If you’ve ever swiped a credit card, filed a tax return, owned a smartphone, or voted in a presidential election, you’ve probably either been a victim of data hacking or worried about becoming one. This isn’t paranoia; it’s the new normal. Our communications and transactions are increasingly digital—and that data, whether it’s a sensitive email, a bank deposit, or a vote, is often either not encrypted at all or available unencrypted to anyone who can hack into your server or computer. Cybersecurity has become so important, says professor of computer science Anna Lysyanskaya, that the risk goes far beyond individuals. At stake is the security and functionality of the Internet—and our society. “The price for not using encryption,” she says bluntly, “is a stolen election.”
Indeed, election year 2016, when Russian hackers stole emails and other data from Democratic Party computers, was “a banner year for fraudsters,” according to a study by Javelin Strategy & Research. More than fifteen million consumers—one in sixteen U.S. adults—were victims of identity theft in 2016, up from about thirteen million the year before. In 2014, Target, Neiman Marcus, Home Depot, JP Morgan, and Sony were all hacked, compromising millions of customers’ confidential information.
As more data is uploaded and more devices can transmit that data, thwarting digital theft has become a major national security issue. Three professors at Brown are taking on the data security challenge in innovative ways. Lysyanskaya specializes in “anonymous credentials,” which allow you to prove you’re authorized to do something—receive a document, say, or use a credit card—without revealing any information about yourself. Associate Professor of Computer Science Seny Kamara works on algorithms that will perform functions you want, such as searching your emails, even if your data is encrypted on your server. (In most systems now in use your data is encrypted in transit but unencrypted on your server, which is why you can search it—and why a hacker can, too.) And Elisha Benjamin Andrews professor of mathematics and vice president for research Jill Pipher and her colleagues have come up with a way to keep data safe both now and in the future, when game-changing quantum computers—still in the development phase—become available and able to blow right past current encryption methods.
But the security that encryption provides has a downside. We don’t want hackers to be able to steal our credit card numbers or tamper with our elections, but widespread use of encryption could make it easier to get away with murder, or any other crime. For example, encryption would make it impossible for law-enforcement investigators to peek into the emails of someone suspected of trafficking in child pornography.
“I understand why some people believe that we cryptographers are creating tools for criminals,” Lysyanskaya says. “But you could say that gloves are tools for criminals, too. Criminals use gloves to cover their fingerprints, yes, but most of us wear gloves to protect ourselves from germs or to keep our hands warm. Likewise, encryption’s primary purpose is to protect your data, and you, from criminals, not to protect criminals.”
Privacy advocates such as the American Civil Liberties Union worry that law enforcement lobbyists will pressure Congress to pass legislation that will prohibit the use of encryption or require encryption methods to be so weak they won’t actually protect anything. Internet experts worry, too. Without improving data security, Lysyanskaya says, “the Internet will fall apart completely,” the hackers taking over.
“Some people say privacy is dead,” Kamara says. “I don’t buy that at all. We need to decide what kind of privacy infrastructure we want for the digital world and then build it.”
Protecting data is all about building the right algorithms. Lysyanskaya was drawn to cryptography in grad school at MIT because she loved the math challenge. “To me, at first, it was just pure fun,” she says. “I liked having an endless series of math problems to solve. Back then, I had colleagues who were into encryption for more serious reasons, like keeping their own data safe. They were labeled as paranoiacs.” She laughs ruefully. “Since the 2016 election, no one’s calling them paranoid anymore.”
We humans have always built physical fortresses to protect our possessions, our families, and ourselves, and cryptography is the fortress of the digital world. But can it truly be impenetrable? Lysyanskaya thinks so. Many recent high-profile security breaches, she insists, have been the result of ignorance and a failure to use encryption—not because of some failure of encryption itself.
“A lot of what happened in the election can be attributed to very poor understanding of cybersecurity,” Lysyanskaya explains, “starting with Clinton’s use of the wrong email server. She didn’t understand the technology, so she didn’t understand the dangers.”
Then there were the leaks of Clinton campaign chairman John Podesta’s emails.“The Russians managed to log into Podesta’s personal email account,” Lysyanskaya points out. “If Podesta had been using encryption, only he could have read them—and we would have a completely different world today.
“You’d think that the FBI and the NSA would be telling the industry to hurry up and make encryption ubiquitous. Instead, they are worried that encryption will make it hard for them to investigate criminals and terrorists. This is deeply misguided,” Lysyanskaya says. “The 2016 election has demonstrated that without widespread use of encryption, our very democracy and thus the principle of the rule of law can fall victim to hackers.”
A virtual ID card with no name, no identifying info, and nothing to steal
“Anonymous credentials,” Lysyanskaya explains, are “a suite of algorithms that allow you to prove you’re authorized to carry out an operation without revealing any other information about yourself.” Office entry ID cards are one example of a digital credential that currently offers up more information about you than you may want. Whenever you swipe an ID card at an office turnstile, a card reader checks if you’re authorized to enter. The card verifies this by providing your identity. “So whoever is in charge of that building knows everything about your patterns of entering and leaving.”
Anonymous credentials, on the other hand, give the card reader only one piece of information: that you are authorized to enter the building. Even your name and employee number are hidden. Because of this, there’s no record of when you went out to grab a coffee or left work for the day. This type of credentialing can be used for many other security transactions. Lysyanskaya uses the example of reading the Providence Journal online: an anonymous credential shows you’ve paid for your subscription and reveals nothing else (which, among other things, has huge implications for advertisers trying to collect data about you).
