Cryptography: Bridging Theory and Practice

Cryptography is a discipline that has undergone rapid and extensive development in the last 30 years. It has become a rich academic subject in its own right, existing as a sub-discipline of theoretical computer science. It also has deep connections with areas of mathematics such as number theory and algebra. At the same time, cryptography is inherently an applied subject, underpinning the security of e-commerce, banking networks, mobile telecommunications, business-to-business collaboration on the Internet, and much more besides. This means that pragmatic, engineering aspects of cryptography are of vital importance.As the field has developed, so has it fragmented, to the point where potentially dangerous gulfs in understanding have opened up between theoreticians on the one side and practitioners on the other. Currently, few researchers are attempting to close the gaps between theory and practice in cryptography. Indeed, with only a small number of exceptions, researchers in academia largely work on theoretical topics, while practitioners are focussed on providing standards-compliant implementations.The principal aim of this Fellowship, then, is to make a systematic attempt to bridge the divide between theory and practice in cryptography, with the ultimate objectives being to create theory that is more useful and systems that are more secure. The means by which these aims will be achieved are both technical and organisational, and are grouped into three main themes:1. I will build on my previous work on globally deployed protocols such as IPsec and SSH, continuing to look for weaknesses in cryptographic specifications and implementations. I will also seek to understand how these weaknesses can be addressed in practical ways. 2. Using knowledge gained from the first activity, I will develop extensions of current theory that permit more realistic modeling of cryptographic primitives as they are used in fielded systems. 3. I will seek to engage with both the theoretical community and practitioners in an attempt to bring them back together again. This will be done by a variety of methods:* I will seek to establish a new series of workshops focussed on applied aspects of cryptography.* Through my position on the editorial board of the Journal of Cryptology, I will propose and guest-edit a special issue dedicated to applied cryptography. * I will continue to work with standardisation bodies such as ISO and the IETF.* I will work with industry through forums such as I4 and CPNI to keep practitioners informed of research developments. At the same time, I will maintain my contacts with the academic community, via collaboration, participation in the ECRYPT-II Network of Excellence, and conference attendance, bringing the needs of industry to their attention.* I will continue to engage with the wider public via magazine and press articles of the type engendered by my earlier work. This third activity will necessitate strengthening existing collaborations, developing new ones, and evangelising the general approach of reuniting theory and practice.