A specialist in the design of symmetric-key cryptographic algorithms
Doctor of Engineering, Choice Theory Psychologist, Certified Psychologist/WGI Practicum Supervisor, Principal Researcher, Data Security Technology Group, Cloud System Research Laboratory, NEC Corporation: Yukiyasu Tsunoo
In this information society, a wealth of data connects our lives, businesses, and social infrastructure via the Internet. In this context, cryptographic technology is now essential for information security. Yukiyasu Tsunoo is an algorithm designer who has worked on the development of a large number of cryptographic technologies, covering everything from digital cameras to outer space. Here he discusses the inner workings of high-strength cryptography development, as well as his motivation and the focus of his research. He also talks about the coordination of cryptography and cyber security, and points regarding forward-looking security measures for the IoT age.
Algorithm design is at the heart of cryptographic development
--First, what is cryptographic technology? Please give us an overview and a brief explanation of how it works.
Tsunoo: One important role of cryptographic technology is to protect secrets, as I'm sure you're aware. It is concealment technology that enables you to make information such as text or data understandable only by those you want it conveyed to, rendering it indecipherable by everyone else.
In the digital world, information is made up of multiple bit streams formed from binary "0/1" signals. Replacing this on a bit level in accordance with an algorithm converts plain text that anyone can read into encrypted text that nobody can read.
By applying secret data called a "key" to the encrypted text (encrypted information), it can be decrypted into plain text again. Cryptographic technology is also used to detect tampering, in which a small piece from a large set of data is overwritten maliciously.
--What is your field of expertise with regard to cryptographic development?
Tsunoo: In short, I'm a designer for symmetric-key cryptography. I design the algorithms that are at the core, or should I say the heart of cryptographic technology. Cryptographic algorithm design is carried out based on knowledge in areas ranging from cryptographic theory, to cryptanalysis, cryptographic algorithms, statistics, and numerical simulations.
I am a researcher of cryptographic technology, and at the same time a developer of cryptographic products, while also carrying out work to support business development. Because cryptography is a specialized technology, there are many aspects of it that are difficult for sales staff to explain to the client. In light of this, I go to see customers myself to give an overview of the process, from advanced research to product development. After identifying their requirements and issues, I provide comprehensive guidance covering design, manufacturing, quality assurance, and even cost and time, and consider what the optimal cryptographic system for the customer would be.
A developer of cryptography that is among the strongest in the world
--Tell us about the demand for cryptography in recent years, as well as trends in cryptographic technology.
Tsunoo: Due to incidents such as information leaks caused by cyber attacks, etc., there is growing demand for cryptographic technology in a variety of fields.
Also, now that Internet utilization has spread, there is demand for cryptographic technology that can be used with a range of devices and systems, and not just computers or communications devices. For example, cryptography is also used in digital camera batteries and home appliances. There have also been moves to standardize compact, lightweight cryptography that can run on low-end CPUs such as 8-bit microcomputers for the Internet of Things era.
Aside from the use of cryptographic technology to protect information, the concept of making systems safer using cryptanalysis techniques has recently been brought up. For example, NEC is researching a technique called side-channel analysis that detects issues such as latent malware on an operational computer system using measurement data for electromagnetic waves or power consumption.
--Can you tell us about the high-strength UNICORN cryptography that you developed?
Tsunoo: We developed the first UNICORN cryptography product in 1997.
At the time, the cryptography we developed had a reputation among university professors as being one of the strongest in the world. "CIPHERUNICORN" is a registered trademark of NEC, and the current UNICORN cryptography is a general term for the cryptography we developed. There is a whole series of products now to match different purposes and goals, such as compact, lightweight products, in addition to those that focus on strength above all else.
The cryptographic solutions we develop are sometimes embedded in systems as software, or installed on devices as a cryptographic chip. Incidentally, the name UNICORN cryptography was a play on words suggested by my superior. My surname contains a character that means "horn," and because I began research on this project alone, UNICORN cryptography refers to this "one horn" connection.
Advanced cryptography contributes to a convenient and secure lifestyle
--What are the key points to keep in mind when developing high-strength encryption?
Tsunoo: It is important to thoroughly analyze the algorithms you and your competitors have developed, and find weaknesses. When a new algorithm is announced at an international conference, etc., researchers around the world will attack the cryptography in an attempt to find a weak point. To put it in less savory terms, they are trying to find fault with the cryptography developed.
When a weakness is found, there is a chance that content could be deciphered, so that cryptography is deemed to have weak strength. By repeatedly identifying weaknesses and performing analysis on a large number of cryptography products, you gradually get a picture of how you can make the cryptography you develop stronger.
For cryptographic product development, it is crucial to thoroughly understand the customer's objectives, as well as the sort of encryption they are looking for, instead of just doggedly pursuing strength above all else. It is also important to not rely too much on standardized algorithms. Design techniques based on the concept of "dedicated cryptography classified by use," which provides optimal products according to purpose or platform, is one of the major features of the UNICORN cryptography series that we are developing.
--What kind of results have you seen from the implementation of UNICORN cryptography?
Tsunoo: Close to 30 different varieties of cryptography that I've developed are actually being utilized as products. They have commonly been implemented in areas such as public offices and highly public social infrastructure. Among these were mechanisms for encrypting communications on expressways and between banks, so some people out there may use cryptography developed by me in their daily lives.
As for private-sector demand, we have also provided cryptography for devices such as digital cameras and home servers. As the technological trend toward IoT continues to gather momentum, demand for compact, lightweight cryptography is also likely to grow alongside high-strength cryptography.