Navy awards Galois cryptographic security contract
Galois of Portland, OR announced on January 17 that it has been awarded a $2 million contract by the Office of Naval Research (ONR) to build a workbench that aims to ease the design process for cryptographic algorithms. For the ONR SBIR Phase II contract, Cryptographic Analysis, Verification, Exploration, and Synthesis (CAVES), Galois will build on tools and techniques created for defense and intelligence applications that verify the correctness of cryptographic software.
Cryptography is the cornerstone of privacy and security. Developing cryptographic algorithms involves specialized expertise, but even seasoned experts can miss a variety of subtle and hard-to-detect flaws. At the same time, many real world applications require either entirely new algorithms or variations on existing algorithms. The workbench aims to aid cryptographers in eliminating flaws and ensuring that the encryption software fits their performance requirements.
“Developing custom encryption algorithms is sometimes necessary, but it can be a difficult and error-prone process,” said Dr. Aaron Tomb, a research lead in software correctness at Galois. “We aim to augment cryptographic expertise with automated design exploration tools that include checks and verifications to assure that your cryptographic designs are safe and secure.”
It will achieve these goals by building on Galois’ Cryptol language in tandem with the Software Analysis Workbench (SAW).
Once the fully functioning workbench is developed, and the efficacy of the tool for exploring selected types of cryptographic algorithms and corresponding design goals has been demonstrated, Galois aims to provide support in transitioning the cryptographic workbench so that it can be integrated into government system security frameworks. In addition, Galois plans to provide the workbench to industry partners that have to develop their own encryption software. The availability of the cryptographic workbench will also accelerate the discovery of various novel cryptographic capabilities such as homomorphic encryption, attribute-based-encryption, and post-quantum public-key algorithms at research institutes and universities around the world.
Dr. Tomb adds: “It can take years and years for the cryptographic community to determine an algorithm is secure. In this project, we will explore ways to automate some of that burden while increasing the assurance level of the testing and verification. Our goal is to allow cryptographers in the defense and enterprise space to reach necessary assurance levels far more quickly and with more confidence.”