The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts

Authors: 

Konstantin Fischer, Ruhr University Bochum; Ivana Trummová, Czech Technical University in Prague; Phillip Gajland, Ruhr University Bochum and Max Planck Institute for Security and Privacy; Yasemin Acar, Paderborn University and The George Washington University; Sascha Fahl, CISPA - Helmholtz-Center for Information Security; Angela Sasse, Ruhr University Bochum

Abstract: 

Cryptography serves as the cornerstone of information security and privacy in modern society. While notable progress has been made in the implementation of cryptographic techniques, a substantial portion of research outputs in cryptography, which strive to offer robust security solutions, are either implemented inadequately or not at all. Our study aims to investigate the challenges involved in bringing cryptography innovations from papers to products.

To address this open question, we conducted 21 semistructured interviews with cryptography experts who possess extensive experience (10+ years) in academia, industry, and nonprofit and governmental organizations. We aimed to gain insights into their experiences with deploying cryptographic research outputs, their perspectives on the process of bringing cryptography to products, and the necessary changes within the cryptography ecosystem to facilitate faster, wider, and more secure adoption.

We identified several challenges including misunderstandings and miscommunication among stakeholders, unclear delineation of responsibilities, misaligned or conflicting incentives, and usability challenges when bringing cryptography from theoretical papers to end user products. Drawing upon our findings, we provide a set of recommendations for cryptography researchers and practitioners. We encourage better supporting cross-disciplinary engagement between cryptographers, standardization organizations, and software developers for increased cryptography adoption.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {294603,
author = {Konstantin Fischer and Ivana Trummov{\'a} and Phillip Gajland and Yasemin Acar and Sascha Fahl and Angela Sasse},
title = {The Challenges of Bringing Cryptography from Research Papers to Products: Results from an Interview Study with Experts},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {7213--7230},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/fischer},
publisher = {USENIX Association},
month = aug
}