Cryptography and cyber-security at NTNU and the mathematics of electronic elections.

(by Kristian Gjøsteen, Professor at NTNU)

Cryptography as a practice is very old, dating back at least 2000 years. The birth of modern cryptography can reasonably be set to 1976, when Diffie and Hellman published their seminal paper «New directions in cryptography» containing the first protocol to allow Alice and Bob to communicate securely without first sharing keys in secret.

The traditional cryptographic problem is to protect communication against eavesdropping, but modern cryptography deals with a wide range of problems, such as the integrity of financial transactions, electronic voting and protecting the privacy and integrity of data stored in the cloud.

One interesting cryptographic problem our department has been involved in is electronic elections. During the 2011 and 2013 Norwegian elections, about 160000 voters could cast advance ballots from home, using their computers and the internet to cast their ballots. In 2016, there were several municipal referendums where electronic advance voting from home was allowed.

To have any realistic chance of security, electronic voting requires sophisticated cryptography. The cryptographic protocol used to cast ballots was designed and analyzed by researchers at the department. The analysis spans a fairly wide area of mathematics, from algebraic number theory used to analyse underlying difficult mathematical problems, through computational complexity theory used to prove vital protocol properties, to statistical models used to detect attacks against the system and the usability tests used to estimate the parameters for these models.

As can be seen, cryptography as a science lies at the intersection of mathematics and computer science. It is therefore natural that at NTNU there is extensive cooperation between mathematics and telematics, with joint supervision of both masters and PhD students, and a joint project on cloud security funded by the Research Council of Norway.

Without cryptography, it is usually impossible to determine the origin of data or verify its integrity. Cryptography is therefore necessary for cyber security, though obviously not sufficient. Recently, NTNU has also acquired the largest research group in cyber security in Norway, and we expect fruitful research cooperation between the cryptography group and the more applied cyber security group.