Advanced Crypto Software Collection

The Idea

The goal of the Advanced Crypto Software Collection (ACSC) is to provide a set of cryptographic tools to system developers. This site will primarily be focused on providing software that implements “advanced” cryptographic primitives. By advanced we typically mean cryptography that uses more modern methods and can’t necessarily be built from the traditional tools of hashing, signing, and basic encryption.

The collection is intended to provide a diverse set of tools ranging from low-level number theoretic primitives such as a bilinear-map implementation, to API’s for new efficient cryptographic primitives like Broadcast Encryption and Forward Secure Signatures, to applications. The software was developed by several different contributors, who are credited along with the project descriptions. The software provided here is primarily intended for the use of researchers in building system prototypes. Currently, most software has not been reviewed thoroughly enough for commercial deployment.

The Projects

Listed below are the current projects along with short descriptions. Click on a project’s name to access a longer description and software. Eight projects are currently available. Some are still under development, while others are fairly stable.

Some of these projects are hosted locally at the ACSC website. Other projects (notably the PBC Library) predate the ACSC and have their own homepage elsewhere; these are marked “external”.

  • Ciphertext-Policy Attribute-Based Encryption
    Developers: John Bethencourt, Amit Sahai (advisory role), Brent Waters (advisory role)
    License: GPL
    Added to ACSC: December 1, 2006
    Last updated: March 24, 2011
    This project provides an implementation of a Ciphertext Policy Attribute-Based Encryption (CP-ABE) system due to Bethencourt, Sahai and Waters. In such a system each user’s private key is associated with a set of attributes representing their capabilities, and a ciphertext is encrypted such that only users whose attributes satisfy a certain policy can decrypt. For example, we can encrypt a ciphertext such that in a company it can only be decrypted by a someone with attributes “Senior” and “Human Resources” or has the attribute “Executive ”. One interesting application of this tool is that we can do Role-Based Access Control (RBAC) without requiring trusted data storage.
  • Paillier Library
    Developer: John Bethencourt
    License: GPL
    Added to ACSC: July 21, 2006
    Last updated: January 30, 2010
    Paillier is a public key cryptosystem which offers an additive homomorphism, making it very useful for privacy preserving applications. This is a simple C library based on GMP which implements Paillier key generation, encryption, decryption, and also makes it easy to use the homomorphism.
  • Private Stream Searching Toolkit
    Developers: John Bethencourt, Brent Waters (advisory role)
    License: GPL
    Added to ACSC: July 21, 2006
    Last updated: September 28, 2009
    This toolkit provides programs implementing a private stream searching scheme due to Bethencourt, Song, and Waters that built upon work of Ostrovsky and Skeith. Suppose a client sends some search keywords to a server. The server checks some documents against the keywords and eventually sends back all the documents that matched. But the catch is that the client wants all this to take place without the server being able to learn what keywords they are interested in or which documents they end up with. These programs let you do that.
  • Forward-Secure Signatures with Untrusted Update
    Developers: Emily Shen (primary), John Bethencourt (build system)
    License: GPL
    Added to ACSC: September 13, 2007
    Last updated: October 22, 2007
    This C library implements a forward-secure signature scheme that allows “untrusted updates”. In most forward-secure signature constructions, a program that periodically updates a user’s private signing key must have full access to the private key. However, this prevents the common practice of encrypting it on disk under a passphrase. A scheme supporting untrusted updates, however, allows updates to the private key while it is encrypted.
  • Proxy Re-cryptography Library [external]
    Developers: Giuseppe AtenieseKevin FuMatthew GreenSusan Hohenberger
    License: only non-commercial use permitted
    Added to ACSC: March 28th, 2007
    Proxy re-encryption is a form of public-key encryption that allows a user Alice to “delegate” her decryption rights to another user Bob. In a proxy re-encryption scheme, Alice delegates a semi-trusted proxy to translate ciphertexts encrypted under her key into ciphertexts encrypted under Bob’s key. Once delegated, the proxy operates independently of Alice. The proxy is considered “semi-trusted” because it does not see the content of the messages being translated, nor can it re-encrypt Alice’s messages to users for whom Alice has not granted decryption rights. This project is a C++ implementation of the proxy re-encryption schemes proposed in NDSS 2005, using the MIRACL library. A future version of the library will incorporate “proxy re-signature” schemes from CCS 2005.
  • Percy++ [external]
    Developer: Ian Goldberg
    License: GPL
    Added to ACSC: March 6th, 2007
    Percy++ is an implementation of Private Information Retrieval (PIR) protocols in C++, as described in the paper Improving the Robustness of Private Information Retrieval, Ian Goldberg, IEEE Symposium on Security and Privacy (Oakland), 2007. Briefly, private information retrieval is the task of fetching a block of data from a database server (or group of distributed servers) without the server(s) learning which block it was that you were interested in. The protocols implemented in this project provide information-theoretic, computational, and hybrid privacy protection against configurable numbers of honest, faulty, or malicious servers.
  • Broadcast Encryption [external]
