Waterloo’s Long Record of Cybersecurity Accomplishments

Waterloo has built on expertise in mathematics to focus on cryptography, and had its first commercial impact finding a vulnerability in a discrete logarithm cryptosystem chip that HP intended to bring to market.

Experts in Combinatorics and Optimization (C&O) and Electrical and Computer Engineering (ECE) focused on the use of elliptic curves for public key cryptosystems, and their interest in the robustness of classic cryptography in a world with available quantum computing was a partial attraction for the first quantum researchers at Waterloo, who seeded the formation of the Institute for Quantum Computing. In the past 10 years, experts in Internet and mobile security and privacy have been attracted to Waterloo’s cryptography effort.

Waterloo’s privacy researchers have created and transferred systems, such as Off-the-Record Messaging, adopted by creators of popular instant messaging applications. 

Significant Research Results

Over the past 10 years, Waterloo researchers in cryptography, security and privacy have achieved important advances that have attracted international attention and adoption. Recent research highlights include:

  • A digital signature scheme for the protection of data, giving partial message recovery, based on elliptic curves, developed by Vanstone and Pitney-Bowes industry collaborator Pintsov, and adopted as an ANSI standard in 2009.
  • A scheduling algorithm for the Tor anonymity-preserving network, based on the exponentially weighted moving average for the number of cells sent on each circuit, was adopted by Tor in 2010.
  • Off-The-Record Messaging (OTR) has been widely adopted, implemented and extended, to provide security and privacy for instant messaging (IM) networks.
  • Key results in quantum communication, including proof that zero-knowledge protocols are secure against quantum attacks.

Spin-offs

Cryptography researchers at Waterloo have created a successful spin-off company to commercialize public key cryptography, resulting in adoption by U.S. National Security Agency for use in government and commercial systems.