Advanced Crypto Software Collection
The Idea
The goal of the Advanced Crypto Software Collection (ACSC) is to provide a set of cryptographic tools to system developers. This site will primarily be focused on providing software that implements “advanced” cryptographic primitives. By advanced we typically mean cryptography that uses more modern methods and can’t necessarily be built from the traditional tools of hashing, signing, and basic encryption.
The collection is intended to provide a diverse set of tools ranging from low-level number theoretic primitives such as a bilinear-map implementation, to API’s for new efficient cryptographic primitives like Broadcast Encryption and Forward Secure Signatures, to applications. The software was developed by several different contributors, who are credited along with the project descriptions. The software provided here is primarily intended for the use of researchers in building system prototypes. Currently, most software has not been reviewed thoroughly enough for commercial deployment.
The Projects
Listed below are the current projects along with short descriptions. Click on a project’s name to access a longer description and software. Eight projects are currently available. Some are still under development, while others are fairly stable.
Some of these projects are hosted locally at the ACSC website. Other projects (notably the PBC Library) predate the ACSC and have their own homepage elsewhere; these are marked “external”.
- Ciphertext-Policy Attribute-Based Encryption
Developers: John Bethencourt, Amit Sahai (advisory role), Brent Waters (advisory role)
License: GPL
Added to ACSC: December 1, 2006
Last updated: March 24, 2011
This project provides an implementation of a Ciphertext Policy Attribute-Based Encryption (CP-ABE) system due to Bethencourt, Sahai and Waters. In such a system each user’s private key is associated with a set of attributes representing their capabilities, and a ciphertext is encrypted such that only users whose attributes satisfy a certain policy can decrypt. For example, we can encrypt a ciphertext such that in a company it can only be decrypted by a someone with attributes “Senior” and “Human Resources” or has the attribute “Executive ”. One interesting application of this tool is that we can do Role-Based Access Control (RBAC) without requiring trusted data storage.
- Paillier Library
Developer: John Bethencourt
License: GPL
Added to ACSC: July 21, 2006
Last updated: January 30, 2010
Paillier is a public key cryptosystem which offers an additive homomorphism, making it very useful for privacy preserving applications. This is a simple C library based on GMP which implements Paillier key generation, encryption, decryption, and also makes it easy to use the homomorphism.
- Private Stream Searching Toolkit
Developers: John Bethencourt, Brent Waters (advisory role)
License: GPL
Added to ACSC: July 21, 2006
Last updated: September 28, 2009
This toolkit provides programs implementing a private stream searching scheme due to Bethencourt, Song, and Waters that built upon work of Ostrovsky and Skeith. Suppose a client sends some search keywords to a server. The server checks some documents against the keywords and eventually sends back all the documents that matched. But the catch is that the client wants all this to take place without the server being able to learn what keywords they are interested in or which documents they end up with. These programs let you do that.
- Forward-Secure Signatures with Untrusted Update
Developers: Emily Shen (primary), John Bethencourt (build system)
License: GPL
Added to ACSC: September 13, 2007
Last updated: October 22, 2007
This C library implements a forward-secure signature scheme that allows “untrusted updates”. In most forward-secure signature constructions, a program that periodically updates a user’s private signing key must have full access to the private key. However, this prevents the common practice of encrypting it on disk under a passphrase. A scheme supporting untrusted updates, however, allows updates to the private key while it is encrypted.
- Proxy Re-cryptography Library [external]
Developers: Giuseppe Ateniese, Kevin Fu, Matthew Green, Susan Hohenberger
License: only non-commercial use permitted
Added to ACSC: March 28th, 2007
Proxy re-encryption is a form of public-key encryption that allows a user Alice to “delegate” her decryption rights to another user Bob. In a proxy re-encryption scheme, Alice delegates a semi-trusted proxy to translate ciphertexts encrypted under her key into ciphertexts encrypted under Bob’s key. Once delegated, the proxy operates independently of Alice. The proxy is considered “semi-trusted” because it does not see the content of the messages being translated, nor can it re-encrypt Alice’s messages to users for whom Alice has not granted decryption rights. This project is a C++ implementation of the proxy re-encryption schemes proposed in NDSS 2005, using the MIRACL library. A future version of the library will incorporate “proxy re-signature” schemes from CCS 2005.
- Percy++ [external]
Developer: Ian Goldberg
License: GPL
Added to ACSC: March 6th, 2007
Percy++ is an implementation of Private Information Retrieval (PIR) protocols in C++, as described in the paper Improving the Robustness of Private Information Retrieval, Ian Goldberg, IEEE Symposium on Security and Privacy (Oakland), 2007. Briefly, private information retrieval is the task of fetching a block of data from a database server (or group of distributed servers) without the server(s) learning which block it was that you were interested in. The protocols implemented in this project provide information-theoretic, computational, and hybrid privacy protection against configurable numbers of honest, faulty, or malicious servers.
