Renowned researcher, Marten van Dijk, has made major contributions within the field of computer security. He founded and leads the Computer Security research group at CWI and is an IEEE Fellow for his expertise in secure processor design and encrypted calculations. Notable achievements include the creation of Aegis, a groundbreaking secure processor, and the development of influential protocols like ‘Path ORAM’ and ‘Fully Homomorphic Encryption over the integers.’ Van Dijk’s contributions have significantly advanced the field of computer security, and his work continues to impact Trusted Execution Environments and cryptography practices.
It is because of these accomplishments that he has received the honor of the 2023 Edward J. McCluskey Technical Achievement Award for “…contributions to oblivious and encrypted computation.” The interview below highlights the details of his many successes and how they lead to this major achievement.
Your work has been instrumental in developing Path ORAM, the first ORAM scheme that can be taught from start to finish in an introductory graduate class in under an hour. Something that was previously unheard of for hardware security students. What inspired you to take on this
challenge?
We had been thinking about secure processor technology and wondered what needs to be done for security if a trusted single processor is fully dedicated to some critical compute job. The processor will use external memory outside the trust perimeter. Communication from the processor to DRAM and beyond can be observed by an adversary. Implemented in hardware we have practical encryption which makes the stored bits unintelligible to an adversary and we have practical memory integrity checking mechanisms. But the patterns in which the processor accesses the external memory also reveal information about what is being computed inside the processor. Existing Oblivious RAM (ORAM) schemes that solve this problem were too complex for hardware implementation with low overhead. We needed a simple solution. I called Emil Stefanov around midnight on a Friday and he told me about his Path ORAM but was not able to prove its security. The scheme was exactly what we needed for our processor technology (called Ascend) and it took me about 4 months of almost all my time to find the right mathematical tricks for the proof.
The resulting Path ORAM scheme turned out to be simple to visualize and explain to students. It is exciting to see that this allows more students to get familiarized with concepts in hardware security which helps the general understanding of taking security seriously in our current world where not only software but also hardware can be vulnerable to attack.
Honor your colleagues achievements. Nominate Someone for a Major Award Today!
You collaborated with others to produce the simplest known Fully Homomorphic Encryption (FHE) scheme, which went on to inspire the most widely used schemes today- Ring-LWE schemes. What do you attribute this success to? What kept you motivated?
I was fascinated by how a bilinear map can be used to evaluate a circuit of multiple XOR gates followed by one AND gate under encryption. I started thinking about how other types of math can possibly be used to achieve computation of more general circuits. I wrote a bunch of stuff down for a funding proposal and about one month later I saw that Craig Gentry just published his lattice based FHE scheme, which can compute any circuit and was far more powerful than what I had dreamed of. A few months later we talked and exchanged thoughts and this led to the simple FHE scheme based on the integers. The scheme itself only uses modular arithmetic which I was able to explain, together with intuition, to a visiting class (of prepared) high school students. As such the scheme is very accessible and can serve as a first step to gain understanding and study more advanced schemes.
What has been the most rewarding part of working in security while it was an emerging field?
Being very curious, I enjoy learning about all kinds of topics. While emerging as a field, security research lived with the many different disciplines it intersects with, like processor architecture, operating systems, database systems, machine learning, statistics, game theory, and so on and so on including cryptography, aspects of number theory, lattice theory etc. For me security research has been an opportunity to learn about many aspects of computer science by looking at these from the general question of into what extent secure computation is possible.
Security research is very important as we recognize more and more how systems and their implementations can be attacked. In order to make our world safer we will want to put security as a first class citizen next to performance, throughput, etc. in system design. It has been very rewarding to contribute to making security more and more recognized as a central design principle. This also inspires me in my current position as group leader of the Computer Security group at Centrum Wiskunde & Informatica (CWI), the national research institute for mathematics and computer science in the Netherlands.
What advice would you give security students or professionals looking to challenge themselves?
After reading general introductions to various topics, I would recommend thinking deeply about a list of the most important problems you can recognize. Start challenging yourself by making progress towards solving one of your problems and ask for help where you lack expertise. When having matured in one security direction, switch to a new different one, maybe every 5-10 years.
More About Marten van Dijk
At CWI, the national research institute for mathematics and computer science in the Netherlands, Marten van Dijk has founded and heads the Computer Security research group. He is professor at Vrije Universiteit Amsterdam in secure and intelligent computing and research professor at the University of Connecticut. He has more than 20 years of research experience in secure computation. He acquired this experience both in academia (Massachusetts Institute of Technology and University of Connecticut) and in industry (Philips Research and RSA Laboratories). Marten van Dijk is an IEEE Fellow for his contributions to secure processor design and encrypted calculations.
He received the A. Richard Newton Technical Impact Award in Electronic Design Automation in 2015 and the Most Frequently Cited Paper Award (2000-2009), Symposium on VLSI Circuits, for his collaboration that introduced silicon Physical Unclonable Functions.
Aegis, the first single-chip secure processor that encrypts and verifies the integrity of external memory and introduced the concept of secure containers, was selected for inclusion in ‘25 years of International Conference on Supercomputing’ in 2014 and got a Test of Time Award from Intel in 2022. This concept is in widespread use in Trusted Execution Environments (TEEs), such as the Intel SGX processor, which can be found nowadays in industry.
The RAM protocol ‘Path ORAM’ received a best paper award at CCS 2013 and was selected as a 2018 Top Pick in Hardware and Embedded Security. ‘Fully Homomorphic Encryption over the integers’ was nominated for best paper award at Eurocrypt 2010 and is his most cited paper (according to Google Scholar).
