Periodic Reporting for period 2 - ECRYPT-CSA (European Coordination and Support Action in Cryptology)
Reporting period: 2016-09-01 to 2018-02-28
Cryptology is a fundamental enabler for security, privacy and trust. Today cryptographic techniques are widely deployed at the core of computer and network security, and for applications such as digital identification and digital signatures, digital rights management systems, content retrieval, and tamper detection. However, there are a number of important challenges that are not addressed by the current state-of-the-art deployed cryptography. In addition, the threat model for our networks is evolving: cyberphysical systems are spreading and our critical infrastructures are increasingly connected; both require robust and long-term protection. There is also a growing understanding that ubiquitous protection of data using cryptographic algorithms and the distributing trust using cryptographic protocols, can play an important role in effectively reducing and managing the cybersecurity risks.
Europe is playing a leading role in the area of cryptology. The International Association of Cryptologic Research (IACR, 1600 members) organizes 3 flagship conferences each year with high quality contributions; one of these is held in Europe. The fast evolutions in the field and the growing need for cryptographic solutions require a strategic approach to bring together academia, industry and governmental stakeholders in order to develop a roadmap and foresight studies and to further build the community as discussed below.
In summary, there are major challenges for academic research and there is a substantial gap between the technologies and tools that are available today and that will be developed in the next five years and the current deployments in industry, that are between ten and twenty years old. There are major challenges with the security of the implementations that have been deployed. Finally, there is a very large potential for complex cryptographic techniques that allow for searching in and operating on encrypted data, proving statements about encrypted data without revealing it, and avoiding single points of failure through distributed architectures. These gaps need to be bridged to a focused action that brings together all key players, resulting in awareness and training, a research agenda, standardization and deployment.
The conclusion of the project is based on twenty workshops that have been organized by the 5 partners: all of these workshops have brought together key players from academia, industry and government. The workshops were focused either on a technology, such as Computing on Encrypted Data (COED) or on an application area, such as cryptocurrencies and block chain. Each workshop has resulted in a white paper that describes the state-of-the-art and research challenges for this particular area. From these whitepapers the key findings have been synthesized in order to arrive at a research agenda; All areas that were assessed as strategically important have been included. The main conclusion of the project is the synthesis of all these key findings and research challenges into a document called 'Final Research Agenda and Foresight Study'.
Europe is playing a leading role in the area of cryptology. The International Association of Cryptologic Research (IACR, 1600 members) organizes 3 flagship conferences each year with high quality contributions; one of these is held in Europe. The fast evolutions in the field and the growing need for cryptographic solutions require a strategic approach to bring together academia, industry and governmental stakeholders in order to develop a roadmap and foresight studies and to further build the community as discussed below.
In summary, there are major challenges for academic research and there is a substantial gap between the technologies and tools that are available today and that will be developed in the next five years and the current deployments in industry, that are between ten and twenty years old. There are major challenges with the security of the implementations that have been deployed. Finally, there is a very large potential for complex cryptographic techniques that allow for searching in and operating on encrypted data, proving statements about encrypted data without revealing it, and avoiding single points of failure through distributed architectures. These gaps need to be bridged to a focused action that brings together all key players, resulting in awareness and training, a research agenda, standardization and deployment.
The conclusion of the project is based on twenty workshops that have been organized by the 5 partners: all of these workshops have brought together key players from academia, industry and government. The workshops were focused either on a technology, such as Computing on Encrypted Data (COED) or on an application area, such as cryptocurrencies and block chain. Each workshop has resulted in a white paper that describes the state-of-the-art and research challenges for this particular area. From these whitepapers the key findings have been synthesized in order to arrive at a research agenda; All areas that were assessed as strategically important have been included. The main conclusion of the project is the synthesis of all these key findings and research challenges into a document called 'Final Research Agenda and Foresight Study'.
The ECRYPT-CSA project started in March 2015 and ran for 36 months.
The methodology adopted by WP1-4 is to organize workshops on the specific topics that we have identified. The workshops brought together a spectrum of key players in the area in particular experts from academia and industry.
WP1 – Symmetric Key (TASKS Authenticated encryption, Ultra low energy/power cryptography, White Box Crypto, RNG and Symmetric cryptography designed for side channel and fault resistance)
WP2 - Public Key and Protocols (TASKS Tools for asymmetric cryptanalysis, Computing on Encrypted Data, Cryptographic protocols for small devices, Tools for Security modelling and proofs, and Crypto Policies)
WP3 - Secure and Efficient Implementations (TASKS Cryptocurrencies, Security evaluation of implementations, Software benchmarking, Hardware benchmarking and PQ crypo)
WP4 - Core application areas driven by industry/government needs (TASKS Post-Snowden crypto for the Internet, Privacy Enhancing Technologies, Cryptographic standards and evaluations, Protocols with complex functionalities and Workshop on IoT)
WP5 - Standardization:
- Identified key players in cryptology standardization (including ISO, NIST, IETF) and in EU research projects in cryptology (PQCRYPTO, SAFEcrypto) and established contact with them.
- Consultation and update of the Algorithms and Key Length and Parameters document (D5.2); this is particularly important since ENISA has decided to not publish a new version in 2016.
- Coordination of input to ISO, NIST, and IETF on hot topics such as authenticated encryption, lightweight cryptology, postquantum cryptology, elliptic curve cryptology.
The main outcome of the project are the research challenges on various technologies and application areas that have been defined in the 20 white papers.
