Why it's cool to make codes
Cryptographers -- it seems to me -- are an especially happy bunch of folks. Near the start of every RSA Security conference, when a panel of top cryptographers discusses the latest issues in the field, the first thing that strikes you is how much fun they are having.
This year's cryptographers' panel was as stellar as it gets, featuring Professors Ron Rivest and Adi Shamir, two-thirds of the team that created the RSA algorithm, on the day The New York Times announced they were to receive this year's Turing Award for computing. Whit Diffie, inventor of public key cryptography was also there, and the moderator Bruce Schneier is no slouch either. Even the junior member of the panel, Paul Kocher, inventor of the SSL protocol, is a crypto star in his own right.
The most striking thing about the panel is the glimpse you get of good science. These guys are satisfied, absorbed in their work and enjoy sharing it.
But they have lots of other things going for them. Unlike some other branches of science, their field is still developing fast. Ground-breaking changes are round the corner, and correct me if I'm wrong, but I don't think you see that in a field like, say, geology (literally ground-breaking though that might sometimes be).
Less importantly for the true scientist, but even more unusually, they are in a field that is actually interesting to a sizable bunch of other people. Their session is always the best attended, and one question they were asked from an audience of thousands, was: "How do I become a cryptographer?" How many organic chemists get asked that kind of question?
Cryptography involves almost mystical power. It is making things so secret that no one else can read them; recovering secrets so deep that no-one else can find them.
And finally, they are working on stuff that actually makes a big difference to people's lives. It may not yet be doing all the things that these people envisage for it, but cryptography is everywhere.
Professor Shamir is working on a device that will crack 1024-bit encryption keys in a useful time. "It's a gizmo designed to factorise large numbers," he said. AVLSI design, 50 of the chips could fit on one wafer. "For an investment of $15m, you could build the device. Each one would cost around $10m, and would take about one year to factorise 1024-bit RSA keys." The device won't be built any time soon, but the panel was unanimous: 1024-bit keys might be ok for reasons of speed, or if the data importance was moderately low, but for serious applications the key length should be 2048 bits.
Whit Diffie and Bruce Schneir's concerns both spread out to the social implications of cryptography. Moves towards digital rights management, embodied by Microsoft's Palladium plans and the Trusted Computing Platform Architecture (TCPA), "will be a political battle that will dwarf the cryptography debates of the 1990s," said Diffie.
To give the music industry more control over how its products will be used, security mechanisms will be integrated into hardware closer than ever before. "The key-based approach lends itself to a lock-out," said Diffie, "and the user not owning their own computer." He predicts that the slogan will be: "Hold the keys to your own computer!"
Simply by understanding the issues involved, cryptographers have a lot to offer society, said Schneier. "We have learnt to look at the costs and benefits... to look at systems and see how they fail," he told the audience. "As computer security people you have wrestled with these issues years before the government."
Along with this concern, the enjoyment showed through. Schneier said submitting an algorithm to the US government's contest to find a replacement standard for DES, had been "the most fun you could have as a cryptographer. It was US government standards-making at its finest. It was a demolition derby."
Although Schneier's algorithm lost out in the end, the panel rated the eventual AES standard highly -- for more than cryptographic reasons. Diffie pointed out that the decision to adopt an algorithm created by Europeans (two Belgians) showed international co-operation, as did the subsequent European decision to adopt a standard which is "90 percent the same as AES."
Looking at the future, the whole panel was excited about quantum computing, which will allow keys to be cracked much more quickly. Even the youngest panel member, Paul Kocher, did not expect to see it in his lifetime, but all of them had ideas about how cryptography would survive -- powered by the same quantum computing power that would crack the keys.
"Quantum computing will be like dying and going to heaven," said Diffie. "We may have some issues about the dying part, but look what comes after!"
So, if cryptography is that exciting, how do we join up? The answer seemed to lie in being the right kind of person. "Do you want to design or break codes?" asked Shamir. To design codes, you have to be methodical, while to be a cryptanalyst, you have to think out of the box, he said. The problem is, he said, to be a really good cryptographer, you have to be able to do both.
Kocher pointed out that you have to learn from your failures. No one would class SSL in that category but, for him, the most interesting development of the year was the use of error channels to attack it. "That has been an eye-opener he said. It is a big open problem, to tell when you have got things correct."
"Everyone can build an algorithm they can't break," said Schneier. "There are lots of bad algorithms out there to practice on."
Future generations of cryptographers will have plenty to do -- and from the looks of the current crop, they will have a great time doing it.
Let the editors know what you think in the Mailroom.