Security | News

UC Santa Barbara Cryptologists Vow To Build Stronger Encryption

• By Dian Schaffhauser
• 08/05/14

Stefano Tessaro will lead a team researching provable security at the University of California Santa Barbara. Photo Credit: Sonia Fernandez.

A University of California Santa Barbara cryptologist has been awarded $499,000 by the National Science Foundation to pursue work related to secret key cryptography. This is the practice by which communicating parties use a shared secret key to encrypt and authenticate data — a key that's hidden from the attacker. Assistant Professor Stefano Tessaro will be working with a research team to address two shortcomings of current symmetric key cryptography: the lack of provable security for existing block ciphers and the lack of flexibility inherent in block ciphers due to the use of fixed parameters.

With these limitations, said Tessaro, even the Advanced Encryption Standard (AES) — which has become a standard cryptographic algorithm — could be "catastrophically compromised" with a single break-in.

"Security is not proven," he said. "Researchers have tried to break AES with known attacks and failed so far and thus assume that no attack will be found."

That poses a potential problem with an algorithm so widely used. If it's adopted for use in embedded chips and then it's breached, nobody could predict the possible damage. "It's great for efficiency and reliability," Tessaro said. "But if there's a successful attack, the vast majority of the world's electronic communications will suddenly be vulnerable to decryption and hacking."

The most secure cryptographic algorithms as proven mathematically, however, expose another obstacle: Securing even a digital bit is time-consuming. That makes this "provable security" impractical for use by system designers.

Tessaro and his team will be undertaking an investigation that hopes to bridge that gap between security and performance. "The work involves laying down a solid theoretical framework for the development of basic encryption algorithms that are both efficient and provably secure," Tessaro explained. Then the project will focus on ways to build stronger block ciphers based on that framework, techniques that will be widely shared with the security community.

Possibly, Tessaro added, the team will also develop an algorithm based on its findings that could replace common encryption techniques and become a new standard.