Subscription has been a concept familiar to magazine readers long before the advent of computers and the internet. However, its digital transformation as a subscription service has ushered in an era of high-quality knowledge and entertainment accessible virtually anywhere on Earth. Changing the traditional notion of selling a product, whether in physical or digital form, as a one-time purchase, to a cloud-based service offered through a convenient subscription model, enables easy scalability for numerous projects. These range from press publications, music and video streaming, to educational platforms and AI-driven software.
Unfortunately, digitization often brings substantial scaling costs, which are challenging to cover due to the widespread practice of granting access to produced content to third parties who have not purchased access to that specific category of content. For years, popular streaming service Netflix has been grappling with this issue, estimated by Citygroup to incur annual losses of up to $6 billion from users who share their access with individuals outside their households.
While addressing this problem allows entertainment industry giants to maximize their profits (and they have made significant progress in recent months), for many smaller publishers or startups, such user actions can undermine the profitability of their businesses. The solution may lie in individual cryptography, a concept developed by Polish scientists in cooperation with Prof. Sebastian Faust.
How does individual cryptography work? The authors of the scientific article “Individual Cryptography” are Prof. Stefan Dziembowski and Tomasz Lizurej affiliated with IDEAS NCBR, a Polish research and development center focusing on artificial intelligence and digital economics, as well as Prof. Sebastian Faust from Technische Universität Darmstadt. Their work has been accepted for this year’s edition of the International Cryptographic Conference in Santa Barbara, USA, scheduled for August 19-24. Polish researchers will present how individual cryptography methods can neutralize attacks like Multiparty Computation (MPC) and Trusted Execution Environment (TEE), which enable simulating the operation of cryptographic protocols without physical access to the secret information that should identify the users.
“Attacks utilizing techniques such as Multiparty Computation (MPC) or Trusted Execution Environment (TEE) involve a situation where some users, by dispersing knowledge about a secret, can answer control questions regarding the secret without actually knowing it,” explains Tomasz Lizurej, a Ph.D. student at IDEAS NCBR and participant of the Crypto 2023 conference. An example of this is the use of Intel’s SGX technology for selling one’s own identity (identity lease) on the internet, proposed in 2019 by a group of scientists from ETH Zurich. This technology allows using someone else’s account on a particular service even without knowing the password and login credentials. If the service provider can protect against such attacks, they can expect the actual user to suffer financial losses if the secret information is disclosed to an unauthorized user.
Cryptographic protocols are special instructions that allow users to communicate with each other and access specific data securely. High-level security is achieved when authorized individuals have access to the secret information used in these protocols, and when the protocols require these individuals to have actual access to that information. Unfortunately, if a user with access to confidential information, such as a password, shares it with multiple unauthorized users, the protocol ceases to be an effective security measure.
“To ensure that participants of a protocol possess complete knowledge about the secret information used in cryptographic protocols, we introduced a new paradigm of individual cryptography and attempted to formally model functions that are difficult to bypass using MPC and TEE techniques. By applying our method, cryptographic protocols compel participants to process their information individually and not rely on shared information with other users,” explains Tomasz Lizurej.
As emphasized by the authors of the article “Individual Cryptography,” at the current stage, utilizing the solutions presented in the article would require an average user to employ specialized tools like a Bitcoin Miner, making it relatively challenging. Ultimately, further work on individual cryptography aims to develop simple protocols that can be widely used, for example, by subscription-based platform users.
Link to the article (minor changes compared to the paper presented at Crypto 2023) https://eprint.iacr.org/2023/088
Prof. Stefan Dziembowski is professor at the Faculty of Mathematics, Computer Science and Mechanics of the University of Warsaw, leader of the research group System security and data privacy at IDEAS NCBR. His scientific interests concern theoretical and applied cryptography, in particular issues related to physical attacks on cryptographic devices, and blockchain technology. He has been running the Cryptography and Blockchain Laboratory at the University of Warsaw since 2010. His papers have appeared at leading IT conferences (FOCS, STOC, CRYPTO, EUROCRYPT, ACM CCS, ASIACRYPT, TCC, IEEE S&P, ACM CCS, LICS, and others) and in journals (Communications of the ACM, Journal of Cryptology IEEE Transactions on Information Theory, Journal of the ACM, Communications of the ACM). More information here.
Prof. Sebastian Faust has been a member of the Department of Computer Science of Technische Universität Darmstadt since 2017. He heads the department Applied Cryptography. He obtained his doctorate in 2010 at the KU Leuven in Belgium. Afterwards, he was a postdoctoral fellow at the Danish Aarhus University, before receiving a Marie Curie IEF scholarship at the EPFL in Switzerland and later an assistant professor at the Ruhr University Bochum. He now holds a full professorship in Darmstadt.
Tomasz Lizurej is a Ph.D. student at the Institute of Computer Science, University of Warsaw, associated with the research group focusing on computer system security at IDEAS NCBR. He has a scientific interest in both theoretical and practical aspects of blockchain-related technologies. He is an author and co-author of works concerning device security, applications built on blockchain, and cryptography used in the blockchain environment.