UK Security Agency Publishes New Crypto Designs

Written by

The UK’s National Cyber Security Centre (NCSC) looked to burnish its tech credentials this week with the publication of new research into robust cryptography.

The GCHQ offshoot is the UK national technical authority for cryptography, meaning it doesn’t just produce guidance for government and business but also cutting-edge research.

The new paper from the NCSC’s Peter Campbell presents two new designs which he hopes will “support the research that will inform the recently announced effort by NIST to standardize new modes of operation.”

Named after the Latin names of two cities close to GCHQ headquarters, Glevian and Vigornian are new designs for the crypto algorithms known as “block cipher modes of operation,” or “modes.”

Read more on cryptography: NIST Publishes Draft Post-Quantum Cryptography Standards

NCSC head of crypto research, John H, explained in a blog post yesterday that the new designs are intended to mitigate risk stemming from accidental misuse of crypto.

“The novelty in our research is a particular combination of strong robustness properties in the designs, meaning that cryptographic security is maintained even in the event of significant human error in their deployment or use,” he said.

“This robustness helps build assurance into the design and development of systems, in line with the principles of security by design and default, a key aim of modern cybersecurity practice.”

He said the paper would help to inform NIST’s efforts to standardize new, more robust modes.

The discoveries will have relevance to the commercial world, but not all organizations may find them cost-effective, John H added.

“In the NCSC, we design cryptography principally for use cases where long-term security is required, or where data has some sensitivity to it, so we take a very risk-averse approach to its handling,” he continued.

“Of course not all cryptographers will make the same prioritization decisions as us in their designs. For example, we usually prefer to keep designs as simple as possible, even if that comes at some cost in performance.”

What’s hot on Infosecurity Magazine?