    Developers: Matt Steiner (original), Ben Lynn (current)
    License: GPL
    Added to ACSC: July 28, 2006
    A broadcast encryption scheme allows a broadcaster to send an encrypted message to a set of receivers S, each of which has a different private key. Given any subset S’ of S, the broadcaster may construct an encrypted message so that only the receivers in S’ may decrypt it. This may be trivially accomplished by having a key pair for every member of S. Then a copy of the message may be separately encrypted under the key of each receiver in S’. This of course results in very inefficient communication, however. The challenge is to construct a scheme which has communication sublinear in the number of receivers. This project is an implementation of the BGW broadcast encryption scheme (see also this more recent paper) based on the PBC Library.
  • Pairing-Based Cryptography Library [external]
    Developer: Ben Lynn
    License: GPL
    Added to ACSC: July 21, 2006
    Pairing-based cryptography (PBC) is a relatively young area of cryptography that revolves around a certain function with special properties. The PBC library (Pairing-Based Cryptography library) is a high performance C library built on top of theGMP library that contains routines which aid the implementation of pairing-based cryptosystems, including curve generation and pairing computation. In addition to the detailed documentation, simple implementations of many sample cryptosystems are included as examples of using PBC. PBC makes it very easy to quickly implement a great many of the recent advances in cryptography.
  • PIRATTE: Proxy-based Immediate Revocation of ATTribute-based Encryption
    Developers: Sonia JahidNikita Borisov (advisory role)
    License: GPL
    Added to ACSC: August 24, 2012
    Last updated: August 24, 2012
    This toolkit provides an implementation of Proxy-based Immediate Revocation of ATTribute-based Encryption (PIRATTE) system by Sonia Jahid and Nikita Borisov. PIRATTE is a revocation scheme for Ciphertext Policy Attribute-Based Encryption (CP-ABE) system due to Bethencourt, Sahai, and Waters. Revocation in CP-ABE is challenging since most existing approaches are based on key expiration, re-keying every user, and/or re-encrypting existing ciphertext. A key and novel feature of PIRATTE architecture is that it is possible to remove access from a user without issuing new keys to other users or re-encrypting existing ciphertexts. We achieve this by introducing a proxy that participates in the decryption process and enforces revocation constraints. The proxy is minimally trusted and cannot decrypt ciphertexts or provide access to previously revoked users.
  • Damgârd-Jurik Cryptosystem
    Developers: Frederick Douglas
    License: GPL
    Added to ACSC: September 12, 2012
    Last updated: September 12, 2012
    The Damgârd-Jurik cryptosystem is an extension of the Paillier public key cryptosystem (and libdj is an extension of libpaillier). DJ has additive homomorphism, and the ability to control the plain/ciphertext spaces that a given public key is currently encrypting from/to. Specifically, for a public key n, the plain/ciphertext spaces can be Zns, Zns+1 for any s. This lets a single key encrypt arbitrarily large messages – in particular, nested encryptions with only linear growth of the ciphertext are possible. This property, together with the homomorphism, enables e.g. an efficient private information retrieval scheme. libdj also includes a threshold version: rather than a single private key, many key shares capable of producing decryption shares exist, and some threshold of decryption shares must be gathered to decrypt. This version also has the homomorphism and size control.
  • Charm – A Rapid Prototyping Library for Cryptography
    Developers: Joseph Ayo Akinyele, Christina Garman, Ian Miers, Matthew W. Pagano, Michael Rushanan, Matthew Green, andAvi Rubin
    License: LGPL
    Added to ACSC: April 3, 2014
    Last updated: March, 2014
    Charm is a framework for rapidly prototyping advanced cryptosystems. Based on the Python language, it was designed from the ground up to minimize development time and code complexity while promoting the reuse of components. Charm uses a hybrid design: performance intensive mathematical operations are implemented in native C modules, while cryptosystems themselves are written in a readable, high-level language. Charm additionally provides a number of new components to facilitate the rapid development of new schemes and protocols. Charm ships with a library of implemented cryptosystems. This library includes public key encryption schemes, identity-based encryption schemes, attribute-based encryption schemes, digital signatures, privacy-preserving signatures, commitment schemes, zero-knowledge proofs, and interactive protocols such as anonymous credential and oblivious transfer schemes.
  • AutoTools – Automation Tools for Cryptographic Design
    Developers: Joseph Ayo Akinyele, Matthew W. Pagano, Matthew Green, and Susan Hohenberger
    License: LGPL
    Added to ACSC: April 3, 2014
    Last updated: March, 2014
    The AutoTools project is a collection of automated compilers for performing various cryptographic design tasks. These consist of tools that improve efficiency and security of cryptographic primitives. For example, AutoBatch is an automated tool for finding efficient batch verification algorithms from high-level descriptions of digital signature schemes. AutoGroup is an automated tool for optimizing several types of pairing-based public-key encryption and signature schemes using Satisfiability Modulo Theories (SMT) solvers. Moreover, AutoStrong is a tool for converting existentially unforgeable signatures into ones that are strongly unforgeable. The tools demonstrate the notion that it is possible to transition some of the design work to computers and in most cases the automation can be performed in a matter of seconds.