Basic encryption requires math equations that scramble, or “lock,” your info and secure mathematical keys that make sure only the intended recipient can unscramble it. With anonymous credentialing, another layer of algorithms creates a mathematical pseudonym for you, and more algorithms verify the “security clearance” of both parties based on whether they have the keys to solve certain mathematical problems.
The theory of this type of cryptographic protocol has been around for a while. But making it work in practice is difficult. The algorithms need to be complex enough to be secure but streamlined enough to work quickly. Lysyanskaya’s work in this area has been incorporated into the industrial standard of The Trusted Computing Group, an organization dedicated to creating global security standards, and is the theoretical foundation for Identity Mixer, an IBM Zurich cybersecurity product in development. Lysyanskaya’s work has also informed the Trusted Identities in Cyberspace strategy of the U.S. Department of Commerce’s National Institute of Standards and Technology.
The functionality you want with the airtight encryption you need
Seny Kamara builds algorithms that improve the usability of end-to-end encryption, a cybersecurity approach that surpasses the security provided by the two standard encryption methods currently in use: encrypting in transit, which scrambles emails, for example, while they’re traveling between the sender’s device and his or her email provider, and encrypting at rest, which allows the email provider to encrypt emails before they’re stored. In both cases, the email server has access to the information.
By contrast, end-to-end encryption scrambles data with keys that only the intended user can manage. Only that user has the key to translate the message into plain text.
“End-to-end encryption solves a lot of security and privacy problems, but it also creates new ones,” Kamara says. “For individual users, it’s risky because they’re the only ones who know their passwords and manage their data. If they don’t keep their passwords absolutely secret, or if they lose them, they’ll permanently lose access to their own information.
“For companies,” he continues, “the downside of end-to-end is that, once the data is encrypted, it can’t be processed. If end-to-end encryption came into wide use, it would basically break cloud computing, along with other services businesses rely on, like the ability to search through Gmail inboxes or cloud-stored documents.”
That’s where Kamara’s work comes in. He designs encryption schemes in such a way that he can then build an accompanying algorithm that is able to perform search and other functions on that encrypted data—without the algorithm being able to read the data.
End-to-end encryption is unpopular with law enforcement and intelligence agencies, who fear losing access to data even when they have the legal authority to go after it. “With encryption in transit or at rest, they can get to someone’s data by requesting it from the service provider,” explains Kamara. “With end-to-end encryption, that can’t happen.”
Kamara, who has lived in France, Senegal, and Italy, emphasizes that cybersecurity is a global issue: “Today, you have to have a global perspective for problems of security and surveillance and policy.” Two major organizations working on global cybersecurity policy have asked for Kamara’s help. In 2016, he was made a Michael Dukakis Leadership Fellow by the Boston Global Forum, a nonprofit that’s dedicated to trying to solve the world’s most critical problems by bringing leaders and experts together. He is also on a new National Academy of Sciences committee charged with looking at “options and tradeoffs” regarding law enforcement and intelligence organizations’ access to data in this coming era of widespread use of encryption.
Cryptography that will stop even tomorrow’s high-speed hackers
In 1996, Jill Pipher, along with Brown math colleagues Jeffrey Hoffstein and Joseph Silverman, developed a new mathematical approach to public-key encryption. Their approach, based on Hoffstein’s fundamental new idea in number theory, “was, and still is, hundreds of times more efficient than the systems then, and currently, in use,” Pipher says. Their algorithm, NTRU, also turned out to be quantum-resistant. “So far, no one has found any way to use a quantum computer to crack the code efficiently,” she says.
Quantum computers can, in theory, break most public-key cryptographic algorithms in use today. Unlike present-day digital computers, which require data to be encoded into binary digits called bits, quantum computers use quantum bits, or qubits. A qubit can be a zero, or a one, or a “superposition,” which is anything in between. This allows the quantum computer to perform millions of operations at the same time, instead of sequentially. So these machines have the potential to solve problems—and crack codes—superfast.
Only a few rudimentary quantum computers, operating on a small number of qubits, have been built so far. But more powerful ones are on the way. Current research is focusing on how to scale up so these computers can solve complex problems, Pipher says. “Various government agencies have released predictions that this could happen within the next ten to twenty years,” she says—with a devastating effect on data security.
The encryption currently in use for communication and transactions is a type called public-key cryptography. Your public key is available to anyone who wants to message you. They use that key to lock, or scramble, the data they send in such a way that only you can unlock it—with your corresponding private key. “Your computer browser does this automatically,” Pipher says.
She explains the mathematics of why quantum computers may put your data at risk: “In the most common public-key encryption system, RSA, the private key consists of two extremely large prime numbers. The public key includes a number which is the product of these two primes.” Figuring out which two long prime numbers were multiplied to create that third number is an extremely difficult mathematical process. If the numbers are long enough, a hacker’s computer could take years, even eons, to guess which two numbers are in the private key. In other words, current systems are not impossible to hack, in theory—it just would take too long. A powerful quantum computer, however, could crack certain types of codes quickly. “All the public-key cryptosystems in widespread use today would be made obsolete,” Pipher says.
“Today, nearly every digital environment is insecure,” Pipher adds. “Government agencies and financial institutions are generating information now that will need to be protected for many decades to come. If this information is encrypted in ways that are vulnerable to the capabilities of quantum computing, it will be easily decrypted when that era arrives. Hence the urgency to implement quantum-resistant encryption now.”
NTRU Cryptosystems, the company Pipher cofounded, was sold in 2009, but the cofounders are still involved to varying degrees, she says. In 2010, Pipher founded the Institute for Computational and Experimental Research in Mathematics (ICERM), which aims to catalyze innovation and to advance training in the interplay between mathematics and the computer.
Meredith Maran is the author of 14 books, most recently The New Old Me. She’s on Twitter @meredithmaran.