Cryptography has been a science since the 1940s. But how does it fit into today’s modern world and, most importantly, how can it steer effective cyber security? October is the Cyber Security Awareness Month both in Europe and the U.S., so there couldn’t be a better time for MIRACL’s Chief Crypto Officer, Dr Mike Scott, to explain the status of modern cryptography.
The importance of cyber security has never been clearer. Which, let us remind ourselves, has not always been the case. In the early days with all of the excitement around the potential applications of the Internet of Things, cyber entrepreneurs were gung-ho to push out products, with security either barely considered at all, or else as something to look at for version 2, all the while piously acknowledging security as “being important”.
The problem is that cyber security is complicated and it doesn’t necessarily come cheap and easy. In particular security can, to an extent, negate the convenience of using your product. And if your user experience suffers, and your installation manual gets a lot more complicated, sales are going to suffer. In fact, it is estimated that simply forgetting a password will cause 75% of people to abandon a shopping cart and complexity in general kills 46% of online sales.
Now as you cast around for the right digital tools to augment your security, one of the first you will come across is encryption. AKA ‘cryptography’.
Cryptography is a fascinating field of mathematics. And it has the honour of being the original computer application. It has, in its modern form, been around since the 1940s, although of course it has existed in paper-and-pencil form for thousands of years. But it’s the advent of the computer which accelerated its progress and made it into a real science.
Just in time for the advent of the internet, academic cryptographers in the 1970s came up with the beautiful idea of Public Key Cryptography, which in a wonderful piece of serendipity turned out to be exactly what the internet needed to facilitate e-commerce.
But after that things got messy. The security requirements became more subtle and complicated. The old Public Key Cryptography from the 1970s was no longer such a good fit, but it is still the most well-known and deployed technology. It’s hard to think of any other component of information technology which is still using methods from the 1970s.
Problem is that, in the context of cryptography, the traditional interface between academia and industry is particularly difficult. If I were to come up with a better mousetrap I could show it to you, and quite quickly convince you as to its advantages. Not so simple in the crypto world, primarily because there is nothing to see, and, when you find yourself explaining deep mathematics to some-one whose maths education ended at 18, you are already losing.
So, what has been happening with academic cryptography? Has it stood still, has it failed to come up with any new ideas since the 1970s? Not at all! There are lots of great ideas (zero knowledge proof, identity based encryption, attribute based encryption, secret sharing) which are all lingering in the cryptographer’s out-tray, and not getting picked up.
So cryptographers have rather withdrawn in on themselves, just talking to one another at obscure conferences. Making up totally unrealistic scenarios and coming up with weird solutions. That kind of thing. Industry can’t understand what cryptographers are talking about, quickly give up, and revert to using the old tried and tested (and hopelessly outdated) methods. Meanwhile the gap between cyber security requirements and easily deployable cryptographic tools grows wider.
So we need to restart the conversation. Cryptographers need to lay out their wares and patiently explain their capabilities. Industry needs to patiently engage with them and to be open to new ideas. The advent of crypto-currencies and blockchain has opened many eyes to the amazing, often near magical, potential of cryptography.
Already there are promising signs that the problem is being recognised. So let’s get out of this rut we have found ourselves in, and really come to grips with the cyber security challenges.
Dr Michael Scott is Chief Crypto Officer at MIRACL – www.miracl.com, one of the pioneers of Pairing-based Cryptography and the “S” in the widely used BLS and KSS families of elliptic curves. Following a distinguished career of almost 30 years at Dublin City University and an active consultant to both public and private sector, his unmatched depth in knowledge is drawn not only from his academic expertise - he’s published over 100 highly cited papers – but his genuine love of cryptography and the science behind this.
To find out more about MIRACL solutions visit www.miracl.com