NEXT
generation
techno-social and
Legal
Encryption
Access and
Privacy

In the wake of the Snowden revelations, public trust in the Internet has eroded.

NEXTLEAP aims to create, validate, and deploy communication and computation protocols that can serve as pillars for a secure, trust-worthy, annotable and privacy-respecting Internet that ensures citizens fundamental rights. For this purpose NEXTLEAP will develop an interdisciplinary internet science of decentralisation that provides the basis on which these protocols will be built.

Why does it matter?

Francesca Musiani

Georges Danezis

Carmela Toncoso

NEXTLEAP Team group photo.
Holger Krekel, Georges Danezis, Bruno Blanchet, Francesca Musiani, Carmela Troncoso, Karthikeyan Bhargavan, Marios Isaakidis and Harry Halpin (not the entire team).

Meet the NEXTLEAP team

NEXTLEAP combines expertise from across different disciplines in order to develop a set comprehensive answers to questions surrounding privacy and society. Our team is spread across Europe and includes specialists in computer science, formal protocol verification, sociology, social philosophy, cryptography and engineering.

Launch

The Political Significance of Cryptography

Although historically cryptography has been restricted to government and industrial use, there has recently, after revelations of mass surveillance by Snowden, been increased interest in securing the everyday communications of citizens: Applications such WhatsApp, Telegram, Silence, Crypto.cat, Signal, and even PGP all claim to use end-to-end encrypted messaging to secure the content of communication. There has been discussion in France after the Bataclan attacks of banning end-to-end encryption, and in recent weeks, political parties have declared their desire to keep end-to-end encryption legal but have a backdoor or passwords available to the government. Rumors of hacking now dominate the news, and are claimed even influence elections. Given that cryptography has moved from an obscure branch of mathematical number theory to a real-world problem, the NEXTLEAP project is drawing together an interdisciplinary group of cryptographers, activists, and philosophers to discuss the political significance of cryptography.

Seminars

2017 - Decrypting Algorithms

28.03.2017 14:00-17:00
What is "good encryption"? A pragmatic turn from a tool-centered to a user-centered approach
  • Ksenia Ermoshina (CNRS)
  • Francesca Musiani (CNRS)
  • Mykola Kostynyan (Digital security trainer and expert, ISCproject)
19.04.2017 18:30-20:00
Cryptography and Usability
18.05.2017 14:30-18:00
Decentralized systems and new urban territories
  • Bernard Stiegler - IRI
  • Franck Cormerais - Bordeaux-Montaigne University, Etudes Digitales
  • Julien Rossi - UTC
28.06.2017 15:00-18:00
Decentralized certification and blockchain systems
  • Christian Fauré (OCTO Technologies, Ars Industrialis)
  • Adli Takkal Bataille (La voie du Bitcoin)
  • Lyse Brillouet (Orange Labs)
  • André Reinald (PeerStorage, former Mozilla)

Cryptoparties

27-28-29.10.2017
#CryptoPartyCamp / Mains d'Oeuvres

We are open source

Repositories of various deliverables worked on by NEXTLEAP are available as open source materials. Feel free to download, replicate, share, remix and provide us some feedbacks.

Consult our github repository

Projects

Autocrypt
As part of bringing privacy-preserving end-to-end encryption to decentralized messaging, researchers and implementers in NEXTLEAP have co-founded and are participating in the new Autocrypt effort. It aims to leverage the email ecosystem, the largest federated identity and messaging network, and bring encryption to a wider audience than other failed efforts in the last 15 years.
Claimchain
In order to be decentralized, secure messaging requires an ability to discover key material and guarantee its integrity. Typically, today this is done via a single centralized and unstandardised service provider. In order to create an interoperable standard around secure messaging, key discovery needs to be decentralized. We've designed a new protocol, ClaimChain, that builds on both existing work on blockchains while adding new optimizations. We have both experimental Python code and a formally verified version of the code.
Net Rights
The goal of this part of the project is understand and popularize the emerging idea of net rights, as pioneered by the idea of a "magna carta" for the Web by Tim Berners-Lee. To achieve that aim, we set up a contributive categorization on Net Rights to collect previous contributions on Net Rights and related systems. Afterwards, we will in combination with an MOOC (online course), discuss the ethics these net rights with a global audience.
UnlimitID
UnlimitID is a method for enhancing the privacy of commodity OAuth and applications such as OpenID Connect, using anonymous attribute-based credentials based on algebrai Message Authentication Codes (aMACs). OAuth is one of the most widely used protocols on the Web, but it exposes each of the requests of a user for data by each relying party (RP) to the identity provider (IdP). Our approach allows for the creation of multiple persistent and unlinkable pseudo-identities and requires no change in the deployed code of relying parties, only in identity providers and the client.
Developer and High-Risk User Studies
As secure messaging protocols face increasingly widespread deployment, differences between what developers believe about user needs and the actual needs of real-existing users could have an impact on the design of future technologies. Therefore, we are doing a detailed analysis of three projects and large-scale analysis of their users via interviews.

Events

Current issues in SDO decision-making for the Internet
Parliament, London, United Kingdom / 15.11.2017
EU-Commission funds open source encryption
FM4 Radio - Vienna - Austria / 13.11.2017
Décrypte et Glitch ta vi(ll)e
Mains d'Oeuvres, Saint-Ouen, France / 27-29.10.2017
Availability, Reliability, and Security (ARES)
Reggio Calabria, Italy / 29-30.08.2017
Privacy-Enhancing Technologies Symposium
Minneapolis, United States / 18-21.07.2017
EuroUSec 2017 - 2nd European Workshop on Usable Security
Paris, UPMC, Paris 6, Sorbonne Universités / 29.04.2017
Rightscon 2017
Brussels / 29-31.03.2017
CryptoAction Symposium
Amsterdam / 27-28.03.2017
Internet Freedom Festival
Valencia / 06-10.03.2017
See events

Partners

INRIA IMDEA CNRS IRI (Centre Pompidou) UCL Merlinux