Fundamental research in cryptography that’s used worldwide to facilitate internet banking, e-commerce services, and secure messaging systems is now taking root in India as well.
The principal goal of those developing or using cryptographic systems is to improve system security. Cryptography — from the English roots of “hidden writing — is the name for techniques that secure information by converting plain text into ciphertext. It is concerned with the creation and use of encrypted messages that only the sender and the receiver can understand and which a malicious actor who interferes with the communication can’t.
Sending secret messages isn’t new. Archaeologists have unearthed clay tablets made by the ancient Mesopotamians in which they wrote down cryptic formulae to make ceramic glazes. In the first century BC, the Roman dictator Julius Caesar used the eponymous Caesar cipher to relay messages of strategic value to his generals.
More recently, many Polish codebreakers fled their country after Adolf Hitler invaded it in 1939 to work with reputed British mathematicians, including the father of modern computing Alan Turing, to crack Germany’s famed Enigma cryptosystem. Turing’s work in particular established much of the foundational theory for modern algorithmic computing.
Scientists have devised many sophisticated methods to prevent adversaries from cracking secret codes and gaining unauthorised access to sensitive information. These methods achieve their goals by using algorithms and protocols to protect some data’s confidentiality, integrity, authenticatability, and non-repudiation.
‘Hard’ problems
Cryptographic algorithms convert messages in ways that make it very difficult, very expensive or both to decode them. A common way to achieve this has been to place some sensitive information behind the answer to a very difficult problem. An agent can access the information by solving the problem, so the harder the problem, the more inaccessible the information.
“Hence the search for harder and harder problems — for instance, even those that quantum computers may find hard to solve,” R. Ramanujam of the Institute of Mathematical Sciences, Chennai, said.
As computational techniques evolve, particularly with advancements in quantum computing, the interplay between complexity and cryptography will continue to be a crucial area of research and development, he added.
Modern cryptographic systems are built on problems that demand far too many resources to be solved.
“As they say in the crypto community, if your cryptosystem is broken, either a spy is dead or a million dollars is missing,” Ayan Mukherjee, an assistant professor at the Indian Institute of Science Education and Research (IISER), Pune, said. “Such is the seriousness of the effect of a broken cryptosystem. Thus, oftentimes, people use the old and the trusted to secure their communications.”
This is also why, he added, “The field of cryptography is very slow-moving.”
“There is a close connection between complexity theory and cryptography, hence many [researchers] work on these connections, clarifying notions and building finer techniques,” Ramanujam said.
Areas where Indian researchers are working extensively include communication complexity (the amount of communication required to complete a computational task), proof complexity (the computational resources required to prove or disprove statements), and algebraic coding theory (using algebra to encode and decode data).
Locks and keys
The goal is to make sure an adversary, especially one with enormous computational resources, can’t crack the code. At the heart of any cryptosystem is the key: a secret value an algorithm uses to encrypt or decrypt data.
The Caesar cipher is a simple example. It works by mapping the existing alphabet to one where the starting letter is offset by some number of letters. This number is the key. For example, if the key is 14, the encrypted alphabet begins with the letter O (the 14th letter) rather than A. Thus the words FIGHT FOR ROME become TWUVH TCF FCAS.
When the sender encrypts data with a key, only someone who knows the key can decrypt the message and read it. More sophisticated systems use two keys — one each for the sender and the receiver — and map them in a separate secret way.
A famous example is public-key cryptography, which is used to secure information over the internet. The receiver uses a single algorithm to generate two keys called the public key and the private key, and shares the public key with the sender. Any message the sender encrypts with the public key can be decrypted by the private key.
Researchers prefer the algorithms that generate keys to be one-way functions, a name in mathematics for functions that are simple to use but hard to crack. In cryptography, this means they can be used to easily encrypt messages but can’t be cracked without knowing the key. As Ramanujam put it, the challenge is like protecting a house with a strong alarm system that the house’s residents can still use without training.
Some one-way functions are very difficult to crack and thus very secure — but which also take a long time to decrypt messages. This is one of the principal reasons mining for bitcoins has become a very energy-intensive process. The bitcoin system uses a one-way function that has required more computational resources to decrypt messages as the size of its blockchain has increased.
