Cryptographers Léo Ducas from the Centrum Wiskunde & Informatica (CWI) and Peter Schwabe (Radboud University) have won the 2016 Internet Defense Prize. They were awarded the prize with their co-authors Erdem Alkim (Ege University, Turkey) and Thomas Pöppelmann (Infineon Technologies AG, Germany) for their paper 'Post-Quantum Key Exchange – A New Hope'. The prize was awarded on 10 August 2016 at the 25th USENIX Security Symposium in Austin, Texas. Facebook created the Internet Defense Prize in 2014 through a partnership with USENIX. It consists of 100,000 dollars.
"The information security industry is in a race against time to innovate faster than the adversaries who wish to harm consumers and businesses", Facebook writes. "However, most security research over-rotates toward offensive, novelty hacks that have little impact on most people's lives". To turn the incentive around, the Internet Security Prize is designed to reward researchers who combine a working prototype with significant contributions to the security of the Internet—particularly in the areas of protection and defense.
Post-quantum security
The winning team proposed an improved cryptosystem, called 'NewHope', that is designed to resist attacks by future quantum computers. Such quantum computers would have a devastating impact on the security of our current protocols – an advent sometimes referred as a Cryptocalypse. NewHope can for example be integrated into TLS and HTTPS, two security protocols used by web-browsers. This was recently done by Google, as an experiment toward post-quantum security, and this was featured in Wired.
While other proposal for post-quantum security have been made previously, Facebook says: "Building on previous studies, this new research identified a better suited error distribution and reconciliation mechanism, analyzed the scheme's hardness against attacks by quantum computers, and identifies a defense against possible backdoors and all-for-the-price-of-one attacks. Using these measures the team was able to increase the security parameter by more than 100 percent, reduce the communication overhead by more than half, and significantly increase computation speed in portable C implementation and current Intel CPUs, all while protecting against timing attacks".
Léo Ducas is working in the Cryptology group at Centrum Wiskunde & Informatica (CWI) in Amsterdam, headed by Ronald Cramer. Ducas was recently awarded a Veni grant. Peter Schwabe is working at Radboud University in Nijmegen. The research has been partly funded by an NWO Free Competition Grant and by a Public-Private Partnership between CWI and NXP Semiconductors.
Picture 1: Some of the 2016 Internet Defense Prize winners, sponsored by Facebook: Thomas Pöppelmann on the left, and Peter Schwabe next to him. Prize winners Erdem Alkim and Léo Ducas are not in the picture. Picture: USENIX.
Picture 2: Léo Ducas. Source: L. Ducas.
More information
For a full news item please visit https://www.facebook.com/protectthegraph (posted by Nektarios Leontiadis, a threat research scientist on the Facebook Security team, on Facebook on 11 August 2016)
The paper is available at https://eprint.iacr.org/2015/1092.pdf
If you'd like to learn more about the prize, please visit InternetDefensePrize.org.
Homepage of Léo Ducas (CWI)
Homepage of Peter Schwabe (Radboud University)
Information on the Google tests:
https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html
https://www.wired.com/2016/07/google-tests-new-crypto-chrome-fend-off-quantum-attacks/
About Centrum Wiskunde & Informatica
Founded in 1946, Centrum Wiskunde & Informatica (CWI) is the national research institute for mathematics and computer science in the Netherlands. It is located at Amsterdam Science Park and is part of the Netherlands Organisation for Scientific Research (NWO). The institute is internationally focused and renowned. Over 150 researchers conduct pioneering research and share their acquired knowledge with society. Over 30 researchers are also employed as professors at universities. The institute has generated twenty-three spin-off companies.
About Radboud University
Radboud University is a broad, international oriented university that aspires to be one of the best in Europe. The Institute for Computing and Information Sciences (iCIS) is one of the several major research institutes at Radboud University. It was established to improve the fundamentals of software development via formal, mathematically founded theories, methods and tools that support the specification, design, analysis and evaluation of computer-based systems.
IN THE MEDIA
On the Google tests: https://www.schneier.com/blog/archives/2016/07/googles_post-qu.html
On the prize:
- Het Parool: http://www.parool.nl/amsterdam/amsterdamse-onderzoeker-krijgt-internet-defense-prize~a4358074/
- Tweakers: https://tweakers.net/nieuws/114577/cryptografen-van-cwi-en-radboud-winnen-prijs-voor-new-hope-algoritme.html
- Security.nl: https://www.security.nl/posting/481239/Cryptografen+CWI+en+Radboud+Universiteit+winnen+internetprijs
- Bits & Chips: http://www.bits-chips.nl/artikel/facebook-beloont-deels-nederlands-post-kwantumcrypto-onderzoek-47446.html
- Computable:
https://www.computable.nl/artikel/nieuws/security/5817334/250449/facebook-eert-nl-experts-om-aanpak-kwantum-aanvallen.html
- Automatisering Gids: http://www.automatiseringgids.nl/nieuws/2016/33/prijs-voor-cryptografen-radboud-universiteit-en-cwi
- Engineers Online: http://www.engineersonline.nl/nieuws/id27192-nederlandse-cryptografen-winnen-internet-defense-prize.html
- Executive People: https://executive-people.nl/559432/cryptografen-van-cwi-en-radboud-winnen-prijs-voor-beveiliging-tegen-aanvallen-met-kwantumcomputers.html
- N1 (Nijmegen): http://www.n1.nl/cryptograaf-ru-wint-prijs-voor-beschermingssysteem-computer/nieuws/item?823274
- Marqit.nl: http://www.marqit.nl/newsitem/21209
- Info Security Magazine: http://www.infosecurity-magazine.com/news/facebook-awards-100k-for-2016/
- The Security Ledger: https://securityledger.com/2016/08/facebook-internet-defense-prize-goes-to-post-quantum-key-exchange/
- QUROPE website: http://qurope.eu/db/news/cryptographers-win-2016-internet-defense-prize-research-quantum-safe-cryptography
- QuSOft website: http://www.qusoft.org/2016/08/16/cryptographers-from-the-netherlands-win-2016-internet-defense-prize/
