While cryptographic research has made great progress in its history, providing strong solutions to a wide variety of problems, its practical utilization lags behind. Only a small fraction of cryptographic designs have been deployed in practice. Moreover, wrong choices are often made and insecure schemes are implemented leading to costly consequences. A similar situation can be seen in research done in many applied computer science disciplines. Increased security and privacy concerns have given rise to many new security-oriented research directions within traditional disciplines. However, the proposed ad-hoc solutions rarely employ results of modern cryptographic research and have proper security analysis, and are often even insecure at closer consideration.
In the PIs view the main reasons for a gap between strong cryptographic research and its poor utilization in industry and other applied research areas are: 1) cryptographers, practitioners and researchers in other computer science areas are disjoint communities that rarely collaborate and often are unaware of state-of-the-art developments of others; 2) cryptographers are perfectionists in that they define and target for very strong security notions while many applications prefer speed to such perfect security, and thus choose ad-hoc protocols; 3) practitioners often make the wrong choices because they lack basic education in cryptography.
The proposed research and educational plan aim to narrow the gap between theoretical cryptographic research and more applied areas of computer science facing the need to secure their applications, by going further than designing general-purpose cryptographic primitives and actually integrating cryptography with the applications. The approach includes the following steps: 1) close collaboration with faculty and students from applied areas such as database systems and computer architecture to rigorously study the emerging applications requiring cryptographic solutions; 2) development of appropriate security definitions for the cases where the existing definitions are too strong in the sense they are unachievable in the setting of a given application or can be achieved only by insufficiently efficient schemes; 3) design of the new protocols for the applications of emerging importance that are simultaneously functional, efficient and provably secure, and improvement of efficiency and reliability of the existing public-key encryption and signature schemes whose relative inefficiency is often an obstacle; 4) continuing outreach activities and quality education on all aspects of modern cryptography.
