RNP Confium
Distributed trust store enabling threshold encryption
Confium is an open-source distributed trust store framework that enables usage of the new paradigm of threshold encryption, powering new modes such as cryptographic secure multi-factor authentication. It aims to provide a generalized API and an extensible architecture for the usage of trust stores and future cryptographic families, to support standardization efforts of threshold cryptography, and to bridge cryptographers with the practical usage of cryptography. The current project enables implementation of the Confium framework with a 2-out-of-3 threshold RSA signature scheme.
- The project's own website: https://www.confium.org
Why does this actually matter to end users?
When you mention encryption or encoding, some are quick to think of exciting, sensational and sometimes shady things: spies exchanging secret messages and handshakes, criminals dealing drugs on the Dark Web, black hat hackers hiding in anonimity. But actually, encryption could not be more commonplace. Every time you call someone on your phone, you fire up your browser, send a chat message to friends, do some online banking, you rely on some complex mathematics behind the screen that makes sure you can talk, bank and browse securely and privately. The internet, practically all modern communication technology, could not exist without encryption we can trust to keep our data, our money, our lives, safe.
Encryption, however, will never guarantee complete, 100 percent, total security. Or to put it more precisely, the encryption schemes and implementations we use today may not be a match for the computers and use cases of tomorrow. That is why this industry is always looking for the next future-proof scheme and solution to essentially prevent a global hack of all communication: a much discussed recent example would be a quantum computer breaking perhaps the most widely used cryptosystem for secure data transmission.
This project aims to advance encryption through something called threshold cryptography, which means you can only prove you are who you are when you have a certain amount of secrets (reach a particular threshold). Think of multi-factor authentication, where you need for example two out of three items like a user password, a one-time password generated by your phone and your fingerprint. Even if one of these items gets lost or stolen, you are still not at risk since you have the other two. This project will provide the tools and architecture to make threshold encryption the standard for secure, private communication, so we can be sure our internet technology is safe against future threats.
Run by Ribose Limited
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.