- Broadcast Encryption [external]
Developers: Matt Steiner (original), Ben Lynn (current)
License: GPL
Added to ACSC: July 28, 2006
A broadcast encryption scheme allows a broadcaster to send an encrypted message to a set of receivers S, each of which has a different private key. Given any subset S’ of S, the broadcaster may construct an encrypted message so that only the receivers in S’ may decrypt it. This may be trivially accomplished by having a key pair for every member of S. Then a copy of the message may be separately encrypted under the key of each receiver in S’. This of course results in very inefficient communication, however. The challenge is to construct a scheme which has communication sublinear in the number of receivers. This project is an implementation of the BGW broadcast encryption scheme (see also this more recent paper) based on the PBC Library.
- Pairing-Based Cryptography Library [external]
Developer: Ben Lynn
License: GPL
Added to ACSC: July 21, 2006
Pairing-based cryptography (PBC) is a relatively young area of cryptography that revolves around a certain function with special properties. The PBC library (Pairing-Based Cryptography library) is a high performance C library built on top of theGMP library that contains routines which aid the implementation of pairing-based cryptosystems, including curve generation and pairing computation. In addition to the detailed documentation, simple implementations of many sample cryptosystems are included as examples of using PBC. PBC makes it very easy to quickly implement a great many of the recent advances in cryptography.
- PIRATTE: Proxy-based Immediate Revocation of ATTribute-based Encryption
Developers: Sonia Jahid, Nikita Borisov (advisory role)
License: GPL
Added to ACSC: August 24, 2012
Last updated: August 24, 2012
This toolkit provides an implementation of Proxy-based Immediate Revocation of ATTribute-based Encryption (PIRATTE) system by Sonia Jahid and Nikita Borisov. PIRATTE is a revocation scheme for Ciphertext Policy Attribute-Based Encryption (CP-ABE) system due to Bethencourt, Sahai, and Waters. Revocation in CP-ABE is challenging since most existing approaches are based on key expiration, re-keying every user, and/or re-encrypting existing ciphertext. A key and novel feature of PIRATTE architecture is that it is possible to remove access from a user without issuing new keys to other users or re-encrypting existing ciphertexts. We achieve this by introducing a proxy that participates in the decryption process and enforces revocation constraints. The proxy is minimally trusted and cannot decrypt ciphertexts or provide access to previously revoked users.
- Damgârd-Jurik Cryptosystem
Developers: Frederick Douglas
License: GPL
Added to ACSC: September 12, 2012
Last updated: September 12, 2012
The Damgârd-Jurik cryptosystem is an extension of the Paillier public key cryptosystem (and libdj is an extension of libpaillier). DJ has additive homomorphism, and the ability to control the plain/ciphertext spaces that a given public key is currently encrypting from/to. Specifically, for a public key n, the plain/ciphertext spaces can be Zns, Zns+1 for any s. This lets a single key encrypt arbitrarily large messages – in particular, nested encryptions with only linear growth of the ciphertext are possible. This property, together with the homomorphism, enables e.g. an efficient private information retrieval scheme. libdj also includes a threshold version: rather than a single private key, many key shares capable of producing decryption shares exist, and some threshold of decryption shares must be gathered to decrypt. This version also has the homomorphism and size control.
- Charm – A Rapid Prototyping Library for Cryptography
Developers: Joseph Ayo Akinyele, Christina Garman, Ian Miers, Matthew W. Pagano, Michael Rushanan, Matthew Green, andAvi Rubin
License: LGPL
Added to ACSC: April 3, 2014
Last updated: March, 2014
Charm is a framework for rapidly prototyping advanced cryptosystems. Based on the Python language, it was designed from the ground up to minimize development time and code complexity while promoting the reuse of components. Charm uses a hybrid design: performance intensive mathematical operations are implemented in native C modules, while cryptosystems themselves are written in a readable, high-level language. Charm additionally provides a number of new components to facilitate the rapid development of new schemes and protocols. Charm ships with a library of implemented cryptosystems. This library includes public key encryption schemes, identity-based encryption schemes, attribute-based encryption schemes, digital signatures, privacy-preserving signatures, commitment schemes, zero-knowledge proofs, and interactive protocols such as anonymous credential and oblivious transfer schemes.
- AutoTools – Automation Tools for Cryptographic Design
Developers: Joseph Ayo Akinyele, Matthew W. Pagano, Matthew Green, and Susan Hohenberger
License: LGPL
Added to ACSC: April 3, 2014
Last updated: March, 2014
The AutoTools project is a collection of automated compilers for performing various cryptographic design tasks. These consist of tools that improve efficiency and security of cryptographic primitives. For example, AutoBatch is an automated tool for finding efficient batch verification algorithms from high-level descriptions of digital signature schemes. AutoGroup is an automated tool for optimizing several types of pairing-based public-key encryption and signature schemes using Satisfiability Modulo Theories (SMT) solvers. Moreover, AutoStrong is a tool for converting existentially unforgeable signatures into ones that are strongly unforgeable. The tools demonstrate the notion that it is possible to transition some of the design work to computers and in most cases the automation can be performed in a matter of seconds.