The work-plan of the CACE project consists of 6 work packages (WPs), whereof five (WP1 – WP5) are of technical nature. WP6 is concerned with project management, dissemination and standardisation.
On the highest layer of the architecture (see figure above) we have the tools developed in WP3 and WP4, respectively, which will make cryptographic protocols called zero-knowledge proofs of knowledge (ZK-POK) and secure multiparty computations available to software engineers:
Securing Distributed Management of Information is dedicated to facilitating the practical use of secure multiparty computation protocols in real-world applications. To this end, WP4 will develop a language that allows software engineers to specify secure multiparty computations and a compiler which transforms these specifications into executable code.
Bringing Proofs of Knowledge to Practice focuses on ZK-POK and the rapid and error-free implementation of such protocols by non-experts. The approach taken to reach this objective is conceptually similar to the one in WP4: WP3 will develop a compiler that, given a high-level specification of the goals of a ZK-POK, automatically finds and generates a protocol that meets the specification along with code that implements the protocol.
The intermediate layer of the CACE architecture – which is developed in WP2 – consists of a library that provides secure networking and crypto functionality that is common to the tools developed in WP3 and WP4:
Accelerating Secure Networking will provide all of the core operations needed to build high-level cryptographic tools such as zero-knowledge compilers (WP3) and systems based on multiparty computation (WP4). It will contain a new easy-to-use high-speed software library for network communication and basic cryptographic primitives such as encryption, signatures, etc. On the one hand, this will ensure that there is no redundancy in WP3 and WP4. On the other hand, NaCl library will also constitute an independent deliverable of the CACE project, as it will offer generic functionality that can be useful in many application areas where an efficient infrastructure for secure communication is needed.
On the lowest layer of the CACE architecture we have the tools developed by WP1:
Automating Cryptographic Implementation addresses the efficient and secure implementations of low-level cryptographic primitives (such as encryption schemes and digital signatures, including symmetric cryptographic primitives). The tools of WP 1 will deliver optimizations that are hard to do by hand, and in addition will be capable of automatically detecting and eliminating physical security vulnerabilities such as side-channel attacks. The approach taken in this WP is again compiler based: a language will be developed that allows to specify the desired cryptographic computations, which are then transformed into executable code by an optimizing, security-aware compiler.
Finally, there is WP5, which contributes to the global consistency of the CACE toolbox by handling security and correctness assertions in the tools and libraries developed in WP1 through WP4:
Formal Verification and Validation aims to globally address both functional and security requirements in resulting cryptographic software implementations, analyzing the transformations between different levels of abstraction, and resorting to previous scientific results in the formal validation, verification and certification of secure software.