María Naya-Plasencia: improving security by anticipating attacks

You were awarded an ERC Starting Grant back in 2016, and now you've just been awarded an ERC Consolidator Grant. What are you hoping to achieve with this latest funding?

My first project, QUASYModo (Symmetric Cryptography for the Post-quantum World) came to an end in September 2023 after six years of intensive research. It dealt with symmetric cryptography, my main field of research, that has as specificity that it uses the same secret key to encrypt and decrypt data, but it considered it in the context of quantum computing. The aim of QUASYModo was to develop effective data and communication protection solutions against adversaries having access to quantum computers, like doubling the size of cryptographic keys. In addition to showing that this won’t always be sufficient, we were also able to highlight some potential unexpected vulnerabilities.

The aim of SoBaSyC (Solid Basis for Symmetric Cryptography), the new project that I've been awarded the ERC Consolidator Grant for, is to develop a better framework for analysing the security of all of the primitives (or cryptographic functions) used in symmetric cryptography.

How do you plan to carry out this research?

I’m a member of Cosmiq, a project team at the Inria Paris Centre, that is made up of eight permanent researchers, an emeritus researcher, PhD students and postdoctoral researchers. Our team provides the ideal environment for conducting this type of research, focused as it is on designing and analysing the safety of cryptographic algorithms in both a standard and quantum context. As part of this new project, which will receive up to two million euros worth of funding from the European Research Council, I am also planning to work with Patrick Derbez, a researcher from the University of Rennes, and Bart Mennink, a researcher from Radboud University in the Netherlands, who will each be spending around 20% of their time on SoBaSyC. I also intend to recruit at least three PhD students, two postdoctoral researchers and a research engineer.

Much of our work will involve generalising and improving existing methods for attacking and analysing the security of symmetric cryptographic systems. Our aim is to carry out an in-depth analysis of all possible attacks and any vulnerabilities that hackers might seek to exploit. The goal will also be to formalise all of our knowledge on potential attacks and to provide an algorithmic framework for automatizing existing attacks, which are particularly technical and challenging.

How might this project transform cryptography?

I believe SoBaSyC will be an strategic project for the cryptography community. We are hoping to develop in the long-term tools capable of carrying out an automated evaluation of new primitives, which will speed up the process of detecting problems in cryptographic functions. This should also help us to develop more robust and more solid solutions.

What applications do you foresee upon completion of the project?

One of our goals is to develop an open-source toolkit containing a set of attack algorithms that will be easy for designers of new primitives to use. These tools will help us to assess how potential primitives might withstand different attacks, providing an easy and effective way of gauging their resistance to all known techniques.

Modern cryptography is based on the fact that everything that is used must be transparent and known. The aim is not to create black boxes, but rather to enable researchers to rule out any technology that is not capable of producing good standards from a cryptographic perspective.

Find out more