Advancements in cybersecurity and privacy
University of Waterloo has a long history of success in cybersecurity, specifically in the area of cryptography. Waterloo first made a commercial impact by identifying a vulnerability in a discrete logarithm cryptosystem chip that HP planned to release.
Researchers in Combinatorics and Optimization (C&O) and Electrical and Computer Engineering (ECE) focused on using elliptic curves for public key cryptosystems and the resilience of traditional cryptography in a world with quantum computing. These efforts attracted some of the first quantum researchers to the University of Waterloo and helped establish the Institute for Quantum Computing.
Waterloo’s privacy researchers have also created and transferred systems, such as Off-the-Record Messaging, that have been adopted by creators of popular instant messaging applications.
Select research accomplishments of the university include:
Developing quantum safe systems
Norbert Lütkenhaus and Michele Mosca developed an open-source platform for the numerical analysis of generic QKD protocols, which helps lower the entry threshold for new researchers exploring improved protocols. OpenQKDSecurity serves as a platform for interaction between different research communities (experimentalists, cryptographers, mathematicians) that can work on those aspects that correspond to their respective strengths.
Improved privacy of Tor Onion Services
Ian Goldberg and his group have contributed significantly to the Tor platform, including implementing private information retrieval for onion services (PIR for Onion Services) and using trusted execution environments (ConsenSGX), such as Intel SGX, to allow Tor clients to fetch only small parts of the network consensus document without exposing them to epistemic attacks. The group also has implementations old and new website fingerprinting attacks and defenses, and they also created a toolkit and network emulation-based testbed (ExperimenTor) to support Tor research in a realistic, safe, and scalable manner.
Post quantum cryptography standardization
Douglas Stebila is a co-author of theFrodoKEM protocol which is one of 69 proposed submissions for the United States National Institute of Standards and Technology Post-Quantum Cryptography Standardization Project. In December 2019, the German Federal Office for Information Security began recommending FrodoKEM as one of two algorithms suitable for post-quantum security.
Differential privacy for databases
In a book called "Differential Privacy" [ANA1], Xi He and her colleague Joseph P. Near explained how to protect privacy using mathematical equations. The book is part of the Foundations and Trends in Databases series. It covers the latest techniques for differential privacy with a focus on answering questions from databases, useful algorithms and their uses, as well as systems and tools to implement them. These techniques are important for creating private database systems. The methods in the book have already been used to create working systems and will likely lead to more widespread use of differential privacy in the future.