Colin Percival

Early Life and Education

Percival began taking mathematics courses at Simon Fraser University (SFU) at age 13, while still a student at Burnaby Central Secondary School in Burnaby, Canada. He officially enrolled at SFU in 1998, where he studied number theory under Peter Borwein. During his undergraduate years he competed in the William Lowell Putnam Mathematical Competition, placing in the top 15 in 1998 and achieving Putnam Fellow status — a top-six finish — in 1999.

From 1998 to 2000, Percival organized the PiHex distributed computing project, coordinating contributors worldwide to calculate specific binary digits of pi. He graduated from SFU in 2001 and was awarded a Commonwealth Scholarship to the University of Oxford.

At Oxford, Percival initially pursued research in distributed computing. A serious illness in 2003 interrupted that work for several months, prompting him to redirect his attention toward building a software update system for the FreeBSD operating system. This led him to develop bsdiff, a highly efficient delta compression algorithm, which became the central focus of his doctoral research. He also contributed portsnap in 2004, which uses bsdiff to distribute snapshots of the FreeBSD ports tree. His 2006 doctoral thesis, supervised by William F. McColl and Richard P. Brent, is titled "Matching with Mismatches and Assorted Applications" and describes further improvements to bsdiff compression.

Career

FreeBSD and the Hyper-Threading Vulnerability

After joining the FreeBSD Security Team in 2004, Percival analyzed the behavior of hyper-threading as implemented on Intel's Pentium 4 CPUs. He discovered a security flaw allowing a malicious thread to exploit a timing-based side-channel attack to steal secret data from another thread sharing the same processor core and cache. He reported the issue privately to Intel and operating system vendors with mitigation suggestions before making the details public in May 2005.

Following the completion of his doctorate, Percival returned to SFU as a visiting researcher. He served as FreeBSD Security Officer from August 2005 to May 2012, and was elected to the FreeBSD Core Team for the 2010–2012 term.

Tarsnap and scrypt

Percival founded Tarsnap in 2006, a secure encrypted online backup service. After roughly two years of development, Tarsnap entered public beta in November 2008 and became profitable by February 2009.

In 2009, while working to add passphrase protection to Tarsnap keys, Percival grew dissatisfied with existing key derivation functions. Drawing on his background in distributed computing, he modeled an attacker using specialized hardware to massively parallelize brute-force passphrase searches. He concluded that existing key derivation functions were vulnerable to such attacks and designed scrypt, an algorithm requiring memory consumption nearly proportional to its run time, making large-scale parallel attacks cost-prohibitive. He formally defined the concept of memory-hard functions in this context. Scrypt has since become widely adopted and serves as the basis of proof-of-work in Litecoin and several other cryptocurrencies.

Also in 2009, Percival uncovered a critical flaw in AWS's use of cryptographic signatures to authenticate EC2, SimpleDB, SQS, and S3 REST APIs.

FreeBSD on Amazon EC2 and Later Work

Percival worked for several years to bring FreeBSD to the Amazon EC2 platform, building disk images, debugging kernel crashes, and coordinating with engineers at both Amazon and FreeBSD. Amazon announced official FreeBSD support on EC2 in November 2012. In 2019, he was recognized as an AWS Community Hero for this work. In 2022, he announced FreeBSD support for Amazon's Firecracker hypervisor.

Since 2020, Percival has been part of FreeBSD's primary release engineering team. On November 17, 2023, he was promoted to FreeBSD's Lead Release Engineer.

Notable Work

Percival's principal technical contributions include the bsdiff delta compression algorithm, the scrypt memory-hard key derivation function, the freebsd-update and portsnap tools, and the Tarsnap backup service. His discovery of the Intel hyper-threading side-channel vulnerability was an early and significant contribution to the field of hardware security research.

Recognition and Legacy

Having collaborated with mathematicians including Peter Borwein and Richard P. Brent, Percival holds an Erdős number of 3. Memory-hard functions, a concept he helped define, have become an active area of cryptographic research. He is based in Vancouver, Canada, and has maintained a technical blog since 2005.