Bryan Kumara

Bryan Kumara’s research on the Trustworthy Digital Infrastructure for Identity Systems project considers how cryptography can help users to protect sensitive information

What are you currently working on? 

I’m currently a research assistant on the 'Trustworthy digital infrastructure for identity systems' (TDI) project at The Alan Turing Institute. This project aims to address the question of trust for digital identity from a range of perspectives and is funded by the Bill & Melinda Gates Foundation.  

Within the project, I’m looking into privacy-enhancing technologies that use cryptography, a technique that secures information and communications through use of codes, to ensure that users can protect and securely compute sensitive information. 

What’s the most interesting thing to come out of your work? 

So far, the most interesting aspect has been exploring how different cryptographic protocols can enable privacy. Complex protocols, such as zero-knowledge proofs (a method of proving information is true without revealing any information) and redactable signature schemes (which allow the removal of parts of a signed message without invalidating the signature) can be used to show that a digital identity meets some criteria (such as being above a certain age) whilst hiding sensitive information such as home address and nationality.   

Tell me about the challenges of your research 

A big challenge of my research is integrating the theoretical side of cryptography with the practical aspects of the TDI project. For instance, the variable length of addresses and nationalities used in identity systems makes it difficult to convert them to a format for zero-knowledge proofs, but this is often not covered by research papers.  

What part of your work is exciting you most right now? 

Over the past two months, some key cryptographic conferences have taken place. Among these talks I came across the concept of laconic encryption – this allows an efficient outsourced computation that maintains privacy of input.

It's an important protocol that tackles the intense communication costs of outsourcing and can be implemented by servers looking to check individual credentials in a privacy-preserving way. I’m keen on utilising this technique for the TDI project, especially in the context of biometric authentication. 

When not working, what can you be found doing? 

I can be found exploring museums and parks around London. On a rainy day, I’ll be at home reading books and enjoying tea.