Colin A. Percival (born 1980) is a Canadian

computer scientist A computer scientist is a person who is trained in the academic study of computer science. Computer scientists typically work on the theoretical side of computation, as opposed to the hardware side on which computer engineers mainly focus (al ...

and

computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...

researcher. He completed his undergraduate education at

Simon Fraser University Simon Fraser University (SFU) is a public research university in British Columbia, Canada, with three campuses, all in Greater Vancouver: Burnaby (main campus), Surrey, and Vancouver. The main Burnaby campus on Burnaby Mountain, located from ...

and a doctorate at the

University of Oxford , mottoeng = The Lord is my light , established = , endowment = £6.1 billion (including colleges) (2019) , budget = £2.145 billion (2019–20) , chancellor ...

. While at university he joined the

FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...

project, and achieved some notoriety for discovering a security weakness in

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...

hyper-threading Hyper-threading (officially called Hyper-Threading Technology or HT Technology and abbreviated as HTT or HT) is Intel's proprietary simultaneous multithreading (SMT) implementation used to improve parallelization of computations (doing multip ...

technology. Besides his work in

delta compression Delta encoding is a way of storing or transmitting data in the form of '' differences'' (deltas) between sequential data rather than complete files; more generally this is known as data differencing. Delta encoding is sometimes called delta compre ...

and the introduction of

memory-hard function In cryptography, a memory-hard function (MHF) is a function that costs a significant amount of memory to evaluate. It differs from a memory-bound function, which incurs cost by slowing down computation through memory latency. MHFs can be used as ...

s, he is also known for developing the

Tarsnap Tarsnap is a secure online backup service for UNIX-like operating systems, including BSD, Linux, and OS X. It was created in 2008 by Colin Percival. Tarsnap encrypts data, and then stores it on Amazon S3. Service The service is designed for eff ...

online backup service, which became his full-time job.

Education

Percival began taking mathematics courses at

(SFU) at age 13, as a student at

Burnaby Central Secondary School Burnaby Central Secondary School is a public high school in Burnaby, British Columbia. It is located across from Burnaby City Hall and is adjacent to Deer Lake Park. Burnaby Central is a part of Burnaby School District 41. As of 2015, there ar ...

. He graduated from Burnaby Central and officially enrolled at SFU in 1998. At SFU he studied

number theory Number theory (or arithmetic or higher arithmetic in older usage) is a branch of pure mathematics devoted primarily to the study of the integers and arithmetic function, integer-valued functions. German mathematician Carl Friedrich Gauss (1777� ...

under

Peter Borwein Peter Benjamin Borwein (born St. Andrews, Scotland, May 10, 1953 – 23 August 2020) was a Canadian mathematician and a professor at Simon Fraser University. He is known as a co-author of the paper which presented the Bailey–Borwein–Plo ...

, and competed in the

William Lowell Putnam Mathematical Competition The William Lowell Putnam Mathematical Competition, often abbreviated to Putnam Competition, is an annual list of mathematics competitions, mathematics competition for undergraduate college students enrolled at institutions of higher learning in th ...

, placing in the top 15 in 1998 and as a Putnam Fellow (in the top six) in 1999. From 1998 to 2000 he ran the

PiHex PiHex was a distributed computing project organized by Colin Percival to calculate specific bits of . 1,246 contributors used idle time slices on almost two thousand computers to make its calculations. The software used for the project made use of ...

project, organizing contributors from all over the world to help calculate specific

bit The bit is the most basic unit of information in computing and digital communications. The name is a portmanteau of binary digit. The bit represents a logical state with one of two possible values. These values are most commonly represente ...

s of pi. Percival graduated from SFU in 2001 and was awarded a

Commonwealth Scholarship The Commonwealth Scholarship and Fellowship Plan (CSFP) is an international programme under which Commonwealth governments offer scholarships and fellowships to citizens of other Commonwealth countries. History The plan was originally proposed b ...

to the

University of Oxford , mottoeng = The Lord is my light , established = , endowment = £6.1 billion (including colleges) (2019) , budget = £2.145 billion (2019–20) , chancellor ...

. In Oxford, Percival set out to do research in

distributed computing A distributed system is a system whose components are located on different computer network, networked computers, which communicate and coordinate their actions by message passing, passing messages to one another from any system. Distributed com ...

, building on his experience with PiHex. When a serious illness in 2003 interrupted this work for months, he turned his attention to the problem of building a

software update A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually being called bugfixes or bug fixes. Patches ...

system for the

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

. At the time, FreeBSD updates were distributed only as

source code In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...

patches, making it difficult to keep systems updated. After a commenter on a mailing list suggested using

xdelta xdelta is a command line program for delta encoding, which generates the difference between two files. This is similar to diff and patch, but it is targeted for binary files and does not generate human readable output. It was first released in 1 ...

to reduce the size of the files to be transferred, Percival began working on a more efficient

algorithm. This new algorithm, called ''bsdiff'', became the new focus of his doctoral research, and later a widely-used standard, and his ''freebsd-update'' became a part of FreeBSD. In 2004 he contributed

portsnap Portsnap is a system written by Colin Percival for secure distribution of compressed, digitally signed snapshots of the FreeBSD ports tree. The distribution follows the client–server model and uses the transport protocol HTTP (pipelined HTTP ...

, which uses bsdiff to distribute snapshots of the FreeBSD ports tree. His 2006 doctoral thesis, supervised by William F. McColl and

Richard P. Brent Richard Peirce Brent is an Australian mathematician and computer scientist. He is an emeritus professor at the Australian National University. From March 2005 to March 2010 he was a Federation Fellow at the Australian National University. His ...

