Эпизоды
-
A fireside chat from the International Conference on Digital Trust, AI and the Future. Bruce has created a wide range of cryptographic methods including Skein (hash function), Helix (stream cipher), Fortuna (random number generator), and Blowfish/Twofish/Threefish (block ciphers).
Bruce has published 14 books, including best-sellers such as Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. He has also published hundreds of articles, essays, and academic papers. Currently, Bruce is a fellow at the Berkman Center for Internet and Society at Harvard University.
-
Federico Charosky, CEO Quroum CyberFederico is a seasoned cybersecurity executive with over 25 years of distinguished experience across the Americas, Europe, and the Middle East. He specialises in cyber risk management, security operations, and incident response, Federico has dedicated his career to safeguarding organisations against the ever-evolving landscape of digital threats. In 2016, he founded Quorum Cyber, a premier cybersecurity firm backed by private equity, headquartered in Edinburgh with offices across the UK, North America, and the UAE. At Quorum Cyber, our mission is to help good people win. With over 400 cybersecurity professionals and a global presence, our expert team of security engineers, incident responders, forensic specialists, and threat hunters leverages the best Microsoft Security technologies to defend organisations worldwide against cybersecurity breaches and attacks.
-
Пропущенные эпизоды?
-
Date: 24 June 2025
Martin Doherty Hughes: Former MP, Chair of All Party Parliamentary Group on Blockchain. Martin Trotter: Regtech leader, BRS Grant Thornton Martin Halford: CTO SICCAR and Tech Steering Committee Accord Project Chris Tate: CEO Condatis.
Chair: Peter Ferry, CEO, TRUST Centre of Excellence. -
Ralph is a co-inventor of public-key cryptography, the inventor of cryptographic hashing, created Merkle's Puzzles, the co-inventor of the Merkle–Hellman knapsack cryptosystem, and invented Merkle trees. He received his B.S. in computer science in 1974 from UC Berkeley and a PhD. in electrical engineering from Stanford University in 1979. More recently, he is a researcher and speaker on cryonics. Ralph was a research scientist at the famous Xerox PARC (Palo Alto Research Center), and a nanotechnology theorist at Zyvex. He has also been a Distinguished Professor at Georgia Tech, a senior research fellow at IMM, a faculty member at Singularity University, and a board member at Alcor Life Extension Foundation.
In 1998, he was a co-recipient of the Feynman Prize for Nanotechnology for Theory. In 2010, he received the IEEE Richard W. Hamming Medal for the invention of public key cryptography, and in 2011, he was inducted into the National Cyber Security Hall of Fame. In 2020, he received the Levchin Prize for “fundamental contributions to the development of public key cryptography, hash algorithms, Merkle trees, and digital signatures.
-
Rosario Gennaro is a Professor of Computer Science at City University of New York (CUNY) and a Director for the Center for Algorithms and Interactive Scientific Software (CAISS). 1996, he received his PhD from MIT and was a researcher at the IBM T.J.Watson Research Center until 2012. Rosario's most recent work includes privacy and anonymity in electronic communication, along with proactive security to minimise the effects of system break-ins. He has received over 24,500 citations on his work and has an h-index of 72, and has published classic papers of “Non-interactive verifiable computing: Outsourcing computation to untrusted workers” and “Quadratic span programs and succinct NIZKs without PCPs”.
-
Tal is a Professor of Computer and Information Science at the University of Pennsylvania and a Manager at AWS. Previously, she was the head of research at the Algorand Foundation and head of the cryptography research at IBM's Thomas J Watson Research Centre. In 2014, she was defined as one of the 22 most powerful women engineers by Business Insider, and a Woman of Vision for innovation by the Anita Borg Institute. In 2018, she was defined by Forbes as one of the World's Top 50 women in Tech, and in 2019, she was awarded the RSA Award for Excellence in Mathematics. In 2023, she was awarded the Dijkstra Prize for her work on secure multiparty computation. Tal's works in areas of secure multiparty computation, threshold cryptography, blockchain systems and proactive security.
