AREAS OF EXPERTISE INCLUDE:
Assuring Confidentiality During Computation
Fully Homomorphic Encryption (FHE)
Fully Homomorphic Encryption (FHE) allows computations to be carried out on encrypted data, without requiring access to the secret (decryption) key. This technique addresses the challenge of data security during processing, especially in cloud-based operations. With FHE, applications can run computations on data while it remains encrypted, thus assuring confidentiality of input data, intermediate values, and results.
Multi-Party Computation (MPC)
Multi-party computation (MPC) is a cryptographic protocol enabling multiple entities to jointly compute a function over their inputs while concealing these inputs from each other. MPC circumvents problems of data privacy and trust by enabling data-rich calculations without exposing the underlying data. In addition, certain kinds of MPC also provide data integrity insurance, making it a strong candidate for protecting privacy in today’s digital, data-driven economy.
Private Set Intersection (PSI)
Private Set Intersection (PSI) allows two or more parties to compute the intersection of their datasets (and perform computation on those intersections efficiently) without revealing any other information. PSI has many applications including contact discovery, ad conversion measurement, and fraud detection.
Assuring Integrity of Computation
Zero Knowledge Proofs (ZKP)
A Zero Knowledge Proof (ZKP) is a cryptographic method where one party (the prover) can prove to another party (the verifier) that they know a given statement is true, without conveying any information apart from the fact that they know the statement’s truth. This technique addresses the issue of trust and verification in cryptographic transactions without compromising privacy or security.
Verifiable Computation
Verifiable Computation (VC) allows an untrusted server to perform computations and prove their correctness to a client. This approach lightens the computational load for users who lack computation resources, while also guaranteeing the validity of results.
Assuring Data Privacy
Differential Privacy
Differential Privacy is a system for assuring that the results of computation reveal no useful (or exploitable) information about input data to a computation. By adding controlled noise to the computation, Differential Privacy carefully trades confidentiality for utility, allowing the programmer to control how accurate statistical results must be versus how much detail about input data is recoverable from those results.
Advanced Cryptographic Algorithms
Post-Quantum Cryptography
Post-Quantum Cryptography refers to cryptographic algorithms, both for encryption and digital signatures, that can withstand attacks from both classical and quantum computers. It provides future-proof security, ensuring that data remains secure even in the era of quantum computing.
Side-Channel Resilient Protocols
Side-Channel Resilient Protocols are designed to protect sensitive data from side-channel attacks, where an attacker attempts to extract information from the physical implementation of a cryptographic system (e.g., timing, electromagnetic, power variation, acoustic, memory cache, etc.), rather than directly from the system itself. These protocols focus on securing the entire cryptosystem’s implementation, from software to hardware, ensuring the integrity and confidentiality of data even when faced with sophisticated forms of eavesdropping or tampering.
Authorization and Access Control Protocols
Authorization and Access Control Protocols establish the permissions that users have in a system, and how credentials are used to enable access to and privileges on a system. By enforcing access control, these protocols provide important defenses against unauthorized information disclosure or modification, and service disruption.
Correctness in Cryptography
With the advancement of more complex and critical systems that we all rely on, errors in the execution of cryptographic algorithms could compromise security and privacy, leaving the system vulnerable to security attacks. To address this, we apply the effective approaches developed as part of our software correctness area to cryptographic algorithms.
This combination of techniques can provide extremely high assurance that high-performance, production implementations of cryptography do exactly what was originally intended by the cryptographers who designed the algorithms and satisfy the high-level security requirements that motivate the use of cryptography in the first place.
Consulting
Galois can consult and answer your questions on encryption, authentication, digital signatures, or other aspects of cryptography. Our team brings deep technical and systems expertise, and is available to audit designs or code implementations to ensure that your cryptographic systems are correct and doing what you expect.