Cryptographer Léo Ducas from the Centrum Wiskunde & Informatica (CWI) has won the 2016 Internet Defense Prize.
He was awarded the prize with his co-authors Erdem Alkim (Ege University, Turkey), Thomas Pöppelmann (Infineon Technologies AG, Germany) and Peter Schwabe (Radboud University) for their paper 'Post-Quantum Key Exchange – A New Hope'. The prize was awarded on 10 August 2016 at the 25th USENIX Security Symposium in Austin, Texas. Facebook created the Internet Defense Prize in 2014 through a partnership with USENIX. It consists of 100,000 dollars.
"The information security industry is in a race against time to innovate faster than the adversaries who wish to harm consumers and businesses", Facebook writes. "However, most security research over-rotates toward offensive, novelty hacks that have little impact on most people's lives". To turn the incentive around, the Internet Security Prize is designed to reward researchers who combine a working prototype with significant contributions to the security of the Internet—particularly in the areas of protection and defense.
The winning team proposed an improved cryptosystem, called 'NewHope', that is designed to resist attacks by future quantum computers. Such quantum computers would have a devastating impact on the security of our current protocols – an advent sometimes referred as a Cryptocalypse. NewHope can for example be integrated into TLS and HTTPS, two security protocols used by web-browsers. This was recently done by Google, as an experiment toward post-quantum security, and this was featured in Wired.
While other proposal for post-quantum security have been made previously, Facebook says: "Building on previous studies, this new research identified a better suited error distribution and reconciliation mechanism, analyzed the scheme's hardness against attacks by quantum computers, and identifies a defense against possible backdoors and all-for-the-price-of-one attacks. Using these measures the team was able to increase the security parameter by more than 100 percent, reduce the communication overhead by more than half, and significantly increase computation speed in portable C implementation and current Intel CPUs, all while protecting against timing attacks".
Léo Ducas is working in the Cryptology group at Centrum Wiskunde & Informatica (CWI) in Amsterdam, headed by Ronald Cramer. Ducas was recently awarded a Veni grant. Peter Schwabe is working at Radboud University in Nijmegen. The research has been partly funded by an NWO Free Competition Grant and by a Public-Private Partnership between CWI and NXP Semiconductors.
For a full news item please visit https://www.facebook.com/notes/protect-the-graph/2016-internet-defense-p... (posted on Facebook on 11 August 2016 by Nektarios Leontiadis, who is a threat research scientist on the Facebook Security team)
The paper is available at https://eprint.iacr.org/2015/1092.pdf
More about the prize: InternetDefensePrize.org.
Homepage of Léo Ducas (CWI): http://homepages.cwi.nl/~ducas/
Homepage of Peter Schwabe (Radboud University): https://cryptojedi.org/peter/
Thomas Pöppelmann in LinkedIn: https://de.linkedin.com/in/thomas-p%C3%B6ppelmann-1875bb8a
Homepage of Erdem Alkim: http://erdemalkim.github.io/
Information on the Google tests:
Information about the Dutch partners:
About Centrum Wiskunde & Informatica
Founded in 1946, Centrum Wiskunde & Informatica (CWI) is the national research institute for mathematics and computer science in the Netherlands. It is located at Amsterdam Science Park and is part of the Netherlands Organisation for Scientific Research (NWO). The institute is internationally focused and renowned. Over 150 researchers conduct pioneering research and share their acquired knowledge with society. Over 30 researchers are also employed as professors at universities. The institute has generated twenty-three spin-off companies. See http://www.cwi.nl
About Radboud University
Radboud University is a broad, international oriented university that aspires to be one of the best in Europe. The Institute for Computing and Information Sciences (iCIS) is one of the several major research institutes at Radboud University. It was established to improve the fundamentals of software development via formal, mathematically founded theories, methods and tools that support the specification, design, analysis and evaluation of computer-based systems.