Cryptographers Léo Ducas from the Centrum Wiskunde & Informatica (CWI) and Peter Schwabe (Radboud University) have won the 2016 Internet Defense Prize. They were awarded the prize with their co-authors Erdem Alkim (Ege University, Turkey) and Thomas Pöppelmann (Infineon Technologies AG, Germany) for their paper ‘Post-Quantum Key Exchange – A New Hope’. The prize was awarded on 10 August 2016 at the 25th USENIX Security Symposium in Austin, Texas. Facebook created the Internet Defense Prize in 2014 through a partnership with USENIX. It consists of 100,000 dollars.
“The information security industry is in a race against time to innovate faster than the adversaries who wish to harm consumers and businesses”, Facebook writes. “However, most security research over-rotates toward offensive, novelty hacks that have little impact on most people’s lives”. To turn the incentive around, the Internet Security Prize is designed to reward researchers who combine a working prototype with significant contributions to the security of the Internet—particularly in the areas of protection and defense.
The winning team proposed an improved cryptosystem, called ‘NewHope’, that is designed to resist attacks by future quantum computers. Such quantum computers would have a devastating impact on the security of our current protocols – an advent sometimes referred as a Cryptocalypse. NewHope can for example be integrated into TLS and HTTPS, two security protocols used by web-browsers. This was recently done by Google, as an experiment toward post-quantum security, and this was featured in Wired.
While other proposal for post-quantum security have been made previously, Facebook says: “Building on previous studies, this new research identified a better suited error distribution and reconciliation mechanism, analyzed the scheme’s hardness against attacks by quantum computers, and identifies a defense against possible backdoors and all-for-the-price-of-one attacks. Using these measures the team was able to increase the security parameter by more than 100 percent, reduce the communication overhead by more than half, and significantly increase computation speed in portable C implementation and current Intel CPUs, all while protecting against timing attacks”.
Léo Ducas is working in the Cryptology group at Centrum Wiskunde & Informatica (CWI) in Amsterdam, headed by Ronald Cramer. Ducas was recently awarded a Veni grant. Peter Schwabe is working at Radboud University in Nijmegen. The research has been partly funded by an NWO Free Competition Grant and by a Public-Private Partnership between CWI and NXP Semiconductors.