Try Again. Fail Again. Fail Better : New notions of security, broken assumptions, and increased efficiency in cryptography. (Essaie encore. Echoue encore. Echoue mieux : Nouvelles notions de sécurité, d'hypothèses brisées et d'efficacité accrue de la cryptographie)

A brief look at any “good” cryptographic paper reveals that cryptographers rarely consider the meaning or even the structure of protected data. When a message is signed, hashed or encrypted, data is considered as raw bits fed into functions. Interestingly, cryptographers consider this low-level treatment as a virtue rather than a limitation because cryptographic algorithms do not assume anything about the structure of the data that they process. Information security specialists work at a higher abstraction level and devise methods to protect structured information. For instance, SQL injections target database entries, Java bytecode verifiers check type semantics and antiviruses analyze executable programs. We believe that protecting data and information will start to become insufficient as we move into an era of ontology and knowledge. As we write these lines, ontologies already allow autonomous cars to make driving decisions. Ontologies also entrust computers with the authority to make important financial decisions. Hence, it appears necessary to start formalizing the foundations of ontological security. Here the adversary does not necessarily want to access data or corrupt information but to maliciously modify inferred knowledge. Little seems to exist in this area today. In addition to setting the foundations of ontological security, I plan to build upon work currently being investigated by two students at ENS, in which they investigate methods to try to protect knowledge by relying on the assumption that if the syntactic tree of a message is revealed, little can be inferred about the message. I plan to add to this by further reducing knowledge by exploiting any transform mapping of natural integers to knowledge.