Even though it's invisible to most people most of the time, cryptography is a crucial technology for cybersecurity. In Hub A leader Eike Kiltz's analogy, it's like the foundation of a house: you don't see it, but if it's not there everything else collapses.

In general, cryptography does two things: it ensures that information can only be read by the right people, and it verifies that the information hasn't been tampered with. In our everyday lives, cryptographic protocols protect credit card details in transit between online shoppers and retail sites; it ensures that intercepted mobile phone calls can't be understood by nosy third parties; and it verifies that you're genuinely connected to your bank rather than an account-draining spoof.

**Quantum computers are a major threat**

Hub A studies three main research challenges: post-quantum cryptography, hardening cryptography against mass surveillance, and foundations of privacy.

Quantum computing is the threat looming over public-key - that is, asymmetric - cryptography. In the last decade quantum computing has become clearly feasible, even though when - ten years? 15? - is still an open question. Says Kiltz, "Even if it's 30 years from now and the odds are only 1% that it will happen, the fact that we would lose everything means that 1% is still overwhelming." By "everything", he means that to quantum computers all this encrypted material will fall open, because these machines will be both vastly more powerful and ideally suited to solving the particular mathematical problems that underlie today's encryption algorithms. "Everything" means every asymmetrically encrypted government secret and message implicating a dissenter or whistleblower will effectively be cleartext.

**Bochum researchers are participants in developing new encryption algorithm candidates**

This catastrophic prospect led the US National Institute for Standards and Technology to create a competition to find "post-quantum" or "quantum-resistant" public key encryption algorithms and digital signatures. In June 2020, NIST selected four candidate encryption algorithms and three algorithms for cryptographic signatures out of about 80 first-round submissions. Bochum researchers are participants in developing almost all of these candidates. Most are from Hub A and a few are from Hub B, which is led by Christof Paar and works on embedded security.

Classical public key cryptography is based on two types of mathematical problems that are hard for current computers to solve: factoring large numbers, and solving discrete logarithms. Unfortunately, quantum computing is perfectly adapted for this "cyclical" class of problem. Therefore, the next generation must be based on new and qualitatively different problems such as finding the shortest vector on a mathematical lattice or finding low weight codewords in linear binary codes. Mathematicians have been interested in lattices for centuries; the easiest way for lay people to think of them is as grids expanded into many dimensions - perhaps 500, or 1,000. For the researchers, then, the challenge is to embed such problems in an algorithm that is both fast and resistant to errors of implementation. The work needs both, cryptographic expertise and engineering to understand how it can be embedded in hardware - hence the involvement of Paar's experts.

NIST announced the final candidates in June, and researchers had until October to make final tweaks. Next, the candidates will be subject to cryptanalysis to see which are the most secure and make the best tradeoffs in implementation. This is a crucial element of designing any cryptographic system: it must be resistant to the crypto community's best efforts to break it. NIST will choose its new standards sometime between 2022 and 2024.

Among Edward Snowden's 2013 revelations was the news that the US National Security Agency had undermined widely-used standard components of cryptographic systems, such as elliptic curve random number generators used to generate keys, in order to provide backdoors. Many initiatives to close those holes to both government spying and other types of attacks followed. For its part, Hub A seeks to use techniques known from decades of cryptography research to develop proofs that a particular piece of standardized cryptography is free of such backdoors.

**New challenges we have to face with new communication technologies**

The third research area, foundations of privacy, seeks to apply formal cryptography research to the new privacy tools that are in widespread real-world use. Messaging apps like WhatsApp and Signal, for example, pose new challenges because they provide group, as well as individual, messaging.

"The idea is to do a formal security treatment," Kiltz explains. "How do you formally define these primitives, and what kind of security properties can you prove about them?" What, for example, does it mean to be "anonymous", or "authenticated", especially on systems that, unlike Signal and WhatsApp, don't identify individual users by their phone numbers? Mathematicians like Kiltz begin tackling such questions by describing formally each piece of the process, such as generating public and private keys and encrypting and decrypting messages. Clear definitions make it possible to talk about security and set criteria for success: given a ciphertext, it should not be possible to compute the plaintext or deduce any information about it. With these new group communication protocols, however, "Even a formal definition of what you want to achieve or not is super-difficult," Kiltz says. Also part of this third research area is differential privacy, a technique to make it possible to query a dataset while protecting information about individuals within it.

**Other CASA projects**

Hub A's work on cryptography is one of four projects that make up the cluster of excellence CASA - Cyber Security in the Age of Large-Scale Adversaries at the Horst Görtz Institute for IT Security (HGI) at Ruhr-Universität Bochum (RUB). The other three are "Embedded Security", led by Christof Paar (Hub B); "Secure Systems" led by Thorsten Holz (Hub C); and "Usability", led by Angela Sasse (Hub D). CASA is funded by the German Research Foundation.

*General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.*