Cryptography is a discipline that has undergone rapid and extensive development in the last 30 years. It has become a rich academic subject in its own right, existing as a sub-discipline of theoretical computer science. It also has deep connections with areas of mathematics such as number theory and algebra. At the same time, cryptography is inherently an applied subject, underpinning the security of e-commerce, banking networks, mobile telecommunications, business-to-business collaboration on the Internet, and much more besides. This means that pragmatic, engineering aspects of cryptography are of vital importance.As the field has developed, so has it fragmented, to the point where potentially dangerous gulfs in understanding have opened up between theoreticians on the one side and practitioners on the other. Currently, few researchers are attempting to close the gaps between theory and practice in cryptography. Indeed, with only a small number of exceptions, researchers in academia largely work on theoretical topics, while practitioners are focussed on providing standards-compliant implementations.The principal aim of this Fellowship, then, is to make a systematic attempt to bridge the divide between theory and practice in cryptography, with the ultimate objectives being to create theory that is more useful and systems that are more secure. The means by which these aims will be achieved are both technical and organisational, and are grouped into three main themes:1. I will build on my previous work on globally deployed protocols such as IPsec and SSH, continuing to look for weaknesses in cryptographic specifications and implementations. I will also seek to understand how these weaknesses can be addressed in practical ways. 2. Using knowledge gained from the first activity, I will develop extensions of current theory that permit more realistic modeling of cryptographic primitives as they are used in fielded systems. 3. I will seek to engage with both the theoretical community and practitioners in an attempt to bring them back together again. This will be done by a variety of methods:* I will seek to establish a new series of workshops focussed on applied aspects of cryptography.* Through my position on the editorial board of the Journal of Cryptology, I will propose and guest-edit a special issue dedicated to applied cryptography. * I will continue to work with standardisation bodies such as ISO and the IETF.* I will work with industry through forums such as I4 and CPNI to keep practitioners informed of research developments. At the same time, I will maintain my contacts with the academic community, via collaboration, participation in the ECRYPT-II Network of Excellence, and conference attendance, bringing the needs of industry to their attention.* I will continue to engage with the wider public via magazine and press articles of the type engendered by my earlier work. This third activity will necessitate strengthening existing collaborations, developing new ones, and evangelising the general approach of reuniting theory and practice.

The ACORN network's mission is to bridge the gap that currently exists between the research in universities and the need of the financial services industry, its consumers and the regulator. ACORN wants to grow to well over 100 primary partners and 1000 associated partners, offering an inclusive, diverse and responsible research culture. Based on regional presence in Wales, Scotland, North-East England and London, it will harmonize technological know-how across regions and connect regional partners to nation-wide efforts. Real-life challenges in financial services are complex, combining responding to technology innovation with business ethics, green/environmental considerations and scarcity in the talent pipeline. This presents FS with wicked problems, which the industry cannot ignore, and which require people and researchers from across disciplines to come together. ACORN aims to address wicked problems in FS that are associated with innovation in technology, mathematics and sciences. ACORN provides a number of mechanisms to succeed in this mission. Central to ACORN's working is its 'commissioning framework', which provides the funding mechanisms for five types of collaborative projects between academia and partners. ACORN offers seed project funding, which aims to explore technological, mathematical and scientific solutions for real-life challenges in FS, prioritised through co-design sandpits. It then offers funding for larger multi-disciplinary feasibility projects, which may build on the seed projects, and expand to consider 'wicked' multi-disciplinary research problems. In parallel, ACORN offers funding for agile projects, which can be of any type, e.g., horizon scanning, population survey, a software prototype or a machine learning application. These have predetermined IP arrangements, so that they can be organised in agile manner and can start at any time for the duration of ACORN. Additionally, impact projects are offered to take any of the research projects further (e.g., to influence policy makers, or initiate commercialisation), and education/engagement projects allow to grow the FS talent pool and address the talent pipeline. To support researchers and partners in these project, ACORN establishes a number of services the community can use. The co-design service and the corporate digital responsibility service help researchers to consider these aspects in their proposals. The secure data vault, the shared code base, the experimentation sandbox and template IP arrangements are available to improve research, its impact and to lower collaboration barriers. We name the network ACORN, to signify that collaborations as majestic as an oak tree can grow from humble beginnings.

The 2015 UK National Security Strategy identifies cyber security as one of the top four UK national security priorities. The UK National Cyber Security Strategy 2016-2021 (NCSS) has an underlying vision to make the UK secure and resilient to cyber threats, prosperous and confident in the digital world. It is widely recognised that the UK, indeed the world, is short of cyber security specialists. Cyber security is genuinely cross-disciplinary. It's about technology, and the networks and systems within which technology is deployed. But it's also about society and how it engages with technology. Researching the right questions requires researchers to fully understand the integrated nature of the cyber security landscape. A CDT provides the perfect vehicle within which suitably broad training can be provided. The establishment of a cohort of researchers with different backgrounds and experience allows this knowledge to be cultivated within a rich environment, where the facts of hard science can be blended with the perspectives and nuances of more social dimensions. While society has made progress in developing the technology that underpins security, privacy and trust in cyberspace, we lag behind in our understanding of how society engages with this technology. Much more fundamentally, we don't even really understand how society engages with the concepts of security, privacy and trust in the first place. We will host a CDT in Cyber Security for the Everyday, which signals that research in our CDT will focus on the technologies deployed in everyday digital systems, as well as the everyday societal experience of security. Research in our CDT will investigate the security of emerging technologies. As cyberspace continues to evolve, so, too, do the technologies required to secure its future. Research topics include the cryptographic tools that underpin all security technologies, the security of the systems within which these tools are deployed, the use of artificial intelligence to aid discovery of system vulnerabilities, and security and privacy of everyday objects which are becoming embedded in cyberspace. Our CDT will also research how to secure cyber societies. Securing increasingly networked, automated, and autonomous societies requires an integrated research approach which engages the social, technological, cultural, legal, social-psychological and political on equal terms. Research topics include exploring state, institutional and corporate responsibility over how information is gathered and used, investigating how cyber security is perceived, understood and practiced by different communities, and researching how social differences and societal inequalities affect notions of, and issues relating to, cyber security. Our training programme will be based around a suite of relevant masters programmes at Royal Holloway, including in Information Security, Geopolitics and Security, and Data Science. This will be supplemented by workshops, practice labs, and a comprehensive generic skills programme. Students will work closely with the wider cyber security community through a series of industry engagement sessions and visits, summer projects, and three-month internships. Peer-to-peer learning will be fostered through group challenges, workshop design and delivery, reading groups and a social programme.