Pairing-based cryptography has boomed over the last decade since it provides secure solutions to problems where traditional cryptographic methods do not suffice or are less efficient. Boneh and Franklin in a seminal paper showed how to construct identity-based encryption using pairing-based techniques. This makes it possible to encrypt a message under somebody's identity, for instance their e-mail address, eliminating the need to obtain or manage a public key for each user. In large organizations this simplifies key management and identity-based key-management solutions are now used in several Fortune 500 companies. Another example arises in the context of pervasive computing systems such as intelligent cars that communicate with each other. In an intelligent car processing hundreds of messages from surrounding vehicles in every 300ms interval it is essential to minimize communication and optimise efficiency. Pairing-based digital signatures can be useful in this scenario because they are smaller than traditional digital signatures and at the same time allow for fast verification of a large batch of signatures at once. Other proposed applications of pairing-based cryptography include e-cash, searchable encrypted data, broadcast encryption and traitor tracing, delegatable anonymous credentials, and verifying the presence of data stored in a cloud computing facility. Security is essential in all of these tasks. As our society has become increasingly digitized and networked so have criminals, hackers, industrial spies, enemy states, etc. It is therefore necessary to design secure cryptographic schemes that can be used to build a digital society that is resilient in the presence of malicious adversaries. Designing cryptographic protocols for complex tasks requires significant effort and expertise since even a small mistake may render the entire system insecure. It is therefore natural to build cryptographic protocols in a modular fashion. This is what structure-preserving pairing-based cryptography allows. The term structure-preservation refers to pairing-based schemes that preserve their underlying mathematical structure. This structure-preserving property makes it easy to compose them with other pairing-based schemes and enables modular design. We will design structure-preserving pairing-based cryptographic schemes, study the efficiency limits of structure-preserving pairing-based cryptographic schemes and evaluate the security of pairing-based cryptographic schemes. By designing structure-preserving pairing-based schemes we develop new building blocks for the digital society. Moreover, the techniques we develop for the design of structure-preserving schemes may make it possible to build pairing-based schemes for significantly more complex tasks than is currently possible. Very recent work has shown that there are limits to how efficient structure-preserving digital signatures can be. It is usually very difficult to find efficiency limitations, researchers just tend to get stuck at some point without knowing why, but because of their unique nature structure-preserving protocols lend themselves to exact efficiency analysis. By finding efficiency limits for structure-preserving pairing-based schemes, we can get an accurate picture of the exact efficiency for a variety of cryptographic tasks. Security is essential when designing cryptographic protocols. The security of cryptographic schemes relies on hardness assumptions; for instance that it is computationally infeasible to factor large integers in a short amount of time. Unfortunately, pairing-based cryptographic schemes have been based on a large variety of assumptions making it hard to assess how secure they are. We will map out the landscape of assumptions that are used in pairing-based cryptography and make it easier to assess the security of pairing-based cryptographic schemes.

Computer simulations of physical models have become a vital tool in science and engineering. For example, the aerodynamics and chassis integrity for a new car design will be fully simulated on a computerised model, long before production begins, while biologists will use a simplified computer model to simulate the dynamics involved in protein folding. In both of these cases, the physics underlying the model to be simulated is that of the familiar, classical world, as is the information that is processed. In contrast, chemists working with systems at the microscopic scale (quantum chemists) must incorporate quantum physics into their physical models. But these models come up against the intractability of simulating even modestly sized quantum systems on classical computers. The number of possible configurations of any system grows exponentially with its degrees of freedom, just like the number of heads/tails configurations of a row of coins doubles with each additional coin. Since a quantum system can exist simultaneously across all of its configurations, its evolution is too large to be simulated with a classical computer. Therefore, quantum mechanical models for classical computers are necessarily limited while more compete models are fundamentally intractable to classical simulation. Yet increasingly, scientists need to understand the role of quantum physics, for example in biological molecules. The famous physicist and Nobel Laureate, Richard Feynman, identified this problem in a seminal lecture in 1982. He also proposed a solution. Feynman suggested using one controllable quantum system to simulate the model for the quantum system one wishes to study. The ultimate realisation of this ingenious concept is a digital quantum simulator that theoretically can be programmed to simulate any quantum system. Building this device is the focus of an increasingly intensive international effort, or competition. This effort is likely to be long term since isolating, digitising, and coherently controlling large quantum systems has proved to be highly challenging, due to their inclination to couple to the environment, decohere, and behave classically. After all, the world we see around us is classical, not quantum. Therefore, the road to a quantum simulator that surpasses the capabilities of classical computers seems, long and difficult, and is an ultimate goal to scientists working in quantum information science. This fellowship proposes a smart route to large-scale quantum simulations that is intrinsically scalable, and can be implemented with manufacturable technologies. The project aims to simulate quantum physical models at a scale that surpasses the capabilities of conventional computers. This is possible because a mapping has been identified between an established model for the quantum vibrational behaviour of molecules, which cannot be simulated with a conventional computer, and the description of photons in manufacturable optical chips. By injecting ensembles of single photons into a versatile optical chip, the evolution of a large molecule can be tracked. The direction of the research is to then make improvements to the molecular mathematical model with a series of perturbations, which, in loose terms, are matched by perturbations to the optical circuits in the form of weak interactions between the photons. The difficulty in getting single photons to strongly interact is the main challenge for optical quantum computers. However, developing successive generations of devices that build up layers of weak interactions allows interesting and complex simulations to be performed on an increasingly tailored and accurate molecular model. As these devices progress, they will develop additional computational capabilities, such as the calculation of factors involved in chemical transitions and characteristic properties of biotic molecules.