X
Tech

Cryptographers spank blockchain, social media

RSA Conference panel takes hard look at current issues. The group also questions the industry's obsession with increasing speeds at the expense of security.
Written by John Fontana, Contributor

Blockchain and social media got a spanking Monday from the luminaries of cryptography gathered for their annual pow-wow at the RSA Conference.

"Blockchain is often viewed as security pixie dust," said Ron Rivest, an MIT professor and the 'R' in RSA. The message is "any application you have can be made better and more secure with blockchain." Rivest said the technology has interesting properties - decentralized, public access and immutable - but it fails on scale, throughput and latency.

He said voting is particularly a bad fit. "You want to make sure the voters have the ability to know their vote was recorded properly," and that means verification, "it doesn't matter if it is immutable if it is wrong," he said.

See: Executive's guide to implementing blockchain technology

Rivest's peers on the panel added to the critique. He was joined on stage by Adi Shamir, Borman professor of computer science at The Weizmann Institute in Israel; public-key cryptography pioneer Whitfield Diffie currently the cryptographer and security expert at Cryptomathic; Paul Kocher,a security researcher and consultant; and Moxie Marlinspike, the founder of Signal.

Shamir suggest a distinction should be made between cryptography and crypto currency, and when Diffe interrupted and suggested one should be spelled with a 'C' and one with a 'K', Shamir chided him for stealing his joke.

Shamir added the technology is "overhyped," but said it might be one way to guarantee the validity of digital signatures once quantum computing takes over. "In the future, one way to use blockchain to guarantee the security of digital signatures is to simply prove the signature was generated today before quantum computers were available."

Diffe referenced machines being used for crypto currency mining and to provide heat to a home. "We can develop cryptro currency and amortize the cost into heating."

Kocher said, "blockchain is an interesting tool, but it's not a business. It's just an interesting thing you can use to build a system like a log management tool."

Marlinspike said blockchain's distributed nature can show value, but he said the problem is that there are not many apps where distributed is valued. "The consumer space sees zero value," he added, noting that blockchain reminds him of the peer-to-peer crazy in the early 2000s. "There were a lot of people with a lot of enthusiasm and ideas about a lot of great things, but it was not very sound."

Marlinspike had similar feelings on social media, which he said has suffered a substantial perception hit in the past year. "The utopian narratives of connecting the world and organizing information is coming to an end.," he said. "Across all contexts and political spectrums, people are seeing social technology less as a hopeful tool for a brighter, better tomorrow and more like weapons everyone simultaneously thinks are in the wrong hands." He said this has direct consequences on society and things people are doing [at RSA] and what people and thinking in the worlds of privacy and cryptography."

The group also questioned the industry's obsession with increasing speeds at the expense of security.

Adjust these Facebook privacy settings to protect your personal data

"Processors, operating system, compilers, development methodologies have all been optimized to be as fast as possible with security as a secondary objective," said Kocher. "We have to go back re-visit the choices we made."

He said he is trying to create a cultural shift. "The economic importance of the issues has shifted. Security is a multi-trillion dollar problem. The value we get from performance gains is a rounding error compared to that. We have to completely change the way we look at technology."

He also added that large data sets can reveal interesting insights, but said we need to recognize that there are inherent risks in putting all the data in one place. "When you do that at the corporate level you know the trade offs, but when you do it as a national level it is quite frightening. "

When asked to point to a silver lining in all the discussion, Marlinspike said he feels that privacy and cryptography are less about protecting little shards of information about ourselves and more like we are building an infrastructure for the world we want."

Previous and Related Coverage

New York probes 13 cryptocurrency exchanges with pertinent questions

The New York Attorney General has asked a number of virtual currency exchanges to answer simple questions such as: Who owns you? And where do you keep customers' funds?

Coinsecure, not so secure: Millions in cryptocurrency stolen, CSO blamed

It is not every day a key executive is accused of potentially being involved in the theft of investor funds.

Yahoo confirms purchase of stake in cryptocurrency exchange

Yahoo's 40 percent stake is estimated to be worth two to three billion yen.

Can blockchain-powered donations restore your trust in charities? Helperbit thinks so

Blockchain startup Helperbit aims to change the way you give money to charities coping with natural disasters.

Google is experimenting with blockchain technology for use in the cloud: report

Reports suggest Google may be working on blockchain-based systems to support cloud businesses.

Finding a job or saving democracy: Blockchain to the rescue?

Blockchain is the storage technology behind Bitcoin and many of the other non-sovereign currencies. But its applications are much broader. Here are two that may provide your next gig - or save democracy.

Editorial standards