Cloudproof Encryption provides libraries and tools to encrypt and securely index large repositories of data with advanced, high-performance security primitives with Post-Quantum resistance.
See an introduction to Cosmian libraries and a description of the cryptosystems used.
The libraries are available in multiple languages to facilitate encryption close to the data source and decryption close to the decryption target, including mobile devices and browsers.
The Cloudproof Rust repository provides these interfaces such as FFI, WebAssembly and Pyo3 to run :
- FFI interface is used by:
- cloudproof_java: the Cloudproof Java Library
- cloudproof_flutter: the Cloudproof Flutter Library
- WebAssembly interface is used by:
- cloudproof_js: the Cloudproof Javascript Library
- Pyo3 interface is used by:
- cloudproof_python: the Cloudproof Python Library
The library is available under a dual licensing scheme Affero GPL/v3 and commercial. See LICENSE.md for details.
These interfaces are based on:
-
CoverCrypt algorithm which allows creating ciphertexts for a set of attributes and issuing user keys with access policies over these attributes.
CoverCryptoffers Post-Quantum resistance. -
Findex which is a cryptographic protocol designed to securely make search queries on an untrusted cloud server. Thanks to its encrypted indexes, large databases can securely be outsourced without compromising usability.
-
FPE provides
Format Preserving Encryption(FPE) techniques for use in a zero-trust environment. These techniques are based on FPE-FF1 which is described in NIST:800-38G.
To build all interfaces (including the FFI, Wasm and Pyo3):
cargo build --release --all-featuresThe latter will build the shared libraries for cover_crypt and findex. On Linux, one can verify that the FFI symbols are present using:
objdump -T target/release/libcosmian_cover_crypt.so
objdump -T target/release/libcosmian_findex.soThe code contains numerous tests that you can run using:
cargo test --release --all-featuresFrom the root directory:
cargo build --release --features ffi,cloudThe .so libraries can then be found in target/release/.
From the root directory:
cargo build --release --features ffiThe .so libraries can then be found in target/release/.
From the root directory:
wasm-pack build -t web --release --features wasmThe .wasm libraries can then be found in pkg/.
These can be used to test new functionalities in cloudproof_js.
From the root directory:
maturin build --release --manifest-path crates/<cover_crypt or findex>/Cargo.toml --features pythonNote: when a new function or class is added to the PyO3 interface, its signature needs to be added to
[**init**.pyi](./crates/<covercrypt or findex>/python/cloudproof<cover_crypt or findex>/init.pyi).
To run tests on the Python interface, run:
bash ./scripts/test_python.shThe .whl libraries can then be found in target/wheels/.
Go to the build directory for an example on how to build for GLIBC 2.17
The benchmarks presented in this section are run on a Intel(R) Xeon(R) Platinum 8171M CPU @ 2.60GHz.
A formal description and proof of the CoverCrypt scheme is given in this paper. It also contains an interesting discussion about the implementation.
The developer documentation can be found on doc.rs
Findex technical documentation can be found here.
The developer documentation can be found on doc.rs
Findex technical documentation can be found here.
All releases can be found in the public URL package.cosmian.com.