Things. New approaches are needed enabling more agile data handling, supporting computations on encrypted data, and providing long-term security, even against quantum computer attacks. In this thesis we present research results in building long-term secure but practically efficient protocols and systems based on cryptography with information-theoretic security (ITS) for modern cloud-based applications. It brings together old and new technologies from the world of information-theoretic cryptography to overcome limitations of standard cryptographic approaches and enable end-to-end security in modern application scenarios. The focus is on secret sharing, multiparty computation and quantum key distribution, which are well known to the cryptographic community but not broadly applied in practice. In essence, we explored the possibilities to build ITS solutions for data storage, data processing and communication. Nevertheless, pure ITS is not always necessary nor possible, thus we also study combinations with computational (but also quantum-safe) symmetric primitives where appropriate for better efficiency. This thesis comprises three main parts each containing individual contributions.Firstly, the problem of secure cloud storage and data sharing is addressed. A novel architecture for a secure distributed multi-cloud storage is presented based on the combination of secret sharing with a Byzantine fault-tolerant (BFT) protocol. To cope with performance problems encountered in the first proof-of-concept, a performance model was developed and results from extensive simulations of the networking layer are presented. We also explored and optimized encoding performance for secret sharing in software and show the potential for hardware acceleration. Additionally, to also support means for data integrity monitoring we present an easy to realize and low-cost auditing approach for the developed storage system. The technique is based on batching which has also been extended further to generic batch verifiable secret sharing.Secondly, we present efficient solutions for privacy preserving data processing based on ITS flavors of secure multiparty computation (MPC). Fortunately, ITS-MPC relies on secret sharing for encoding and thus nicely extends the previous work on secure storage. We compared most relevant software frameworks and did intensive performance testing, revealing only limited scalability of the technology for more advanced computations, especially with respect to the number of MPC nodes. Therefore, we propose the use of verifiable MPC to build privacy preserving data markets. By combining MPC with compatible zero-knowledge protocols (ZKP) we were able to demonstrate an end-to-end verifiable but privacy preserving market platform for smart manufacturing which can efficiently perform auctions with a large number of participants. We also explored the possibility to run more elaborated market mechanisms based on optimization and achieved very favorable results for a use case in air traffic management.Thirdly, regarding secure communication this thesis presents results achieved in researching some particular aspects of quantum key distributions (QKD). A very efficient algorithmic approach for timing synchronization between QKD peers is presented which helped to free an optical channel in a QKD system developed at AIT. To overcome the problem of expensive compute hardware to run QKD post-processing on device, we introduce the novel idea of offloading post-processing from the device in a secure way and prove that it is possible to securely outsource information reconciliation to a single server for the case of direct reconciliation. Additionally, we also show a negative result for an efficient authentication protocol in QKD already proposed in 2004, which we were able to fully break with the method presented in this thesis.Finally, we discuss possibilities to integrate QKD with communication systems and report a real-world demonstration of the combination of secure storage with QKD to achieve information-theoretic security from end-to-end in a medical use case.