Cryptography: Examining the Assumptions

Cryptography is a fundamental building block for building information systems, and as we enter the so-called "information age" of global networks, ubiquitous computing devices, and electronic commerce, we can expect that the cryptography will become only more important with time.

This proposal is designed to advance the state of the art in cryptography by examining some of the implicit assumptions that underlie the field. The birth of provable security has contributed significantly to the advances of the field over the past two decades, allowing us to amass strong evidence that - as long as the attacker plays by the rules specified in our formal threat model - the
cryptosystem under consideration is likely to be secure. However, one problem is that, in practice, attackers don't always play by the rules: given the opportunity, they will gladly "cheat." Recent research has shown that there are a surprising number of ways to violate the designer's assumptions, for instance by observing timing measurements, which the model does not allow for.

The goals of practical cryptographic design, then, ought to include finding ways to reduce the opportunity for attackers to "cheat," preferably by relaxing our assumptions and broadening our models enough so that the attacker's behavior cannot help but be covered by the model. This is the research agenda that we take up in this project. We propose first to study real systems and case studies of how these assumptions can be violated in practice. A next step is to build a set of practical countermeasures that can be used to strengthen future cryptosystems against these attacks. Finally, we will seek new theoretical tools, techniques, and models for extending the provable security methodology to take into account these failure models. If we succeed, these results will make a positive contribution not only to the practice of cryptography but also to the theoretical foundations of the field.