Future of applied cryptography (advanced)¶

The first 2000 years of applied cryptography were mostly concerned with protecting data in motion, initially only by encrypting (cryptography) or hiding it (steganography), and later also by authenticating and signing it. Today, cryptography is widely used to protect data at rest as well. These two application areas—data in motion and data at rest—continue to evolve and are becoming increasingly common in everyday life. One need only consider the security requirements of the Internet of Things.

In which directions is development heading? Here are some likely possibilities:

The debate on lawful access by authorities to encrypted data will continue. For a determined user, it is not difficult to keep their communications private. For example, it seems unlikely that government security agencies could break the encryption currently used in Signal. Instead, they must continue to bypass encryption by exploiting vulnerabilities in systems located at the endpoints of encryption. In many countries, legal frameworks exist to enable this. Governments can of course also enact laws requiring developers to include mechanisms for law enforcement access. They could also pressure app stores to remove communication applications that provide very strong protection.
It can be expected that the current popularity of cryptocurrencies and blockchains will lead to the development of useful cryptographic techniques. An example of such techniques is zero-knowledge proofs.
In the area of computable encryption, rapid technical development is taking place, and start-ups have begun to bring ideas such as FHE and MPC to market—that is, fully homomorphic encryption and multi-party computation. The idea of FHE is attractive: encrypted data can be given to service providers for computation. However, around 20 years after its invention, FHE still incurs an overhead of about 10⁶–10⁸ compared to computation on plaintext. This limits its application to the most sensitive data and small-scale use. At the same time, important applications typically require ever more data and computation, so they remain out of reach of FHE for now.
Searching encrypted data and, more generally, database encryption are specific applications of computable encryption that may have commercial potential in the medium term. The most advanced current solutions balance efficiency against the leakage of some information. Quantifying such leakage and its security impact is a challenging research problem that must be addressed before these methods can become widespread.
A growing application area of cryptography is privacy-preserving technologies in data mining and data aggregation. Google’s privacy-preserving advertising initiative has been one prominent example. Another has been the Prio system, which Mozilla piloted in 2018 in the Firefox browser and which later formed the basis for testing the Origin Telemetry system. The idea is to aggregate telemetry data collected from browsers in a way that does not compromise user privacy.
Electronic voting has long been promoted as an application area for cryptography and has been extensively studied in academia. However, the use of electronic voting in local and national elections has proven problematic, as security vulnerabilities have been found in voting software and hardware that undermine trust. Estonia’s experience, however, has been positive: its ID-card-based system has been in regular use and has evolved since 2005.
A change may be forthcoming in how cryptography is studied, developed, and deployed. The traditional model involves a long path from research to practical use. Ideas such as MPC have followed this path for decades. The urgency of necessity accelerated systems such as DP-3T, although still following the research-first model. Another model arises when practice outpaces theory, and new theory is later developed to analyse what is already being done in practice. This often leads to a situation where practice could be improved by following the new theory, but improvements are slow because legacy code must be maintained and updating deployed systems is difficult (IPv4 being a general example). Sometimes a significant attack is needed to stimulate change. (Even in this regard, Russia did not succeed in 2022, neither USA in 2026.) A third model is represented by TLS 1.3, where academia and industry collaborated over several years to develop a complex protocol.
Cryptography involves a particular way of thinking. It includes quantifying all attackers in security proofs, maintaining conservative assumptions, and rejecting a system even if it contains only impractically exploitable flaws. This adversarial mindset should be applied more broadly in security research.