Karthik Bhargavan, an INRIA director of research specialising in the security of data exchanges on the Internet, has just been awarded a Consolidator Grantby the European Research Council(1). This achievement, which is testament to a journey that is as exemplary as it is atypical, offers interesting prospects to the researcher and his team.
What exactly is the subject of your work?
My speciality is the study of cryptographic mechanisms used to secure communications on the Internet: cryptographic protocols, smart cards, web applications, etc. At Inria, I lead a project team called Prosecco, which is dedicated to these issues. I managed to put this team together thanks to the funding from a first European Research Council grant, anERC Starting GrantI received in 2010 under the name CRYSP (Collaborative Cryptographic Security Proofs for Programs).
What advances have been made by this project team since its creation in 2012?
Our initial ambition was to create a new generation of cryptographic systems, starting with the design of a new programming language. And so, in 2011, we developed the first version of a language called F*(pronounced F star). We used F* to program and verify the TLS cryptographic protocol, but this only accounted for 50% of our work. That is because our checks revealed that almost all of the existing systems had bugs, resulting in our disclosure of the "Triple Handshake", "Freak" and "Logjam" attacks in 2014 and 2015. Within the context of CRYSP, we therefore devoted a significant amount of our time to highlighting the problems with existing security applications and helping to solve them. This was not planned, but it enabled us to gain extensive expertise on these issues as well as a certain reputation that probably contributed to the awarding of a new grant by the European Research Council, theERC Consolidator Grant.
What does the fact that you have been awarded another ERC grant represent for you?
It has of course been a source of personal satisfaction, and gives us additional resources that will enable the Prosecco project team to grow and continue its work. But it is also a welcome confirmation of the international recognition enjoyed by the work done by INRIA researchers. When I decided to settle in France and join the INRIA Paris-Roquencourt team in 2009 - until then I was a researcher for Microsoft in Cambridge, in the UK - it was with the goal of creating a team that can tackle challenging research projects. And, in fact, I can see how it is both gratifying and motivating to prove that very tangible problems in the "real world" can be solved by academic researchers. To know that today we are taken very seriously and that we will have a real influence on changes to come gives us a lot of energy. Moreover, this further reinforces our appeal and should help us to recruit high-level partners. The Prosecco team, which today includes four researchers and five students, is competing with those of the major American universities.
How are you going to make use of this grant?
Thanks to thisERC Consolidator Grant, this time under the name CIRCUS(Certified Implementations of Robust, Cryptographically Secure Web Applications),the Prosecco team is going to be able to tackle the design of a secure end-to-end cryptographic process, notably including the security core of the web browser. Over the coming year, we hope to recruit two postdocs, three PhD students and a junior researcher.
2016 has got off to a truly encouraging start, as we received theLevchin Awardat theReal World Cryptography Conference, organised in Stanford at the beginning of January.
(1) ERC (European Research Council) is a body of the European Union, tasked with coordinating research activities between member states
