Cryptography, i.e. the encryption of information, keeps us safe in our daily lives and yet we barely know it’s there. It’s impossible to imagine our digital lives without it, because if data weren’t encrypted by mathematical methods, they could be accessed by anyone. The contents of our chats, our online banking details – all of it would be out in the open. As digitalisation progresses, the amount of data that needs to be thus protected is growing exponentially. This calls for exceptionally robust cryptographic solutions that are both fast and efficient in practice and, at the same time, absolutely secure. Professor Gregor Leander from the Faculty of Computer Science and the Horst Görtz Institute for IT Security at Ruhr University Bochum, Germany, is tackling this challenge in his research project “SymTrust”.
The European Research Council ERC is funding his work with an Advanced Grant amounting to 2.5 million euros for five years. The project will start in summer 2023.
Trust in security
“In the past decades, the primary concern in encryption has been speed, rather than good security arguments,” explains Gregor Leander. His research focuses on symmetric cryptography. This traditional system, which has been around since Caesar, uses a shared secret key known only to the recipient and the sender in order to send and decipher data securely. On digital devices, these processes run in the background, so that users are unaware of them. “Today, symmetric cryptography, alongside asymmetric cryptography, is everywhere, because basically everything, every internet connection, every car key and every mobile phone call, is encrypted.” Common methods such as the Advanced Encryption Standard (AES) are considered absolutely secure today, because they have been researched for many years and yet haven’t been cracked. “However, we need strong security arguments as to why encryptions are secure. The assumption ‘It’s secure because no one has broken it yet’ is not a good argument as far as I’m concerned. In this digital world, we can’t afford for our cryptography to be broken on a large scale,” argues Gregor Leander.
This is why he intends to use his ERC Advanced Grant SymTrust to develop new symmetric methods that are based on sound security arguments from the outset and can work efficiently and quickly within their implementation, i.e. the practical application. “It’s a great honour to be funded by the European Research Council for this high-risk/high-gain project. I’m looking forward to spending five years of my life researching such an exciting topic with excellent PhD students and postdocs.”
New approach to cipher development
In order to implement his ideas, the symmetric cryptography researcher plans to approach the development of ciphers, i.e. encryption, from a different angle than has been standard practice so far. At the moment, the design process is based on a trial-and-error principle: the cipher is designed, built into the technical environment with efficiency in mind and only then is an attempt made to attack it. If the attack is successful, the cipher is readjusted and the process starts all over again. This can sometimes take years – a timeframe that modern development processes essentially cannot afford. This is why a recurring problem in industry is that security takes a back seat. “I want to design ciphers that can serve today’s and tomorrow’s applications and are underpinned with security arguments that can be trusted straight away without having to wait years for them to be validated,” says Leander. To this end, he and his team have to thoroughly research currently existing ciphers and study the conditions of cryptanalysis, i.e. the science of breaking ciphers, in depth.
The resulting findings will be used to eventually develop a new concept for symmetric cryptography that aims to set new standards in the encryption of information for both industry and academia.