Skip to main content

Agile cryptographic solutions for the cloud

Wirkungsvolle Kryptographie-Lösungen für Cloud Computing


Cloud computing, with its estimated market size of 150 billion USD annual turnover, is one of the major growth areas in information and communication technologies today. As a paradigm building on outsourcing of storage and processing, cloud computing suffers from intrinsic security and privacy problems. However, cryptographic research has made substantial progress over the last years and today provides a portfolio of mature cryptographic primitives and protocols suitable for addressing several of these problems in an effective and efficient way. Nevertheless, today’s reality shows that there exists a gap between what is possible and what is actually available in the cloud. We will present a detailed analysis of inhibitors and roadblocks standing in the way of an extensive deployment of cryptographic protection to cloud services, and how organizational and procedural measures may support the practical deployment of cryptography. We conclude our article with an overview of novel cryptographic schemes and their potential for protection of end-user data during storage and processing in the cloud, once they will become widely available.


Mit einem Jahresumsatz im Bereich von 150 Milliarden US Dollar ist Cloud Computing heute der am schnellsten wachsende Sektor im Bereich Informationstechnologien. Doch die Grundlage von Cloud Computing, welches auf dem Outsourcing von Daten und Verarbeitungen beruht, bringt naturgemäß Probleme für die Informationssicherheit und Privatsphäre mit sich. Obwohl die kryptografische Forschung in den letzten Jahren signifikante Fortschritte gemacht hat und im Bereich Cloud Computing eine ganze Reihe von innovativen, anwendbaren Verfahren zur Verfügung stellt, werden diese nicht in nennenswertem Umfang praktisch eingesetzt. Wir werden in dem vorliegenden Artikel die größten Hindernisse analysieren, die einer weiten Verbreitung von kryptografischen Verfahren in Cloud Services im Wege stehen, und aufzeigen, wie dem mittels organisationeller und prozeduraler Methoden entgegengewirkt werden kann. Zum Abschluss möchten wir einige dieser neuartigen Verfahren vorstellen und aufzeigen, was deren Einsatz zu einem wirkungsvollen Schutz von End-User-Daten beitragen kann.

This is a preview of subscription content, access via your institution.


  1.; (both accessed 1.8.2017).


  1. Almeida, J. B., Bangerter, E., Barbosa, M., Krenn, S., Sadeghi, A.-R., Schneider, T. (2010): A certifying compiler for zero-knowledge proofs of knowledge based on sigma-protocols. In ESORICS (pp. 151–167).

    Google Scholar 

  2. Almeida, J. B., Barbosa, M., Bangerter, E., Barthe, G., Krenn, S., Zanella Béguelin, S. (2012): Full proof cryptography: verifiable compilation of efficient zero-knowledge protocols. In ACM CCS (pp. 488–500).

    Google Scholar 

  3. Ateniese, G., Chou, D. H., de Medeiros, B., Tsudik, G. (2005): Sanitizable signatures. In ESORICS (pp. 159–177).

    Google Scholar 

  4. Blakley, G. R. (1979): Safeguarding cryptographic keys. In Proceedings of the national computer conference (Vol. 48, pp. 313–317).

    Google Scholar 

  5. Blaze, M., Bleumer, G., Strauss, M. (1998): Divertible protocols and atomic proxy cryptography. In EUROCRYPT (pp. 127–144).

    Google Scholar 

  6. Camenisch, J., Krenn, S., Lehmann, A., Mikkelsen, G. L., Neven, G., Pedersen, M. Ø. (2015): Formal treatment of privacy-enhancing credential systems. In SAC (pp. 3–24).

    Google Scholar 

  7. Fischer-Hübner, S., Köffel, C., Pettersson, J.-S., Wolkerstorfer, P., Graf, C., Holtz, L.-E., König, U., Hedbom, H., Kellermann, B. FP7 project PrimeLife D4. 1.3 – HCI pattern collection. version 2. Available at (accessed 1.8.2017), 2010.

  8. Goyal, V., Pandey, O., Sahai, A., Waters, B. (2006): Attribute-based encryption for fine-grained access control of encrypted data. In ACM CCS (pp. 89–98).

    Google Scholar 

  9. Gorbunov, S., Vaikuntanathan, V., Wee, H. (2015): Attribute-based encryption for circuits. J. ACM, 62(6), 45:1–45:33.

    Article  MATH  MathSciNet  Google Scholar 

  10. Johnson, R., Molnar, D., Song, D., Wagner, D. (2002): Homomorphic signature schemes. In CT-RSA (pp. 244–262).

    Google Scholar 

  11. Krenn, S., Lorünser, T., Striecks, C. (2017) Batch-verifiable secret sharing with unconditional privacy. In ICISSP (pp. 303–311).

    Google Scholar 

  12. Lorünser, T., Slamanig, D., Länger, T., Pöhls, H. C. (2016): PRISMACLOUD tools: a cryptographic toolbox for increasing security in cloud services. In ARES (pp. 733–741).

    Google Scholar 

  13. Lorünser, T., Happe, A., Slamanig, S. (2015): ARCHISTAR: towards secure and robust cloud based data sharing. In: CloudCom (pp. 371–378).

    Google Scholar 

  14. Länger, T., Pöhls, H. C., Ghernaouti, S. (2016): Selected cloud security patterns to improve end user security and privacy in public clouds. In Proceedings of the ENISA Annual Privacy Forum 2016, LNCS vol. 9858. Berlin: Springer (pp. 115–132).

    Google Scholar 

  15. Rogaway, P. The moral character of cryptographic work. Cryptology ePrint archive, report 2015/1162. 2015.

  16. Shamir, A. (1979): How to share a secret. Commun. ACM, 22(11), 612–613.

    Article  MATH  MathSciNet  Google Scholar 

Download references


This work has been done in projects that have received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 644962 (PRISMACLOUD) and No. 653454 (CREDENTIAL).

Author information

Authors and Affiliations


Corresponding author

Correspondence to Thomas Lorünser.

Rights and permissions

Reprints and Permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lorünser, T., Krenn, S., Striecks, C. et al. Agile cryptographic solutions for the cloud. Elektrotech. Inftech. 134, 364–369 (2017).

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: