WP3: Post-quantum cryptography for the cloud

Users store more and more of their data on cloud storage services such as Google Drive (which allows 15GB stored in each free account), Microsoft's OneDrive (7GB stored), and Dropbox (20GB transferred per day).

Of course, a typical laptop offers much larger amounts of local storage, but cloud storage provides several attractive features. First, even if a user Alice is simply storing files for her own use, cloud storage provides an easy way for Alice to back up and synchronize those files across multiple devices (desktop, laptop, tablet, smartphone, etc.). The servers are always online, avoiding the hassle of having to connect pairs of devices for synchronization. Second, cloud storage also provides an easy way for Alice to share documents with another user Bob. Google Docs (which uses Google Drive) has become one of the most popular mechanisms for collaborative document editing, avoiding the hassle of Alice and Bob constantly sending revised copies of documents by email. Third, cloud storage provides an easy way for Alice to make her documents searchable by Bob.

These features also create huge security and privacy problems. Even when the Internet connections between Alice, Bob, and the cloud provider are protected against eavesdroppers (see WP2), the cloud providers themselves can see Alice's files and Bob's searches. The cloud providers can also modify Alice's files; for example, news reports in April 2014 indicated that Microsoft inserts tracking information into documents stored on OneDrive. Data from hundreds of millions of users is thus centralized on a few sites, giving those sites incredible power. Today this data is sold en masse to advertisers, exposed en masse to attackers, and subjected to increasingly sophisticated systems of censorship.

There has been considerable progress in designing, implementing, and deploying cryptographic solutions to these problems, while still preserving the usability advantages of cloud storage. Unfortunately, none of these solutions were designed for long-term security. Each advance in computer power available to the attacker will (1) retroactively expose huge amounts of private data and (2) require a round of expensive upgrades, with all users forced to deploy new software and reencrypt all files. The goal of WP3 is to escape this cycle of insecurity, by finding confidence-inspiring solutions that can be deployed today and that will not need to be replaced in the foreseeable future.

Last modified: 2015.04.01