The 2019 Inria-French Academy of Sciences Young Researcher Prize: María Naya-Plasencia - keeping a close eye on data security

“This is a real honour”, Maria Naya-Plasencia tells us, grinning. “I knew I’d been nominated, but so many incredible people have been awarded this prize that I thought it would be very difficult for me to get it.” The prize she’s talking about is the Young Researcher Prize, which is awarded jointly by Inria and the French Academy of Sciences. And while Maria Naya-Plasencia’s own modesty may have caused her to doubt herself, looking back on her career, it’s hard not to feel that she was destined for this sort of recognition. It all started with a PhD, which she studied for under the supervision of Anne Canteaut as part of Inria’s SECRET project team and which dealt with symmetric encryption. “The goal of symmetric encryption is to protect information, which is of vital importance in the modern world. Symmetric encryption involves a key shared by the sender of the data and the recipient but is centred around an algorithm - or, to be more precise, a primitive - which is more effective than asymmetric encryption, where the two users each have a different key. This makes exchanging data faster.” 

The issue here is that the algorithms used to generate encrypted messages with the secret key tend to be public...meaning security is of utmost importance. “While studying for my PhD and for a number of years afterwards, my work involved verifying propositions for symmetric systems”, continues Maria Naya-Plasencia. “In other words, my goal was to break them and to see if I was able to discover the information on the secret key based on the message and its encrypted version.” 

Breaker of primitives

On a number of occasions, the young researcher was successfully able to prove that certain algorithms weren’t up to scratch. During a competition organised by the American public agency NIST (the National Institute of Standards and Technology) between 2008 and 2012, she successfully broke five primitives out of the 56 that were put forward. Her stand-out contribution helped eliminate algorithms that ill-intentioned hackers could have endangered.

During this same period, three of her papers at major conferences in the field of cryptography were awarded the best paper prize (at the CHES in 2010, the FSE in 2012 and the FSE in 2016).

Off the back of this success, Naya-Plasencia was named co-editor of IACR Transactions on Symmetric Cryptology, the leading journal in the field of symmetric cryptography, a post she occupied for two years between March 2016 and March 2018.

Attack is the best form of defence

While this was going on, the results from her research, some of which was basic, continued to help symmetric cryptography make progress.

I worked on different types of attack, including rebound attacks and impossible differential attacks”, explains Maria Naya-Plasencia. “I realised that the attack algorithms used in different articles were often false or not as good as they could be, owing to the fact that we had failed to properly understand how they worked.

The researcher shifted focus, publishing an in-depth description of these attacks, improving them and enhancing the security of symmetric cryptography. “We need to have the best possible attacks if we want to know when the safety margin for an algorithm will become too narrow in order for it to continue to be used”, argues the researcher.

Maria Naya-Plasencia has also proven her remarkable intelligence by posing a question no-one had ever really tackled before: how will symmetric cryptography fare when faced with quantum computers? The processing capacities of quantum computers, which are expected to arrive in the very near future, will far outstrip those of current computers, and such capacities could make it easier for them to break cryptographic algorithms. “With this in mind, the NIST is looking for new standards for asymmetric cryptography. For symmetric cryptography, however, it was generally accepted that doubling the size of the keys would be enough - this simply isn't true.” It’s been four years now since Maria Naya-Plasencia first raised the alarm. Not long after that, in 2017, she was awarded an ERC grant, enabling her to delve deeper into the subject.

Entering the quantum world

“What me and my team are trying to do is to quantify conventional attacks in order to see what they would become with a quantum computer. It turns out that there’s nothing overly dramatic, but vigilance is essential.” The subject has quickly begun to be incorporated into the most important seminars for research into cryptography and is on the rise within the international community, with Maria Naya-Plasencia becoming a leading figure. And for good reason, too: after all, she has just invented a new field of research, post-quantum symmetric cryptography. That doesn’t mean that she'll be abandoning classic cryptography, however. “You can’t have one without the other. I intend to continue juggling both types of research.” 

As part of the Lightweight Cryptography contest launched in 2016 by the NIST in order to select algorithms for use in restricted environments (i.e. for use in situations other than on desktop computers or servers, such as smartphones or connected objects, for example), Maria Naya-Plasencia and her team put forward Saturnin, a light algorithm - meaning it does not require a great deal of processing power - designed to withstand quantum attacks. Saturnin made it past the second round of the contest, but the final results won’t be known for another two to three years.

During this time, the young researcher will be continuing her impressive journey with cryptography and with Inria. “The institute allows researchers to work, to develop and to take risks. If I hadn’t been in such an environment, I would never have ended up in as difficult a field as post-quantum cryptanalysis, where results are not guaranteed.” Her daring paid off, however, and the prize that she has been awarded is further proof of her scientific accomplishments.

When I first came across cryptography during my master’s internship, it was love at first sight. Not just because it’s an extremely important field of research, but also because I find it both interesting and enjoyable. I’ve often found myself still working after work, just for the fun of it.

Testimonies