The mathematics of security - Oxford Mathematics researchers and undergraduates expose security flaw

As recent breaches have demonstrated, security will be one of the major concerns of our digital futures. The collective intelligence of the mathematical community is critical to finding these flaws. A group of Oxford Mathematicians, both researchers and undergraduates, have done just that.

SecureRF is a corporation founded in 2004 specialising in security for Internet of Things (IoT), i.e. devices with low processing power that require ultra-low energy consumption, whose partners include the US Air Force. SecureRF has also collaborated with Intel to develop an implementation of WalnutDSA on secure field-programmable gate arrays. WalnutDSA (trademarked by SecureRF) is an example of  a digital signature algorithm, a mathematical scheme for demonstrating the authenticity of digital messages (like a real signature, but digital). Walnut DSA uses high-level mathematical techniques from permutation groups, matrix groups and braid groups, and is designed to provide post-quantum security in lightweight IoT device contexts.

The Oxford Team attacked the algorithm by bypassing the E-Multiplication and cloaked conjugacy search problems at its heart, forging signatures for arbitrary messages in approximately two minutes. Thanks to this cryptanalysis, the scheme has now been modified accordingly and an upgrade that corrects the security risk submitted to the National Insititute of Standards and Technology (NIST) competition for Post Quantum Cryptography.

One of the most pertinent and inspiring parts of the story is that the exposure was the result of a collaboration between researchers Giacomo Micheli and Christophe Petit and undergraduates Daniel Hart, DoHoon Kim, Guillermo Pascual Perez and Yuxuan Quek - the work was one of the summer projects that Oxford Mathematics uses to develop and inspire its undergraduate mathematicians, giving them a taste of rigorous research. 

A fuller explanation can be found here and will be presented at PKC 2018, the 21st edition of the International Conference on Practice and Theory of Public Key Cryptography.