This is why some cryptography researchers in India and abroad are working on simplifying the decryption side in particular. Researchers are also considering whether shorter proofs (of the hard problems) can be used to verify the integrity of data in artificial intelligence and large language models.
Cryptography isn’t just a mathematical or academic curiosity but is of considerable practical interest, Yael Kalai, whose work on proofs won her the 2022 Turing Award, told the 11th Heidelberg Laureate Forum in September (the author was in the audience). “In today’s world, the biggest problem we have to solve is trustworthiness,” she said.
Since researchers have solved the problem of authentication and security in communications, she added, the current problem is computation.
“People are computing things for us. How do we know that they are computing correctly? How do we certify the huge and often crazy computations people are coming up with? That is a huge new research problem now.”
Possibility of disruption
Two research areas that could disrupt current cryptographic systems with significant economic and social consequences are homomorphic encryption and quantum information technologies, per a recent paper by the Organisation of Economically Developed Countries (OECD).
Homomorphic encryption is a cryptographic method that allows certain calculations to be performed on encrypted data without the need to decrypt it first and without accessing the secret key. The result of such computations remains in encrypted form and can be revealed later, when necessary. According to the paper, this technique could surmount the problem of processing encrypted data without decrypting it first, which increases risk.
Second, a mature quantum computer could easily break some encryption methods widely used today. Some researchers are thus working on algorithms that can resist attacks powered by a quantum computer, an enterprise called quantum resistant cryptography (QRC). In fact marrying cryptography with quantum physics paves the way for encryption technologies based on the laws of quantum physics, which can be more convoluted than mathematical concepts alone.
Researchers worldwide have been working on QRC since 2006, including in publicly funded research projects in the European Union and Japan. In India, Mukherjee’s group at IISER Pune, and those at the Indian Institute of Science (IISc) and the Raman Research Institute (RRI), both in Bengaluru; the Centre for Development of Telematics, New Delhi; and at Pondicherry University are working on it as well.
‘A huge deal’
Cryptography research in India is taking off in other aspects, too, catching up with that in the European Union, the U.S., and China. The National Quantum Mission the Cabinet approved in 2023 includes a research hub for quantum communication. The mission is to enable satellite-based secure quantum communications between ground stations over 2,000 km, long-distance secure quantum communications with other countries, inter-city quantum key distribution over 2,000 km, and multi-node quantum networks, among other outcomes.
The Indian Space Research Organisation is also planning to launch a satellite with ultra-secure quantum communication capabilities.
In July, a team of Indian scientists from RRI, IISc, IISER Thiruvananthapuram, and the Bose Institute in Kolkata published a paper describing a way to generate true random numbers that are crucial to making secure private keys and nearly unhackable passwords.
“This new method offers the enhanced protection we all need in our daily lives, by using truly random numbers to generate keys that will be used to encrypt the passwords,” the Department of Science & Technology said in a statement.
Apart from the Ministry of Science & Technology, major government funders for cryptography research in the country include the Ministry of Electronics and Information Technology and the Department of Telecommunications.
“The present status of quantum cryptography is to build quantum-secure cryptosystems,” Mukherjee said. “It’s based on the idea that, in the near future, we will have quantum computers. When that happens the current cryptosystems will fail. This is a huge deal.”
The consequences will also affect India’s cryptography policy. According to a recent study commissioned by the Thales Group, the volume of sensitive data in the cloud could surge from 51% of all organisational data to 68% by 2027. As more data enters and lives in the cloud, “encryption techniques for data at rest, in motion, and in use are becoming more pervasive, evolving into a standard practice for protecting cloud-resident sensitive information against emerging cyber threats,” the report said.
There is widespread data loss as well: the report said almost three-fourths of all organisations have faced multiple data breaches in the past year, foremost due to inadequate encryption. Some 71% initiated formal cryptographic programmes and 81% have dedicated encryption teams.
T.V. Padma is a science journalist in New Delhi.
Published – January 20, 2025 05:30 am IST