Another valuable result of the project is the ECRYPT-CSA Report on Algorithms, Key Size and Parameters, that is already widely adopted by European industry.
Thanks to the efforts of the NoEs ECRYPT and ECRYPT II, ECRYPT-CSA and the research network ECRYPT.NET there is a strong collaboration between key players in Europe.
The results of the project have been disseminated towards different target groups through websites, social media, standardization activities, advertisement and presentations at major conferences, training activities and research papers.
The methodology adopted by WP1-4 is to organize workshops on the specific topics that we have identified. The workshops brought together a spectrum of key players in the area in particular experts from academia and industry.
WP1 – Symmetric Key (TASKS Authenticated encryption, Ultra low energy/power cryptography, White Box Crypto, RNG and Symmetric cryptography designed for side channel and fault resistance)
WP2 - Public Key and Protocols (TASKS Tools for asymmetric cryptanalysis, Computing on Encrypted Data, Cryptographic protocols for small devices, Tools for Security modelling and proofs, and Crypto Policies)
WP3 - Secure and Efficient Implementations (TASKS Cryptocurrencies, Security evaluation of implementations, Software benchmarking, Hardware benchmarking and PQ crypo)
WP4 - Core application areas driven by industry/government needs (TASKS Post-Snowden crypto for the Internet, Privacy Enhancing Technologies, Cryptographic standards and evaluations, Protocols with complex functionalities and Workshop on IoT)
WP5 - Standardization:
- Identified key players in cryptology standardization (including ISO, NIST, IETF) and in EU research projects in cryptology (PQCRYPTO, SAFEcrypto) and established contact with them.
- Consultation and update of the Algorithms and Key Length and Parameters document (D5.2); this is particularly important since ENISA has decided to not publish a new version in 2016.
- Coordination of input to ISO, NIST, and IETF on hot topics such as authenticated encryption, lightweight cryptology, postquantum cryptology, elliptic curve cryptology.
The main outcome of the project are the research challenges on various technologies and application areas that have been defined in the 20 white papers.
Another valuable result of the project is the ECRYPT-CSA Report on Algorithms, Key Size and Parameters, that is already widely adopted by European industry.
Thanks to the efforts of the NoEs ECRYPT and ECRYPT II, ECRYPT-CSA and the research network ECRYPT.NET there is a strong collaboration between key players in Europe.
The results of the project have been disseminated towards different target groups through websites, social media, standardization activities, advertisement and presentations at major conferences, training activities and research papers.
In terms of creating a community and developing a research agenda, ECRYPT-CSA has reached its goals in each of the three technical work packages (WP1-2-3).
In terms of application areas (WP4), the work on post-Snowden crypto was clearly important in managing to identify new research challenges that arise from changing threat models. The project has discussed these challenges at a large number of venues, both oriented towards academia (Eurocrypt, Symposium on Access control Models and Technologies, IEEE QRS) as in more policy- and industry-oriented fora (ISSE, Infosecurity, European Parliament).
European researchers in cryptography have played a leading role at the international stage.
This has also resulted in strong expertise in EU industry in areas such as embedded security, smart cards, payment systems and content protection. However, in the area of crypto standardization, cryptographic evaluations and crypto policy the EU has not achieved its full potential. Currently, the most relevant standardization efforts are driven by NIST. A second important player is the IETF, which, in spite of its open nature, is in part also dominated by large US vendors. This is surprising as EU researchers are the driving technical force behind many specific cryptographic standardization initiatives (e.g. AES competition, SHA-3 competition, post-quantum competition, TLS 1.3 development). The EU should develop a cryptographic policy. A starting point for this development could be the ECRYPT-CSA Report on Algorithms, Key Size and Parameters, that is already widely adopted by European industry. Of course a cryptographic policy goes well beyond specifying algorithms and parameters: a cryptographic infrastructure should be developed, as well as policies for accreditation, certification, and evaluation.
Thanks to the efforts of the NoEs ECRYPT and ECRYPT II, ECRYPT-CSA and the research network ECRYPT.NET there is a strong collaboration between key players in Europe.
In terms of application areas (WP4), the work on post-Snowden crypto was clearly important in managing to identify new research challenges that arise from changing threat models. The project has discussed these challenges at a large number of venues, both oriented towards academia (Eurocrypt, Symposium on Access control Models and Technologies, IEEE QRS) as in more policy- and industry-oriented fora (ISSE, Infosecurity, European Parliament).
European researchers in cryptography have played a leading role at the international stage.
This has also resulted in strong expertise in EU industry in areas such as embedded security, smart cards, payment systems and content protection. However, in the area of crypto standardization, cryptographic evaluations and crypto policy the EU has not achieved its full potential. Currently, the most relevant standardization efforts are driven by NIST. A second important player is the IETF, which, in spite of its open nature, is in part also dominated by large US vendors. This is surprising as EU researchers are the driving technical force behind many specific cryptographic standardization initiatives (e.g. AES competition, SHA-3 competition, post-quantum competition, TLS 1.3 development). The EU should develop a cryptographic policy. A starting point for this development could be the ECRYPT-CSA Report on Algorithms, Key Size and Parameters, that is already widely adopted by European industry. Of course a cryptographic policy goes well beyond specifying algorithms and parameters: a cryptographic infrastructure should be developed, as well as policies for accreditation, certification, and evaluation.
Thanks to the efforts of the NoEs ECRYPT and ECRYPT II, ECRYPT-CSA and the research network ECRYPT.NET there is a strong collaboration between key players in Europe.