Colin A. Percival (born 1980) is a Canadian

computer scientist A computer scientist is a scientist who specializes in the academic study of computer science. Computer scientists typically work on the theoretical side of computation. Although computer scientists can also focus their work and research on ...

and

computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...

researcher. He completed his undergraduate education at

Simon Fraser University Simon Fraser University (SFU) is a Public university, public research university in British Columbia, Canada. It maintains three campuses in Greater Vancouver, respectively located in Burnaby (main campus), Surrey, British Columbia, Surrey, and ...

and a doctorate at the

University of Oxford The University of Oxford is a collegiate university, collegiate research university in Oxford, England. There is evidence of teaching as early as 1096, making it the oldest university in the English-speaking world and the List of oldest un ...

. While at university he joined the

FreeBSD FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...

project, and achieved some notoriety for discovering a security weakness in

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, and Delaware General Corporation Law, incorporated in Delaware. Intel designs, manufactures, and sells computer compo ...

's hyper-threading technology. Besides his work in delta compression and the introduction of memory-hard functions, he is also known for developing the Tarsnap online backup service, which became his full-time job.

Education

Percival began taking mathematics courses at

(SFU) at age 13, as a student at

Burnaby Central Secondary School Burnaby Central Secondary School is a public high school in Burnaby, British Columbia. It is located across from Burnaby City Hall and is adjacent to Deer Lake Park. Burnaby Central is a part of Burnaby School District 41. As of 2015, there a ...

. He graduated from Burnaby Central and officially enrolled at SFU in 1998. At SFU he studied

number theory Number theory is a branch of pure mathematics devoted primarily to the study of the integers and arithmetic functions. Number theorists study prime numbers as well as the properties of mathematical objects constructed from integers (for example ...

under

Peter Borwein Peter Benjamin Borwein (born St. Andrews, Scotland, May 10, 1953 – 23 August 2020) was a Canadian mathematician and a professor at Simon Fraser University. He is known as a co-author of the paper which presented the Bailey–Borwein–Plo ...

, and competed in the

William Lowell Putnam Mathematical Competition The William Lowell Putnam Mathematical Competition, often abbreviated to Putnam Competition, is an annual list of mathematics competitions, mathematics competition for undergraduate college students enrolled at institutions of higher learning in th ...

, placing in the top 15 in 1998 and as a Putnam Fellow (in the top six) in 1999. From 1998 to 2000 he ran the

PiHex PiHex was a distributed computing project organized by Colin Percival to calculate specific bits of pi, . 1,246 contributors used idle time slices on almost two thousand computers to make its calculations. The software used for the project made use ...

project, organizing contributors from all over the world to help calculate specific

bit The bit is the most basic unit of information in computing and digital communication. The name is a portmanteau of binary digit. The bit represents a logical state with one of two possible values. These values are most commonly represented as ...

s of pi. Percival graduated from SFU in 2001 and was awarded a Commonwealth Scholarship to the

. In Oxford, Percival set out to do research in

distributed computing Distributed computing is a field of computer science that studies distributed systems, defined as computer systems whose inter-communicating components are located on different networked computers. The components of a distributed system commu ...

, building on his experience with PiHex. When a serious illness in 2003 interrupted this work for months, he turned his attention to the problem of building a

software update A patch is data that is intended to be used to modify an existing software resource such as a program or a file, often to fix bugs and security vulnerabilities. A patch may be created to improve functionality, usability, or performance. A pa ...

system for the

operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...

. At the time, FreeBSD updates were distributed only as

source code In computing, source code, or simply code or source, is a plain text computer program written in a programming language. A programmer writes the human readable source code to control the behavior of a computer. Since a computer, at base, only ...

patches, making it difficult to keep systems updated. After a commenter on a mailing list suggested using

xdelta Xdelta is a command line tool for delta encoding, which stores or transmits the difference (deltas) between sequential data, instead of entire files. This is similar to diff and patch, except diff computes and shows the difference between two co ...

to reduce the size of the files to be transferred, Percival began working on a more efficient delta compression algorithm. This new algorithm, called ''bsdiff'', became the new focus of his doctoral research, and later a widely used standard, and his ''freebsd-update'' became a part of FreeBSD. In 2004 he contributed portsnap, which uses bsdiff to distribute snapshots of the FreeBSD ports tree. His 2006 doctoral thesis, supervised by William F. McColl and Richard P. Brent, is called "Matching with Mismatches and Assorted Applications". It describes further improvements to the compression of bsdiff.

Career

After joining the FreeBSD Security Team in 2004, Percival analyzed the behaviour of hyper-threading as then implemented on

Pentium 4 Pentium 4 is a series of single-core central processing unit, CPUs for Desktop computer, desktops, laptops and entry-level Server (computing), servers manufactured by Intel. The processors were shipped from November 20, 2000 until August 8, 20 ...

