Security, privacy, and cryptography

Security, privacy, and cryptography

Building trust in the hardware, software, networks, and services that billions of people use every day for communication, commerce, and storage.

Microsoft security, privacy, and cryptography efforts are guided by the responsibility to build and maintain trust in the computing ecosystem with state-of-the-art systems, controls, and services. Algorithms, protocols, and standards for security, privacy, and cryptography developed by experts across Microsoft ensure the authenticity and integrity of data that flows between personal computing devices and the cloud, and guarantee the confidentiality of information and communications.

Experts from Microsoft in the areas of security, privacy, and cryptography contribute to discussions in the global community about policies that guide the evolution of technology and services. The company takes a long view to security, privacy, and cryptography – preparing today for the post-quantum world and a time when every person, place, and thing is connected to the Internet.

“Trustworthy Computing is the highest priority for all the work we are doing.” – Bill Gates, Trustworthy Computing Memo, Jan. 15, 2002

Shared libraries and tools

Differentially Private Network-Trace-Analysis Tools – Research and analysis related to computer networks is often hampered by the tension between the need for accurate network packet traces to study, and the concern that these traces may contain sensitive information. Starting from recent work on differential privacy, we have produced a toolkit and a collection of standard network trace analyses using these…

FourQLib – FourQLib is an efficient and portable math library that provides functions for computing essential elliptic curve operations on a new, high-performance curve called “FourQ”.

FS2PV: A Cryptographic-Protocol Verifier for F# – FS2PV is a verification tool that compiles cryptographic-protocol implementations in a first-order subset of F# to a formal pi-calculus model. This pi-calculus model then can be analyzed using ProVerif to prove the desired security properties or to find security flaws.

LatticeCrypto – LatticeCrypto is a high-performance and portable software library that implements lattice-based cryptographic algorithms.

MSR ECCLib – MSR ECCLib is an efficient cryptographic library that provides functions for computing essential elliptic curve operations on a new set of high-security curves.

MSR JavaScript Cryptography Library – The Microsoft Research JavaScript Cryptography Library has been developed for use with cloud services in an HTML5 compliant and forward-looking manner.

SIDH Library – SIDH is a fast and portable software library that implements a new suite of algorithms for Supersingular Isogeny Diffie-Hellman (SIDH) key exchange.

Simple Encrypted Arithmetic Library (SEAL) – SEAL is an easy-to-use homomorphic encryption library, developed by researchers in the Cryptography Research group at Microsoft Research. SEAL is written in C++11, and contains .NET wrappers for the public API. It has no external dependencies.

TulaFale: A Security Tool for Web Services – TulaFale is a new specification language for writing machine-checkable descriptions of SOAP-based security protocols and their properties.

Focus areas


Local computing – Leading the research, development, and deployment of tools and services that provide security and privacy to users of digital technologies and platforms such as hardware and software that power personal computing and devices connected to the Internet of Things.

Cloud computing – Developing and deploying state-of-the-art cryptography, standards, and protocols that build trust in the hardware, software, and systems used to store, exchange, and exploit data across cloud-computing infrastructure.

Post-quantum computing – Designing and testing algorithms that are resistant to quantum computers, setting the standard for security and privacy in an era when all cryptography deployed today will be vulnerable to malicious attack.

Policy – Engaging with government representatives, industry trade groups and non-profit organizations to discuss standards, protocols, and policies that help shape and guide the evolution of security, privacy, and cryptography.