-
Vinod is a professor of computer science at MIT and a principal investigator in the IT Computer Science and AI Lab. He completed his Bachelor's degree from the Indian Institute of Technology Madras in 2003, and his PhD in 2009 from MIT. His main supervisor was Shafi Goldwasser. Vinod is seen as a world leader in the area of cryptography, especially within fully homomorphic encryption. He has co-authored many classic papers and which are seen as third generation of homomorphic encryption, including on "Trapdoors for hard lattices and new cryptographic constructions", and "Fully homomorphic encryption over integers". In 2022, he was a co-recipient of the Godel (Gurden) Prize. Vinod is also the co-founder and chief cryptographer at Duality Technologies.
-
Srini Devadas an Edwin Sibley Webster Professor of Electrical Engineering and Computer Science at MIT in the Computer Science and Artificial Intelligence Laboratory (CSAIL). His current research interests are in applied cryptography, computer security and computer architecture. Srini was awarded an a master's and a PhD degree in electrical engineering from the University of California at Berkeley - under the supervision of Arthur Richard Newton. He was an inventor of Physical Unclonable Functions (PUFs), and, In 2014, he received the IEEE Computer Society's Edward J. McCluskey Technical Achievement Award for the invention of PUFs and secure single-chip processor architectures. In 2018, Srini received the IEEE Circuits and Systems Society Charles A. Desoer Technical Achievement Award for the development of PUFs and enabling the deployment of secure circuits, processors and systems. In 2021, he received the IEEE Cybersecurity Award for Practice for the development of PUF, and the ACM SIGSAC Outstanding Innovation Award for fundamental contributions to secure microprocessors, circuits, and systems. In 2016, Srini won the Everett Moore Baker Memorial Award for Excellence in Undergraduate Teaching, Also, in 2016, he was named a MacVicar Faculty Fellow considered MIT's highest undergraduate teaching award.
-
Don Smith leads the CTU Threat Research group at Secureworks. His career starting with the creation of dns in 2005, and which was acquired by SecureWorks in 2009. He has extensive knowledge in cybersecurity and is seen as a world-leader in the field. Don is also the industry co-chair of the Strategic Cyber Industry Group in the National Cybercrime Unit at the UK National Crime Agency and a member of the UK National Cyber Advisory Board. He is also the co-chair of the Cyber League at the NCSC.
-
Jonathan was a professor in the Department of Computer Science at the University of Maryland. He is now a Senior Staff Research Scientist at Google, with a core focus on cryptography and cybersecurity. Jonathan received his BS degree in mathematics and chemistry from MIT in 1996, and, in 2002, completed a PhD in computer science from Columbia University. He wrote a classic textbook on cryptography, and which is in its 3rd edition. Jonathon also has an online course on Coursera and has given tutorials of various forms on different topics to multiple kinds of audiences.
-
Maciej Zurawski is technology entrepreneur and blockchain specialist with over 25 years of experience in commercial software development, R&D and business leadership. He is currently the CEO at Redeem Technologies, and serves as the Executive Director of Blockchain Scotland - the principal industry association advancing commercial blockchain adoption across Scotland. His expertise spans enterprise software architecture, artificial intelligence and decentralised systems, complemented by a doctorate in AI. Maciej regularly advises government bodies and financial institutions on blockchain implementation and digital transformation strategy.
-
Greg McLardie has 30 years of executive experience in the USA, Australia, Japan, China and now the UK with the likes of Procter & Gamble and EY. He co-created Two Hands and has been operating for over 5 years in Australia and China, with Forbes Magazine publishing a three-page feature on its unique blockchain application in the food industry. With strong traction internationally, Two Hands has established a company and transferred global IP to the UK to attract investment to scale its impact into the UK, EU and beyond.
-
Moti is a Security and Privacy Research Scientist with Google and an Adjunct Research Faculty member at the Computer Science Dep of Columbia University. He received his PhD from Columbia University in 1988. In 2010 he gave the IACR Distinguished Lecture and has also been the recipient of the 2014 ACM’s SIGSAC Outstanding Innovation award, the 2014 ESORICS (European Symposium on Research in Computer Security) Outstanding Research award, an IBM Outstanding Innovation award, a Google OC award, and a Google founders’ award. Moti has also received three test of time awards, including in 2024 for his 1998 paper On the Security of ElGamal Based Encryption, and in 2020 for his 1996 paper Cryptovirology: extortion-based security threats and countermeasures. In 2021, Moti received the Women of the ENIAC Computer Pioneer Award. Overall, his main research focus areas in Security, Privacy, and Cryptography.
-
Jamie is the CTO at Umazi, the Head of Research at DataFair.ai and co-founder and CEO of Tunestamp.
