Today we talk to Prof. Dr. Harald Vater, Head of the Cryptography Department at G+D and honorary professor in Embedded Security and Cryptography at the Hochschule Konstanz, about what it means to be a cryptographer.
Cryptography comes out of the shadows
Cryptography is an ancient field with very modern applications. However, for many people the area remains something of a mystery. A G+D expert in the field shares some insights about life as a cryptographer and the many ways in which cryptography touches our lives every day.
What exactly is cryptography?
Cryptography is the science of encrypting information in such a way that the information can only be accessed using a secret key, or private key. It has been widely used to keep diplomatic and military communications secret for thousands of years. Caesar famously used a simple form of encryption in the form of a cipher, or code, to protect communications. It was a type of secret writing. Even storing valuables in a safe which is protected by a combination lock is a form of safeguarding which uses encryption. However, since the 1950s encryption has found more and more economic uses and its meaning has changed a bit.
What is cryptography used for these days?
Encryption is widely used to protect any sensitive data. Since the advent of the digital economy, we now carry around or access more sensitive information than ever before, and all this data need to be protected from hacking attacks.
Can you give me some specific examples?
The chip card in your wallet or purse contains data about your bank accounts, digital signatures, the codes for accessing these or the bank respectively, and maybe even biometric data for authentication tasks as well. Your biometric passport or identity card contains encrypted data. Your smartphone, too, is packed with data in apps covering finance, communications, a wide variety of digital identity information, and more. By definition, all of this is sensitive information.
This data is protected by cryptographic algorithms which require a secret key, or private key, to unlock the data and decrypt it. G+D has a range of products which are designed to protect sensitive information using such algorithms.
How do the cryptographic and decryption processes work?
The unencrypted information (or “plaintext”) can be anything which can be represented digitally – text, images, financial information, you name it. This information is “scrambled” using an encryption algorithm so that the original content cannot be understood. This is how it becomes an encrypted piece of data or “ciphertext.” The only way that it can be unscrambled is by using a secret key to turn the information which has been protected by the encryption algorithm (the ciphertext) back into something readable and useable (plaintext). This is the process of decryption. What we do at my team here at G+D is implement algorithms in such a way that they cannot be hacked by people trying to attack a smart card.
These attacks take two forms, and we have to protect against both types of attack. The first type tries to work out what the secret key is by analyzing the power consumption of the smart card. The second type deliberately tries to generate faults in the running of the cryptographic algorithm and then uses these flaws to understand what is going on inside the card.
How do cryptographic algorithms get developed?
At G+D we have two types of cryptologists. These are divided into the cryptographers, those that are developing cryptographic algorithms, and cryptoanalysts, those whose job it is to attack these encryption algorithms. Every time G+D develops an operating system for a new high-security chip, e.g. for identity cards, these teams will be working for three to six months to generate stronger forms of protection.
Do you see changes to this approach coming in the future?
It is hard to say at this point in time because the big unknown is how quantum computing might develop and affect cryptography. Quantum computers may enable the development of quantum cryptography, which would take security to the next level. But quantum computing could also make existing encryption techniques easier to unravel and so pose a significant security risk. So, we have to try and plan for an uncertain future.
Another area where we face real challenges is where the lifespan of the product is over a decade. Cars fall into this category; the issue here is how to make sure that an increasingly aging piece of technology is designed to be sufficiently future-proofed that it is capable of being upgraded to security standards that have not been defined yet. It is very hard to predict the cryptographic needs of the cars of the future.
Cryptography is an unusual career choice. What inspired you to become a cryptographer?
I studied electrical engineering at university. and when I was approaching the end of my doctoral studies on coding theory I was looking for a career in which I could make use of my understanding and research. I looked into cryptography because the mathematical basis of cryptography and coding theory is the same. The more I got into the field of cryptographic algorithms, codes, and ciphers the more convinced I was that this was the right field for me. After 25 years in the field of cryptography, I can confidently say that I made the right choice for me.
Are there other routes into cryptography?
It is possible to become a cryptographer from a background in information technology or indeed electrical engineering, as I did, but most common is a background in mathematics. Cryptographic algorithms, secret keys, private keys, and public keys are at the heart of what any cryptographer does, and these all require a high level of mathematical expertise.
However, even with candidates from this background, we at G+D train any new cryptographer for at least a year before we consider that they have the skills and knowledge they need to work productively in the role.
What sort of person makes for a good cryptographer?
You have to be the sort of person who likes to dive deep into a problem and really immerse yourself in the details. It is not a casual role or something for generalists. You have to really want to solve very challenging problems and have the perseverance to keep going. Cryptographic problems, ciphers, codes, and cryptographic algorithms are not for people who give up on things easily!
If you had any advice for someone wanting to become a cryptographer, what would it be?
If you have a good understanding of mathematics, attention to detail, and a love of codes, ciphers, and problem solving, then cryptology can be a fun and rewarding career.