The research on cryptography for the Internet of Things (IoT) has focused on the design and cryptanalysis of lightweight methods for (authenticated encryption). On the one hand, novel design criteria have been proposed and analyzed, such as techniques to design building blocks that minimize the energy consumption, gate count or latency and building blocks that are easier to protect against side channel attacks. On the other hand, cryptanalytic techniques have been improved including algebraic attacks, interpolation attacks, and new quantum algorithms for second preimages. This dual approach is essential as confidence in cryptographic primitives can only be created by a careful analysis of the strength and weaknesses of novel designs.
For cloud applications, the project has focused on two challenges. The first one has been the study of novel cryptographic primitives that will resist attacks on future quantum computers (so-called post-quantum cryptography). The second one has been to create novel techniques for several flavors of secure computation, including computing on encrypted data (fully homomorphic encryption), controlled decryption of data (functional encryption) and jointly computing on privately stored data without sharing this data (secure Multi-Party Computation). The results include the identification of flaws in proposed schemes and the creation of new proposals with increased performance or reduced communication overhead. Finally, applications have been studied of these techniques such as the evaluation of machine learning algorithms in the encrypted domain and the study of querying capabilities on encrypted data.
A third line of research focused on physical security, usability and deployment; to this end, it developed innovative implementations; these implementations offer improved security/performance tradeoffs and resist powerful side channel attacks that exploit physical properties of the implementations. The research has focused on building such countermeasures against such attacks; unlike in earlier work, these countermeasures are included during the design of the primitive (cf. supra) or integrated in the design flow rather than added afterwards. The most powerful of these attacks are white box attackers, who have full control of the execution of the cryptographic algorithm (which is the case for typical IoT software environments); for this setting novel attack models and attacks have been studied. Several secure implementations have been developed for lightweight ciphers (IoT setting) and for post-quantum algorithms (cloud setting).
The project has contributed to several open international competitions, including the Whibox competition (organized by CryptoExperts) and the postquantum and lightweight competition organized by NIST (National Institute of Standards and Technology, US). These competitions have given the research a high visibility and impact at an international level.
Regarding dissemination, the project used Twitter for fast communication of project activities. Almost 300 tweets were sent out towards more than 1150 followers. The project’s ECRYPT Blog has been used to disseminate longer stories. An important goal of the Blog was to make complicated cryptographic results easily accessible to a wider audience. The ESRs were encouraged to post regularly to the blog on papers they have read, conferences they have visited, or their own results. So far 110 blogposts have been written, those attracted 171.899 views.
The fellows held 74 public talks at different occasions; 6 rump session presentations, 25 paper presentations at conferences, 38 presentations at ECRYPT-NET schools and 7 during outreach activities. The conference venues included some top venues in the field including CRYPTO, EUROCRYPT, FSE, CHES, TCC, Asiacrypt, RWC, SAC and ACNS. In this way research results were disseminated towards more than 5000 people of the research community.
The ESR fellows organized outreach activities, targeting the general public. Some fellows gave interactive lectures to secondary school pupils, other created crypto puzzles or mathematical challenges for online crypto contests or math competitions. The outreach activities turned out to be an excellent way to reach a young audience. Eventually 55 publications were produced, of which 18 journal papers and 37 conference papers. The conference publications included some of the most competitive conferences in the field such as EUROCRYPT, CRYPTO, Fast Software Encryption (FSE), Theory of Cryptography (TCC), Selected Areas in Cryptography (SAC), ASIACRYPT, Cryptographic Hardware and Embedded Systems (CHES), ACM CCS, IEEE S&P, and Usenix Security. Together, the fellows published 18 papers at these top venues.