CPU A central processing unit (CPU), also called a central processor, main processor, or just processor, is the primary processor in a given computer. Its electronic circuitry executes instructions of a computer program, such as arithmetic, log ...

s. He discovered a security flaw that would allow a malicious thread to use a timing-based

side-channel attack In computer security, a side-channel attack is a type of security exploit that leverages information inadvertently leaked by a system—such as timing, power consumption, or electromagnetic or acoustic emissions—to gain unauthorized access to ...

to steal secret data from another thread executing on the same processor core and sharing its cache. Some months after reporting the problem to Intel and operating system vendors, with suggestions on how to mitigate it in system software, he made the details public in May 2005. Having finished his thesis, he returned to SFU as a

visiting researcher In academia, a visiting scholar, visiting scientist, visiting researcher, visiting fellow, visiting lecturer, or visiting professor is a scholar from an institution who visits a host university to teach, lecture, or perform research on a topic fo ...

. He went on to serve as the FreeBSD Security Officer, from August 2005 to May 2012. He was also elected to the FreeBSD Core Team, for the 2010–2012 term. In 2008 he released the client for Tarsnap, his encrypted online backup service. He had already been trying for some two years to get FreeBSD running on the

Amazon EC2 Amazon Elastic Compute Cloud (EC2) is a part of Amazon's cloud-computing platform, Amazon Web Services (AWS), that allows users to rent virtual computers on which to run their own computer applications. EC2 encourages scalable deployment of ap ...

platform, and he increased these efforts. Building disk images himself, debugging kernel crashes, and coordinating with people at both

Amazon Amazon most often refers to: * Amazon River, in South America * Amazon rainforest, a rainforest covering most of the Amazon basin * Amazon (company), an American multinational technology company * Amazons, a tribe of female warriors in Greek myth ...

and FreeBSD, he eventually overcame the technical obstacles, and Amazon announced official support for FreeBSD on EC2 in November 2012. Percival has continued to support FreeBSD on EC2, and in 2019 he was recognized as an ''AWS Community Hero'' for his work and enthusiasm. In 2009 Percival uncovered a fatal flaw in AWS' use of cryptographic signatures used to authenticate EC2, SimpleDB, SQS, and S3

REST REST (Representational State Transfer) is a software architectural style that was created to describe the design and guide the development of the architecture for the World Wide Web. REST defines a set of constraints for how the architecture of ...

APIs. The same year, while working to add

passphrase A passphrase is a sequence of words or other text used to control access to a computer system, program or data. It is similar to a password in usage, but a passphrase is generally longer for added security. Passphrases are often used to control ...

protection to Tarsnap keys, he became dissatisfied with existing

key derivation function In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudorandom function (which typically uses a cr ...

s. Drawing on his experience in distributed computing, Percival modeled an attacker using specialized hardware to massively parallelize a

brute-force search In computer science, brute-force search or exhaustive search, also known as generate and test, is a very general problem-solving technique and algorithmic paradigm that consists of Iteration#Computing, systematically checking all possible candida ...

for the passphrase. He concluded that the key derivation functions in use were vulnerable to such an attack, and sought to make these attacks cost-prohibitive by designing an algorithm that must use an amount of memory nearly proportional to its run time. He defined memory-hard functions in these terms, and presented

scrypt In cryptography, scrypt (pronounced "ess crypt") is a password-based key derivation function created by Colin Percival in March 2009, originally for the Tarsnap online backup service. The algorithm was specifically designed to make it costly t ...

as a specific example, which he used as the key derivation function for Tarsnap. Memory-hard functions have since become an active area of research in

cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...

, and scrypt is used as the basis of

proof of work Proof of work (also written as proof-of-work, an abbreviated PoW) is a form of cryptographic proof in which one party (the ''prover'') proves to others (the ''verifiers'') that a certain amount of a specific computational effort has been expended ...

Litecoin Litecoin (Abbreviation: LTC; sign: Ł) is a decentralized peer-to-peer cryptocurrency and open-source software project released under the MIT/X11 license. Inspired by Bitcoin, Litecoin was the second cryptocurrency starting in October 2011. In te ...

and some other

cryptocurrencies A cryptocurrency (colloquially crypto) is a digital currency designed to work through a computer network that is not reliant on any central authority, such as a government or bank, to uphold or maintain it. Individual coin ownership records ...

. Since 2020 he is part of FreeBSD's primary release engineering team, and he was promoted to Lead Release Engineer on November 17, 2023. Having left academia after his doctorate, Percival has only a few published papers. He has collaborated with mathematicians such as Peter Borwein and Richard P. Brent, giving him an

Erdős number The Erdős number () describes the "collaborative distance" between mathematician Paul Erdős and another person, as measured by authorship of mathematical papers. The same principle has been applied in other fields where a particular individual ...

of 3. In the past he has announced new work on a blog he has maintained since 2005, then presented his results at BSD conferences.

Personal life

Percival has Type-I diabetes.

References

{{DEFAULTSORT:Percival, Colin Alumni of Wadham College, Oxford Canadian computer scientists Computer security specialists FreeBSD people Modern cryptographers People from Burnaby Putnam Fellows Simon Fraser University alumni 1980s births Living people Year of birth missing (living people)