Efficient and Secure Algorithms for joint Compression and Encryption

Partners: The project is executed by a research team that combines expertise of Jarek Duda who invented the ANS compression algorithm with competence in design and analysis of modern authenticated encryption algorithms represented by J. Pieprzyk and P. Morawiecki will take care of the implementation of the ComCrypt algorithms on different platforms, optimization of the designs and their evaluation in terms of security and efficiency.

Funding: PLN

Duration: 3 years, July 2019 – June 2022

The internet, which spans the globe, offers universal accessibility to both legitimate users and cybercriminals. The only countermeasure, which can be used to protect internet communication against cybercrime is cryptography. In general, cryptography can be applied to provide authentication/integrity and/or confidentiality of transmitted data. Authenticated encryption based on symmetric key (keys for encryption and decryption are the same) is the preferred option because of its efficiency.

Sensitive communication is normally first compressed (for efficiency) and then encrypted (for confidentiality and integrity). Clearly, this needs two separate algorithms. An interesting research question (with a potentially significant practical impact on industry standards for compression and security) is how to combine the two algorithms into one called ComCrypt so the high compression rate and speed of the original compression algorithm is preserved while the data is encrypted at a prescribed security level (measured by the number of bits in cryptographic key). The concept of ComCrypt was first formulated by Duda and Niemiec .

This project follows this line of research and takes a close look at the ANS compression to find out how its parameters and states can be indexed by a cryptographic key. This will have the following practical consequences:

  • Current IoT devices rarely use encryption or compression for transmitted data due to additional complexity, hardware and energy cost. To compress such data it is often sufficient to just take differences of neighbouring values and apply entropy coding like ANS, what allows for savings in transmission cost and size of required buffer. Therefore, inexpensive ANS layer combining compression with encryption should provide incentives for manufacturers to apply both: getting savings from data compression, simultaneously finally providing security for the transmitted data.
  • ANS is currently widely used in software compressors, especially Facebook Zstandard, which is successfully replacing standard gzip compressor due to much better parameters. Among others, it is currently used in Linux kernel, Amazon web services, IBM Z Platform, Hadoop database. It was also standardized for HTTP and MIME protocols (RFC 8478). Hence, adding simultaneous encryption within its ANS phase, would allow for practically free encryption of processed files – providing savings in time, energy and hardware. Having its convincing cryptanalysis, what is the purpose of this project, would allow for its rapid implementation on global scale – in all applications Zstandard is currently used. Its negligible cost can lead to new security capabilities we would also like to explore, for example encryption within Linux kernel.