The world of ubiquitous networks brings with it many new problems in
securing information within computing systems. Cryptography is a
primary tool for securing computers and networks against adversaries.
Group members are engaged in the study of both theoretical foundations
for cryptography as well as applications to real systems.

### Cryptographic protocols and theoretical foundations

Since the discovery of public key encryption in the 1970s, several
different schemes have been proposed that are secure as far as anyone
can tell. We still lack conclusive scientific proof that any of the
systems in widespread use are secure, and this motivates further work
in the search for provably secure and practical cryptosystems. In
1991, three IBM Almaden researchers proposed a general framework for
constructing "non-malleable" encryption systems that prevent the
construction of ciphertexts for related plaintexts [1]. This led
to the proposal of "plaintext aware" cryptosystems by Bellare and
Rogaway in 1994 [2], and very recently Victor Shoup of IBM Zurich and Ronald Cramer of
ETH Zurich have proposed a practical plaintext-aware cryptosystem that
is resistant to chosen ciphertext attacks [3]. This is exactly
the kind of problem that surfaced in the recent
announcement that the use of RSA's PKCS#1 encryption in SSL is
vulnerable to chosen ciphertext attacks. Fundamental research on
encryption continues to point the way for securing bytes against
adversaries.
Members of the group have also invented a public key
cryptosystem with the desirable property that breaking it is as
hard as breaking the hardest case of the scheme. This discovery
suggests that we can expect more of a cryptosystem, namely that it
should be as strong as its strongest link rather than its weakest
link. A full paper on this is available
online.

References:

**1.** D. Dolev, C. Dwork, and M. Naor,
"Non-malleable cryptography", *Proceedings of the 22nd Annual
Symposium on Foundations of Computer Science*, IEEE (1981),
pp. 542-552.
**2.** M. Bellare and P. Rogaway, "Optimal Asymmetric
Encryption", *Proceedings of Eurocrypt '94*, Springer-Verlag
(1995), pp. 92-111.
**3.** V. Shoup and R. Cramer, "A practical public key
cryptosystem provably secure against adaptive chosen ciphertext attack,
*Proceedings of Crypto '98*, Springer-Verlag, to appear.
**4.** M. Ajtai and C. Dwork, "A public key
cryptosystem with worst-case/average-case equivalence",
*Proceedings of the 29th Symposium on Theory of Computing*, ACM
(1997) pp. 284-293.

### Electronic commerce and intellectual property protection

The ready access to information through networks has the potential to
change our society as fundamentally as the industrial revolution did
over a century ago. Networks are a two-edged sword however, because
the same technology that enables worldwide electronic commerce in
information products also exposes the information to widespread fraud
and abuse. Members of the group are working on new ways to enable
commerce securely, including the delivery of multimedia services, protection
of copyrights, and payment for communication services. One
growing problem in networks is that of unsolicited commercial email,
often referred to as spam. One approach to
solving this problem has been recently proposed by a member of the
department. The basic idea is that prioritization of email can only
be accomplished by a combination of free market forces and
cryptographic key management.
### The role of embedded devices

Moore's law says that microprocessor speed doubles approximately every
18 months. The most noticeable impact of this is that our desktop
computers are now as powerful as departmental computers of only a few
years ago. Moore's law is driven by miniaturization of discrete
components, which allows more capability to be packed into a
microprocessor. This same trend in miniaturization also allows small
embedded devices to perform tasks that used to be relegated to
desktop machines. We are investigating the use of small processing
devices as information security tools, including applications to
key management and network security.

**
[
IBM Research |
IBM home page |
Order |
Search |
Contact IBM |
Help |
(C) |
(TM)
]
**