The latest in top-level theory on cryptographic methods to protect data online was on the agenda as over 130 of the world’s top minds in the field of computer cryptography gathered at Bar-Ilan University last month for the second annual Winter School on Cryptography.
The subject is not as esoteric and arcane as it sounds, since cryptographers’ discussions evolve into the products and services that allow the technology world to thrive. And with hacking so much in the news lately, proper application of cryptographic principles and methods takes on even greater importance, said Yehuda Lindell of Bar-Ilan University’s computer science department.
Cryptography is one of those features without which modern computing just would not be possible, ensuring that data is protected, especially over the internet. Using cryptographic formulas, data is scrambled, so that if a hacker is able to actually reach the data, it won’t make any sense to him or her. In order to read the data, you need a key – a piece of software that can set the scrambled code back into its correct order.
While current cryptographic methods have served the computing world well in recent years, an evaluation of computer cryptography method is needed now more than ever, said Lindell, one of the world’s top experts on cryptography. Quantum computers, which can run algorithms and do computations far faster than even conceivable with current digital systems, will be here before you know it — and current cryptographic methods just don’t work with quantum computing systems. Quantum computing may be in its infancy now, Lindell told The Times of Israel, “but it pays to be prepared.”
That was one of the reasons that this year’s Winter School concentrated on lattice theory, an area of mathematics that has been around since the 1930s but which has shown itself to be very relevant to the quandary of quantum computing cryptography. “Lattice-based cryptography is the only type of cryptography that will work on quantum systems. It’s not practical for today, but will eventually become necessary.”
But lattice-based cryptography has many practical applications, as well, which is one reason why the attendees of the Winter Camp included not just academicians from Israel and around the world (including about 50 from Europe, 15 from the US, and attendees from India, China, Russia, and other countries), but people from industry as well who are searching for better and safer ways to encode data.
Lattice theory can help them as well, said Lindell, because it allows the construction of fully homomorphic encryption schemes, which allow arbitrary computations to be carried out on encrypted data without revealing anything about the data itself. This in and of itself represents a major advancement in data protection in the cloud, Lindell said. “You would be able to encrypt information in an online database, for example, and let someone do computations on it without decrypting it, unlike the situation today where the data must be decrypted in order to be edited.”
Once unencrypted, data can become vulnerable, so keeping the data encrypted under all circumstances would advance security significantly. “Of course more work on this is needed, because it is extremely slow at this point,” Lindell said. “But we’ve shown that it’s possible, and I expect progress to be made on it.
But even current cryptography schemes, when used properly, can ensure data security; in fact, it’s cryptography that makes online computing possible at all. “So far, none of the main encryption schemes in use today, including RSA, DES, and AES have ever been compromised,” Lindell said. “That doesn’t mean data never gets hacked, but when it does the hacking is usually because of another problem, like a database bug that enables hackers to get to the information. Also, sometimes improvements to security schemes, like SSL, are not implemented when a breach is found.”
Problems like that are the ones that he and other cryptography mavens are trying to prevent, said Lindell, and the Winter School provided a great forum for the exchange of ideas to make data safer and more secure.