Someone recently pointed out that perhaps I should blog a bit more on our own Crypto Blog for Bristol, so have decided to put finger-to-keyboard to pen this end of year message. Not quite up to the standards of the traditional christmas message from Her Majesty, for example this blog does not come in 3D.
So looking back on 2012 what has been the highlights for me? Perhaps most interesting has been the raising in profile of the whole area of "Cyber Security", not only in the UK academic community but also world wide and in the general media. There is a now a widespread understanding that as a society we are ill equipped to deal with the threats posed in the new online world. Whilst some areas are well developed scientifically (for example cryptography is founded on well established scientific principles and lines), other areas of information security are less well ground in science. Indeed many problems in information security cannot be solved by technical means alone; thus we need collaboration with other disciplines such as sociologists, economics, policy, psychology etc to solve many of the problems we face.
But progress is being made:
So looking back on 2012 what has been the highlights for me? Perhaps most interesting has been the raising in profile of the whole area of "Cyber Security", not only in the UK academic community but also world wide and in the general media. There is a now a widespread understanding that as a society we are ill equipped to deal with the threats posed in the new online world. Whilst some areas are well developed scientifically (for example cryptography is founded on well established scientific principles and lines), other areas of information security are less well ground in science. Indeed many problems in information security cannot be solved by technical means alone; thus we need collaboration with other disciplines such as sociologists, economics, policy, psychology etc to solve many of the problems we face.
But progress is being made:
- In the UK an initiative by EPSRC and GCHQ has set up the "Centres of Excellence in Cyber Security Research", of which Bristol is one of the first eight. This initiative aims to not only recognize the excellent research in various disciplines being carried out across the UK, it also aims to bring the community together so as to achieve more. We are using our granting of a centre to try to bring together the interested parties in the so-called "Cyber Corridor" along the M5 in the UK. Alongside this motorway are a number of large companies, SMEs and govenment departments with an interest in Cyber Security. So we are hosting a regular series of evening events to bring this community together.
- A major issue is one of capacity building of the human capital in the area. Many of our problems in this area stem from poor provision in all areas of our education system. Thus another welcome development in 2012 has been the political, educational and industrial push to finally do something about the provision of computing teaching within schools in the UK. Basicly for the non-UK readers this is to move provision from something akin to "Digital Literacy" to a more "Computer Science" based curriculum. This is vital as almost all high powered jobs in the future will be driven by the concept of computational thinking. Eventually the changes in the school curriculum will feed through, and we will have a better trained population to deal with the challenges we will face in the future.
In the area of cryptography the highlight for me has been the rapid advance in the area of Fully Homomorphic Encryption (FHE). The year has seen some major advances, and publications of various techniques. For example we have had various simplifications of the basic ideas from Brakerski in relation to scale invariance, the publication of the Brakerski, Gentry and Vaikuntanathan (BGV) leveled FHE scheme, a deeper understanding of the ring-LWE problem and how to implement schemes based on it by Lyubashevsky, Peikert and Regev. There have also been advances in computational techniques; here Gentry, Halevi and I have shown one can compute homomorphically with only polylogarithmic blowup in terms of computational cost, we have demonstrated that a leveled Somewhat Homomorphic scheme can compute a high degree functionality, and we have shown (with Peikert) how to switch between different ring representations. All of these advances have enabled us to bring the practical goal of FHE closer to reality.
However, perhaps the most interesting outcome of the work on FHE will not be to FHE itself. The interest in FHE has provided two key improvements in other areas of cryptography:
- All FHE schemes are based on lattices and as such are resistant to known quantum algorithms. One by product of the current interest in lattice based schemes is that there is now an efficient quantum secure digital signature scheme based on lattices.
- In joint work with Aarhus the Bristol team has developed a highly efficient Multi-Party Computation protocol which outperforms (both in terms of security and performance) all existing practical instantiations. The protocol amazingly uses FHE technology to make it go faster; which given the current state-of-the-art in FHE performance is at first sight quite surprising.
So what else has Bristol been working on? Quite a lot it turns out, as a look at our list of publications will show. Ranging from very theoretical work through to very applied work. We have looked at various real world protocols (TLS, EMV, the Helios e-voting protocol), deployed products (J2ME installations, Android smartphones), as well as examined issues related to DoS attacks and Role Based Access Control.
Finally, I return to the theme at the start. When 2012 started it would have appeared that the major media interest would focus around the 100th anniversary of the birth of Alan Turing; and indeed there has been a lot of media attention devoted to this event. However, a quick glance at any major media outlet will reveal that probably the major story has been the coverage of all things Cyber Security related. Be they the recent story on the pigeon cipher through to major attacks like the follow on from the Stuxnet incident. It would seem that not a week goes past without some Cyber Security related story appearing on the BBC website at least. Whilst in some sense this can be construed as bad news,on the other hand "all publicity is good publicity". After all, raising awareness will encourage more students into the area, will the profile of the issues amongst the general population, will produce demand for solutions to the problems we face and will encourage more people to come and innovate.
So looking forward may 2013 be as exciting as 2012 has been.
No comments:
Post a Comment