-
Aggelos Kiayias is a professor at the University of Edinburgh and the chief science officer at Input Output Global (formerly IOHK). He received his PhD in 2002 from City University of New York. He is chair in cyber security and privacy, and director of the Blockchain Technology Laboratory at the University of Edinburgh. In 2021, Aggelos was elected Fellow of the Royal Society of Edinburgh (FRSE), and was recently awarded the BCS Lovelace Medal 2024 for his transformative contributions to the theory and practice of cyber security and cryptography. H works in areas of blockchain technology and distributed systems, cryptography, e-voting and secure multiparty protocols, as well as privacy-enhanced identity management.
-
Anna is a Professor of Computer Science at Brown University. Her research spans many areas of advanced cryptography including with digital signatures, group signatures, blind signatures, e-cash and anonymous digital credentials. She was originally from Ukraine, and undertook her masters degree at MIT in 1999, and then went onto a PhD in 2002 in the areas of Signature Schemes and Applications to Cryptographic Protocol Design. She joined Brown University in 2002, and was made a full professor in 2013. She is a member of the board of directors at the IACR, along with serving on Scientific Advisory Board for the Board of Directors of the Electronic Privacy Information Center (EPIC). In 2024, she was awarded the Levchin Prize for a contribution entitled "For the Development of Anonymous Credentials".
-
The fallback for law enforcement agencies has always been the place where files are stored, and all the best encryption within end-to-end communications will not stop unencrypted files at rest from being examined. But when the user encrypts data into the Cloud and where they hold their own keys, that’s when the nightmare begins for them.
The rise of cybersecurity on the InternetLet’s pinpoint the start of cybersecurity on the Internet to the 1970s. This saw the rise of the Lucifer cipher and saw banks properly protect their communications. This led to the 56-bit DES encryption method, and which led many to suspect that the size of the key had been crippled due to the demands of law enforcement agencies. But, there was an even greater threat to these agencies evolving: public key encryption.
The rise of public key encryption started in the mid-1970s when Whitfield Diffie and Marty Hellman first defined a method that allowed us to secure our communications using a key exchange method — the Diffie-Hellman key exchange method. And then, almost a year later, Rivest, Shamir and Adleman presented a way to digitally sign a hash of data with the RSA signature method, and where a server could sign a hash of data with its private key and for this to be verified with an associated public key. For almost the first time, we could digitally verify that we were connecting to a valid system. But, the RSA method could not only sign data, it could also encrypt things with a public key, and where the private key could now be used to decrypt the data. It was a nightmare come true for law enforcement agencies.
What was magical about these methods was that you could encrypt data with keys that could be created for every single session — and generated and stored on user devices. User devices could even pick the keys that they wanted and their sizes and security levels. The days of security being crippled were fading fast. While the first versions of SSL were crippled by the demands for limits on this security, eventually, SSL evolved into something that could not be controlled. But, still files could still be viewed on user devices, so it was not a major problem for investigators.
Then, in 2001, the AES method was standardized by NIST, along with the newly defined SHA-256 hashing method, and we basically had all the security methods in place. But all of this did not please law enforcement agencies. For them, the rise of cryptography removed the opportunities that they had had in the past and where they could mass harvest information from phone calls or from the postal service. For the first time in history, citizens were free from spying from both those who protect nations and those who attack citizens. The Wild West years of the early Internet — and where little could be trusted — have subsided, and now we have systems which take encryption from one service on a device to another service on another device — end-to-end encryption.
End-to-end encryptionFor some, end-to-end encryption was the final nail in the coffin for those who wish to monitor the tracks of citizens. This is data in motion, and where law enforcement agencies could still peak at data at rest and where the data is actually stored. Once data in motion and data at rest were encrypted, the door was effectively closed for peaking at data.
And, so, companies such as Apple advanced new methods which protected data at rest, and where all of a citizen's data could be encrypted onto the Cloud without Apple having the encryption key to view any part of it. For this, they created the Advanced Data Protection service:
This service protects things like citizens' photos, iCloud Drive, and wallet passes. For almost the first time, we had almost perfect security — and where five decades of advancement were finally coming together. We now have end-to-end encryption in apps such as What’s App and Signal, and Apple provides secure data storage.
