History

The Cryptography Group at Royal Holloway, University of London was formally founded in May 2021 by members of the Department of Information Security and the Department of Mathematics. However, the history of cryptography at Royal Holloway goes back to at least 1984, making it one of the oldest academic groups working in cryptography.

Documented by Keith Martin, Chris Mitchell, and Peter Wild

In 1984, the University of London was undergoing a major restructure, which involved closing a number of its smaller colleges. In that year, the Mathematics Department at Westfield College began its move to Royal Holloway and Bedford New College (as Royal Holloway was named after the merger with Bedford College in 1985). The driving force behind this was Fred Piper, who envisaged a department working with industry, specifically in cryptography and information security. Fred helped persuade Thomas Beth to become the Head of the Department of Computer Science, thereby providing the opportunity for inter-departmental collaboration in this area. Thomas brought Dieter Gollmann with him. Fred also had Peter Wild appointed to the Department of Mathematics. Fred himself spent the academic year 1984/85 working with Henry Beker and Chris Mitchell at Racal Comsec and Racal Research on educational programmes on security aimed at the military, specifically the Malaysian Army.

During the 1984/85 academic year, Thomas Beth instigated a colloquium to foster research in cryptography by members of both departments, as well as attracting external participants from both academia and industry. Thomas Beth left the college at the end of the academic year to take up the Chair in Informatik at Universität Karlsruhe and establish the European Institute for System Security. He was soon joined there by Dieter Gollmann. Fred returned from his secondment to industry and embarked on his plan to build a thriving group of PhD students, working closely with Peter Wild. He enlisted former PhD students Marion Kimberley and Sylvia Jennings from Westfield College to mentor new PhD students Liz Dunscombe, Alison Vincent (née Bennett) and Wen-Ai Jackson. At the same time, he supervised part-time PhD students Steve Babbage, Glyn Carter, and Mathew Dodd, who were working in industry.

Fred persuaded Henry Beker to become a Visiting Professor and established a cryptography-focussed seminar series, drawing on academics internal to the University of London, such as Bill Chambers and John Shawe-Taylor, as well as external researchers from industry, academia, and government establishments such as the National Physical Laboratory. As well as collaborating with Thomas Beth in Karlsruhe, Fred had close working relationships with Chris Mitchell and Martin Sadler at HP, Mike Walker at Vodafone, and Klaus Vedder at Giesecke & Devrient.

A second cohort of PhD students joined the group in the late 1980s and early 1990s, including Andrew Bowler, Melanie Harper, Keith Martin, Kenny Paterson, Kathleen Quinn, and Matt Robshaw. Fred also attracted short-term international visitors to contribute to research, with the PhD students benefitting greatly from these interactions. For example, Wen-Ai Jackson and Keith Martin solved a problem introduced by Gus Simmons, and many students collaborated with Jenny Seberry during an extended visit. Fred established links and visitor exchanges with Jim Massey at the Swiss Federal Institute of Technology Zurich, and Whit Diffie joined as a Visiting Professor. Exchange visitors during this time included early-career researchers who would go on to become established academic figures, including Ueli Maurer (ETH Zurich) and Jörg Schwenk (Bochum). Research at this time included areas such as the study of key stream generators, the security of RSA, key-sharing schemes, differential cryptanalysis, and provable security.

Fred also obtained EPSRC funding for cryptography research projects, employing Sean Murphy as a Research Assistant on a three-year research programme. Sean subsequently became a permanent member of staff, appointed jointly to Mathematics and Computer Science. In 1990, Fred, then Head of Mathematics, persuaded Chris Mitchell to leave HP and take up the vacant chair and Head of Department role in the Computer Science Department at Royal Holloway. Dieter Gollmann soon rejoined, and the scope of research in the newly created cross-departmental Information Security Group expanded from cryptography to include network and computer security. However, cryptography remained the largest single research focus of the group. Fred also encouraged other Royal Holloway mathematicians to work in cryptography. Mike Burmester developed an interest in zero-knowledge proofs, which led to a productive research partnership with the regularly visiting Yvo Desmedt. Simon Blackburn joined the Mathematics Department in 1992 as a postdoctoral researcher, then held an EPSRC Advanced Fellowship until 2000, after which he joined the department as a reader.

By the early 1990s, a thriving weekly seminar series attracted a mix of academic and industry researchers, and the introduction of the annual Coding and Cryptography conference at Cirencester brought together many national and international academics. In 1991, cryptography PhD students supported Andy Clark in organising the 1991 Eurocrypt conference in Brighton, of which Donald Davies was the programme chair.

In 1992, the MSc in Information Security was launched. Meanwhile, a steady stream of PhD students continued to be supervised by Fred and Peter, including Simon Blake-Wilson, Karl Brincat, Richard Horne, Mike Ward, and Stephanie Perkins. Between 1993 and 1997, Liqun Chen was a postdoctoral fellow, before departing to HP Labs.

