Cryptography often fails to impact practice because it is insensitive to the requirements and reality of the systems that implement and underlie it. This research aims to change this. Issues considered include legacy (changing the complex computer systems that make up today's world is expensive and error-prone, so assessing the security of existing methods can be more important than providing new ones), malware (system penetration is widespread, exposing the keys that cryptography relies on for security) and the realities of randomness (it lacks in practice the quality expected in theory, dooming many cryptographic schemes). Work to be done includes assessment of the security of SSL encryption in the face of widespread system compromise, technically known as selective opening; analysis of the PKCS#1 standard for password-based key derivation; design of hedged encryption schemes that retain as much security as possible when the randomness they are fed is of poor quality; and the study and design of cryptography secure against related-key attacks. The impact of this work is higher assurance for existing, deployed cryptography currently used by millions, and new cryptography that is well-placed to transition into real systems.
