Elliptic Curve Cryptography (ECC) in practice
ECC methods are well suited to applications with stringent security requirements and constrained operating environments. It is being deployed in many sectors including government, mobile communications, financial, and digital rights management. Alfred appreciates the applicability of his work. “I’ve been using traditional mathematics in my cryptography research, but often my work has a direct impact on how cryptography is used in practice. When you see research results in use, it’s nice. It’s infectious.”
Alfred is now switching his focus to practice-oriented provable security. “As good as your cryptography is in theory, it has to be secure in practice,” notes Alfred. “In crypto, you assume your attacker is malicious with multiple attack fronts – both physical and virtual. So, I’m moving more into protocol design and analysis of current protocols.”
Alfred has been writing a series of provocative papers titled “Another Look At…” The series looks critically at the rigor of current security proofs for practical cryptographic protocols. Attacks often succeed by finding protocol weaknesses. “When you’re designing an encryption scheme, the proof might be meaningful in the theoretical,” explains Alfred. “The idea of my current work is to encourage people to think more deeply about how the theory actually relates to practice.”
University of Waterloo Mathematics, Annual Report 2006