Cryptographic Research @ Wickr

Wickr’s website has just been extended with a new section on our Cryptographic Research & Development Program. So this seems like as good a time as any to talk more, not just about the site, but about the R&D program itself. Joël Alwen, Cryptographer at Wickr
July 12, 2019

What’s New on the Website?

For some time now, Wickr has been investing in cryptographic R&D. Recently, we’ve doubled down on those efforts and, as part of this change, have just launched a new section on our website dedicated to our crypto research.

The site has a new landing page, which includes an intro and our mission statement, a brief overview of the different research programs covered, related publications, and projects, and an introduction to the people behind the program (i.e., yours truly). Digging deeper into the site, you’ll find a page dedicated to each individual Research Program, with the layout presenting the related individual projects and publications in a coherent narrative. Currently, Wickr has two main programs: one revolving around the topic of Secure Messaging and another around Moderately Hard Computation. Finally, when an individual project reaches maturity, it gets its own page describing the goals and results of the project, together with links pointing to further relevant resources (e.g., peer-reviewed publications, RFC, implementation).

While I definitely encourage any curious reader to have a look at the site, I think it’s fair to say that the primary target audience ranges from crypto/security enthusiasts all the way up to crypto engineers and researchers. Basically, the further you dig into the site, the more technical things become. We wanted to build a collection of more advanced resources to complement the security and crypto-related posts on Wickr’s blog. While the latter covers a wider range of topics, it is also geared toward a wider audience aiming for a more casual read. In contrast, the new R&D site is really about getting into the guts of Wickr’s crypto research.

Why have a Crypto R&D Program?

Wickr’s mission is to transform the way companies and organizations use and build systems so that data is protected and controlled. We believe decentralized key management and open crypto address the transparency problems inherent to centralized and hardware-based key management solutions. Further, by giving customers access to a simple and intuitive interface to expertly design, implement, and vet crypto, Wickr is giving developers the ability to build custom ephemeral end-to-end protected workflows based on secure transport and contact management.

Cryptography is clearly central to achieving these goals. It represents a foundational and indispensable part of why Wickr’s technology is able to provide such strong security features.

Beyond that, we firmly believe that crypto has a vital role to play in the modern digital world. It can help us govern who has what power over data and computation and who does not; be that power in the form of knowledge, capabilities, access, or control. Yet what really makes crypto so important is that it’s based on mathematical principles (rather than, say, the availability of physical or financial resources). This gives it the potential to protect the weak from the strong and even to defend against the unknown. In an increasingly complex and asymmetric world, few other technologies hold such profound promise. Working toward realizing this promise serves not just Wickr’s immediate interests as a company, but also our vision of the world we want to live in.

Unfortunately, getting crypto right is notoriously hard. History is littered with examples of bad crypto (and the ever growing price we pay as a consequence). That’s why we believe that any serious sustained effort to build crypto must be a team sport. What’s more, only the largest and most capable teams stand a chance of getting things right on any reasonably consistent basis. So, in an effort to improve not just Wickr’s own crypto tools but also those available to the public, Wickr’s research program is squarely targeted at joining “Team Open Crypto.”

Research Program Format

How is Wickr joining Team Open Crypto? By designing the R&D program based on the principles of transparency, collaboration, peer-review, open standards, and open access. Essentially, all the research done at Wickr is done in collaboration with other cryptographers, both from academia and industry. Results are peer-reviewed, presented at public conferences, and published (not just on our own site, but also in public access forums, such as the IACR’s eprint archive). Prototype implementations will often be made available to the public on github (e.g., an implementation of the messaging protocol framework developed in this project can be found here).

Wickr’s research program is focused on using rigorous mathematical design and analysis to tackle concrete problems faced by today’s security engineers. The research distinguishes itself from the wider field of crypto by focusing specifically on the boundary where formal crypto meets real-world problems. For example, one boundary concerns the cryptography tools and protocols around secure messaging protocols (a topic where we expect to see a lot of progress in the coming year as several ongoing projects come to fruition).

To further bridge that gap, Wickr’s R&D program also includes participating in the development of new open crypto standards, such as the ongoing Message Layer Security work group at the IETF and the Hybrid Public Key Encryption standardization efforts at the CFRG.

The Path Forward

Wickr’s crypto R&D program is still in its early stages but is quickly ramping up. It’s hard to understate my own excitement about all this though: in particular, the program’s potential to give back to the wider community and really, to help make the world just a little bit better. I encourage you to keep an eye on our website, blog, twitter accounts, and other outlets for updates and insights into our work. And of course, if you think there might be a way you can work meaningfully with us on this research program, then please don’t hesitate to reach out to us!