, is called "Matching with Mismatches and Assorted Applications". It describes further improvements to the compression of bsdiff.

Career

After joining the FreeBSD Security Team in 2004, Percival analyzed the behaviour of

as then implemented on

Pentium 4 Pentium 4 is a series of single-core CPUs for desktops, laptops and entry-level servers manufactured by Intel. The processors were shipped from November 20, 2000 until August 8, 2008. The production of Netburst processors was active from 2000 ...

CPU A central processing unit (CPU), also called a central processor, main processor or just processor, is the electronic circuitry that executes instructions comprising a computer program. The CPU performs basic arithmetic, logic, controlling, and ...

s. He discovered a security flaw that would allow a malicious thread to use a timing-based

side-channel attack In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorit ...

to steal secret data from another thread executing on the same processor core and sharing its cache. Some months after reporting the problem to Intel and operating system vendors, with suggestions on how to mitigate it in system software, he made the details public in May 2005. Having finished his thesis, he returned to SFU as a

visiting researcher In academia, a visiting scholar, visiting researcher, visiting fellow, visiting lecturer, or visiting professor is a scholar from an institution who visits a host university to teach, lecture, or perform research on a topic for which the visitor ...

. He went on to serve as the FreeBSD Security Officer, from August 2005 to May 2012. He was also elected to the

FreeBSD Core Team The FreeBSD Project is run by FreeBSD committers, or developers who have direct commit access to the master Git repository. The FreeBSD Core Team exists to provide direction and is responsible for setting goals for the FreeBSD Project and to provi ...

, for the 2010–2012 term. In 2008 he released the client for

, his encrypted online backup service. He had already been trying for some two years to get FreeBSD running on the

Amazon EC2 Amazon Elastic Compute Cloud (EC2) is a part of Amazon.com's cloud-computing platform, Amazon Web Services (AWS), that allows users to rent virtual computers on which to run their own computer applications. EC2 encourages scalable deployment of ...

platform, and he increased these efforts. Building disk images himself, debugging kernel crashes, and coordinating with people at both

Amazon Amazon most often refers to: * Amazons, a tribe of female warriors in Greek mythology * Amazon rainforest, a rainforest covering most of the Amazon basin * Amazon River, in South America * Amazon (company), an American multinational technology c ...

and FreeBSD, he eventually overcame the technical obstacles, and Amazon announced official support for FreeBSD on EC2 in November 2012. Percival has continued to support FreeBSD on EC2, and in 2019 he was recognized as an ''AWS Community Hero'' for his work and enthusiasm. In 2009 Percival uncovered a fatal flaw in AWS' use of cryptographic signatures used to authenticate EC2, SimpleDB, SQS, and S3

REST Rest or REST may refer to: Relief from activity * Sleep ** Bed rest * Kneeling * Lying (position) * Sitting * Squatting position Structural support * Structural support ** Rest (cue sports) ** Armrest ** Headrest ** Footrest Arts and entert ...

APIs. The same year, while working to add

passphrase A passphrase is a sequence of words or other text used to control access to a computer system, program or data. It is similar to a password in usage, but a passphrase is generally longer for added security. Passphrases are often used to control ...

protection to Tarsnap keys, he became dissatisfied with existing

key derivation function In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudorandom function (which typically uses a crypto ...

s. Drawing on his experience in distributed computing, Percival modeled an attacker using specialized hardware to massively parallelize a

brute-force search In computer science, brute-force search or exhaustive search, also known as generate and test, is a very general problem-solving technique and algorithmic paradigm that consists of systematically enumerating all possible candidates for the soluti ...

for the passphrase. He concluded that the key derivation functions in use were vulnerable to such an attack, and sought to make these attacks cost-prohibitive by designing an algorithm that must use an amount of memory nearly proportional to its run time. He defined

s in these terms, and presented

scrypt In cryptography, scrypt (pronounced "ess crypt") is a password-based key derivation function created by Colin Percival in March 2009, originally for the Tarsnap online backup service. The algorithm was specifically designed to make it costly ...

as a specific example, which he used as the key derivation function for Tarsnap. Memory-hard functions have since become an active area of research in

cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...

, and scrypt is used as the basis of

proof of work Proof of work (PoW) is a form of Cryptography, cryptographic proof (truth), proof in which one party (the ''prover'') proves to others (the ''verifiers'') that a certain amount of a specific computational effort has been expended. Verifiers can s ...

Litecoin Litecoin (Abbreviation: LTC; sign: Ł) is a decentralized peer-to-peer cryptocurrency and open-source software project released under the MIT/X11 license. Inspired by Bitcoin, Litecoin was among the earliest altcoins, starting in October 2011. ...

and some other

cryptocurrencies A cryptocurrency, crypto-currency, or crypto is a digital currency designed to work as a medium of exchange through a computer network that is not reliant on any central authority, such as a government or bank A bank is a financial i ...

. Since 2020 he is part of FreeBSD's primary release engineering team. Having left academia after his doctorate, Percival has only a few published papers. He has collaborated with mathematicians such as Peter Borwein and Richard P. Brent, giving him an

Erdős number The Erdős number () describes the "collaborative distance" between mathematician Paul Erdős and another person, as measured by authorship of mathematical papers. The same principle has been applied in other fields where a particular individual ...

of 3. In the past he has announced new work on a blog he has maintained since 2005, then presented his results at BSD conferences.

Personal life

Percival has Type-I diabetes.

References

{{DEFAULTSORT:Percival, Colin Alumni of Wadham College, Oxford Canadian computer scientists Computer security specialists FreeBSD people Modern cryptographers People from Burnaby Putnam Fellows Simon Fraser University alumni 1980s births Living people