By 2000, the MSc in Information Security was recruiting almost 200 students per year, and the ISG needed to expand to support this demand, especially as Mike Burmester departed for Florida towards the end of the year. This enabled a period of recruitment. Where do you find information security researchers in the early noughties? Inevitably, this was among Fred and Peter's extensive list of cryptography PhD alumni. As a result, the growth of information security at Royal Holloway was largely through an expansion of its cryptography research.

Keith Martin and Matt Robshaw joined in 2000 (the latter recruited from RSA Data Security). Kenny Paterson joined from HP in 2001. Alex Dent joined the staff shortly after completing his PhD in 2002, as did Siaw-Lynn Ng. The trend was bucked in 2001 when Steven Galbraith joined the Mathematics Department, and in 2005 when Carlos Cid was appointed following a postdoctoral fellowship. Neither Steven nor Carlos had been supervised at Royal Holloway.

By this time, Royal Holloway had an active research group of around ten cryptographers, who contributed to a diverse range of topics, including symmetric algorithm design and analysis, information-theoretic cryptography, elliptic-curve cryptography, signcryption schemes, identity-based cryptography, and cryptographic protocols. Sean Murphy and Alex Dent led Royal Holloway's contributions to the NESSIE project (2000–2003), a European effort to identify a suite of secure cryptographic primitives. Matt Robshaw and Carlos Cid were heavily involved in the subsequent eStream project (2004–2008), which focused exclusively on stream ciphers and was part of a European cryptography network called ECRYPT, of which Royal Holloway was a key partner. Matt continued this work as an employee of France Telecom, to which he moved in 2005. Between 2007 and 2009, Steven Galbraith held an EPSRC Advanced Fellowship looking at pairing-based cryptography. Meanwhile, Chris Mitchell continued to lead a suite of cryptographic standardisation efforts.

In 2004, Fred Piper formally retired, although he retained a consulting role and was in the office as often as ever. In terms of cryptographic legacy, this marked the end of an exceptional pipeline of cryptography PhD students co-supervised by Fred Piper and Peter Wild. Of course, PhD supervision continued, this time often through the former students of Fred and Peter.

The 2010s began with a couple of notable departures: Steven Galbraith returned to Auckland in 2009, and Alex Dent moved to Qualcomm in California in 2011. This was a period when financial pressures made new recruitment difficult, so these departures threatened to weaken Royal Holloway's research in public-key cryptography. However, Kenny Paterson kept this area thriving by securing an EPSRC Leadership Project on bridging cryptographic theory and practice (2010–2015). This project attracted capable postdoctoral researchers to Royal Holloway and gave a name to the style of cryptographic research that had historically been conducted at the university – namely, ‘real-world cryptography'. Kenny's project was notable for the successful cryptanalysis of several high-profile cryptographic targets, such as the TLS protocol, and for the joint establishment of the Real-World Cryptography workshop, which continues to this day.

Cryptography research at Royal Holloway received a boost in 2013 with the award of an EPSRC Centre for Doctoral Training (CDT) in Cyber Security, with cryptography as one of its core themes. Carlos Cid took on the leadership of this centre, which enhanced the stream of cryptography PhD students and enabled researchers to develop within multidisciplinary cohorts.

The CDT allowed Royal Holloway to diversify its cryptography research further. Alongside continued work on real-world cryptographic protocols, post-quantum cryptographic algorithms, and secure computation, Royal Holloway cryptographers began exploring projects related to the geopolitical and social aspects of cryptographic policy.

In the latter half of the 2010s, the cryptography group was permitted to grow once again. Martin Albrecht joined in 2015, followed by Liz Quaglia in 2016. Bertram Poettering was briefly a member in 2018, with Rachel Player joining in 2019. This was also the year that Kenny Paterson left Royal Holloway to join ETH Zurich. Martin, Liz, and Rachel were all PhD graduates of Royal Holloway, while Bertram had previously been a postdoctoral fellow.

The 2020s have already brought significant changes to cryptography research at Royal Holloway, marked by both departures and growth. Carlos Cid left for Simula, Norway, in 2022, and Martin Albrecht joined King's College London in 2023. However, the group has been revitalised by the appointments of Christian Weinert and Saqib Kakvi in 2022, Yiannis Tselekounis in 2023, and Danilo Francati in 2024.

Today, the cryptography group is arguably as large and as diverse as it has ever been, with research spanning symmetric and asymmetric cryptography, cryptographic protocols, privacy-enhancing cryptography, post-quantum cryptography, and combinatorial cryptography. By the time the CDT in Cyber Security winds down towards the end of the decade, it will have trained almost forty cryptography PhD researchers, many of whom now hold leadership roles in cyber security technology companies and academic institutions. These include Torben Hansen (Amazon), Thalia Laing (HP), Eamonn Postlethwaite (King's College London), Thyla van der Merwe (Google), and Joanne Woodage (Microsoft).

Fred Piper, who sadly passed away in 2024, left behind a cryptography research environment that remains as vibrant and impactful as ever. The legacy he began almost forty years ago continues to shape the cryptography landscape, both within academia and beyond.

Feel free to reach out to our members directly, depending on the area of specialism you need.

• cryptography@rhul.ac.uk
• Bedford Building
  Egham TW20 0EX
  United Kingdom