But, some governments around the world saw the rise of privacy as a threat to their security agencies, and where the usage of encryption with file storage and over-the-air would mean that they could not monitor their citizens for threats against society. It is — and always will be — a lose-lose store on both sides. And, so, many governments have been calling for a back door in cryptography so that a “good guy” could get access to the citizen data and communication, but not a “bad guy”. Unfortunately, that’s not the way that encryption works, and where backdoors are a bad thing and difficult to hide.
So, the UK government has put pressure on Apple to provide them with a backdoor into their secure systems. For this, Apple would have to either provide them with a magic key to open up encrypted communications and file store, or dump their Advanced Data Protection system, and leave files unencrypted for investigation.
Apple stepping backIt would have been a difficult choice for Apple, but they have decided to drop their Advanced Data Protection system for UK users, and not go with the nightmare of a backdoor in their systems. Imagine if a terrorist had stored their files in iCloud, and law enforcement agencies had requested these files. Well, Apple would have to hold their hands up and say that they didn’t have the encryption files to access them, as the encryption keys were held by the user.
I trust Apple and believe they have some of the best security around. When was the last time you heard of someone getting some malware on an Apple system? They support a proper secure enclave and are advancing a privacy-aware cloud infrastructure for machine learning. They have also brought forward homomorphic encryption applications. Of all the big tech companies, Apple leads the way in terms of supporting the privacy and the security of users.
ConclusionsI feel sorry for Apple, as they have been painted into a corner. From a cybersecurity point-of-view, it is disappointing that Apple has been forced to step back on the Advanced Data Protection tool, as it was a great advancement in overcoming large-scale data breaches. And, like it or not, there is no magic wand that stops a bad actor from using something that a good actor has access to. Basically, if you leave your front door key under the mat, you have no guarantee that someone else will find the key and use it.
We have advanced cybersecurity for the past few decades and now use end-to-end encryption in a way we should have done from the start of the Internet. Of course, there are no winners in this, and society must find ways to protect itself from bad people, but opening up the whole of iCloud seems like a disaster waiting to happen.
The door is open for other more agile companies to support enhanced security and privacy, as the large tech companies seem to be applying the brake on some of their security advancements.
-
YouTube: https://youtu.be/hcdk3u2R5Mo
Yesterday, I gave two short presentations on PQC (Post Quantum Cryptography), and next week, I’m in London to give a more focused talk on the subject. And so, it’s great to see that Samsung is driving forward the adoption of PQC methods in their new S25 smartphone.
There are two companies that have a core focus on creating trusted hardware for consumers: Apple and Samsung. Apple has always had a core focus on making sure they use the best cryptography to not only secure their devices but also to make them privacy-aware. Samsung, too, has strived for improved security but, at times, has made a few slip-ups along the way, but always patched around them. Now, Samsung Electronics has integrated PQC into their Galaxy S25 series of devices.
The need for this is that NIST will deprecate all our existing public key methods in 2030, including: RSA for public key encryption; RSA, ECDSA and EdDSA for signatures; and ECDH for key exchange. NIST will then remove them in 2035 from the NIST FIPS 140 standard. Given that a smartphone will have a life of at least five years, it makes sense to build the hardware to support the migration. Along with this, we see the rise of “harvest now, decrypt later” threats, where network traffic could be captured now and then decrypted sometime in the future.
The main integration at the current time involved ML-KEM (FIPS 203, aka Kyber) and ML-DSA (FIPS 204, aka Dilithium). With ML-KEM we replace key exchange and public key encryption methods, while ML-DSA provides us with digital signing:
These methods will be the Samsung Knox Matrix for enhanced data protection — this includes end-to-encryption for back-ups and the recovery of data from the Samsung Cloud. Overall, Samsung devices, like Apple hardware, have a secure enclave to store private and secret keys, and where not even Samsung can get access to them.
The usage of PQC will mean that Samsung devices will be able to communicate with other devices in the future and which are using PQC methods. This ensures not only current compatibility but also future compatibility. An important advancement of the industry is that Samsung will support PQC methods for their backup system to their Cloud.
ConclusionsOf course, the integration will not force applications and services to use PQC, and in most cases, it will still use our traditional methods, as devices that it connects to must support PQC. Thus, we will see a migration towards PQC, rather than a hard switch-over. In cryptography, this is often the case, as we can typically negotiate the cryptography methods that are used in the secure transmission or storage of data. Once all the required services and applications support PQC, our existing public key methods will likely be switched off.
- Показать больше
