CWI researcher Marc Stevens of the Cryptology research group has been awarded the Google Security Privacy and Anti-abuse applied award.Google has selected Stevens for this award in recognition of his work in Cryptanalysis, in particular related to SHA-1.
The SHA-1 industry standard is used for digital signatures, which secure credit card transactions, electronic banking and software distribution. Stevens' research has indicated that SHA-1 is insecure. His work will have significant impact on phasing out SHA-1, which has been a slow process up until now. The results of Stevens' research will help Google to speed up this process.
Cryptanalyst Stevens is known worldwide for breaking the https security in 2008 and the analysis of the Flame supermalware in 2012. With advanced mathematics he showed that the widely used MD5 and SHA-1 security standards were not safe anymore. Stevens works as a Tenure-Track researcher at the Cryptology Group of Centrum Wiskunde & Informatica. His work focuses on exposing weaknesses of crypthographic functions. Stevens may use the prize money ($50.000) for acquiring hardware and towards a research position to further strengthen his research.
Google is committed to developing new technologies to help users find and use information. They do significant in-house research and engineering, and also maintain strong ties with academic institutions worldwide pursuing innovative research in core areas relevant to Google's products and services. As part of that vision, the Google Faculty Research Awards Program aims to recognize and support world-class, permanent faculty pursuing cutting-edge research in areas of mutual interest.
More information:
Researchers Urge: Industry Standard SHA-1 Should Be Retracted Sooner