520 likes | 537 Views
CRYPTOGRAPHY: STATE OF THE SCIENCE ASIACRYPT 2003 invited talk. Adi Shamir Computer Science Dept The Weizmann Institute Israel. Cryptography: major trends. Cryptography: major trends. From secret to public. Cryptography is central. Com&info theory. Comp science. crypto. Math& stat.
E N D
CRYPTOGRAPHY:STATE OF THE SCIENCEASIACRYPT 2003 invited talk Adi Shamir Computer Science Dept The Weizmann Institute Israel
Cryptography: major trends • From secret to public
Cryptography is central Com&info theory Comp science crypto Math& stat Computers and chips Hi-tech industry Policy issues
Cryptography is fun • Gets lots of media attention • Attracts hackers • Is full of delightful ideas • Serves as an excellent educational tool
Cryptography: major trends • From secret to public • From national to international
The geography of cryptography • Publicly started in the US
The geography of cryptography • Publicly started in the US • Followed by Europe
The geography of cryptography • Publicly started in the US • Followed by Europe • Is rapidly expanding in Asia
Cryptography: major trends • From secret to public • From national to international • From art to science
Cryptography as a scientific discipline Is thriving as a scientific area of research: • Taught at most major universities • Attracts many excellent students • Discussed at many conferences (>25 in the next 6 months!) • Published in hundreds of papers (e.g., EPRINT) • Major conferences have >500 attendees (Major trade shows have >10,000 attendees) Received the ultimate seal of approval from the general CS community (the Turing award…)
Should we rename the field? • Cryptography means “secret writing” • The official naming of the field: Cryptology = Cryptography + cryptanalysis
Should we rename the field? • Cryptography means “secret writing” • The official naming of the field: Cryptology = Cryptography + cryptanalysis • These terms have problematic conotations • Many research subfields do not deal with the encryption or decryption of secret information
Should we rename the field? • Cryptography means “secret writing” • The official naming of the field: Cryptology = Cryptography + cryptanalysis • These terms have problematic conotations • Many research subfields do not deal with the encryption or decryption of secret information • I propose to call the broader field Adversity Theory = cryptology + other areas
Cryptography: major trends • From secret to public • From national to international • From art to science • From math to physics
Related scientific fields: • OLD COMBINATIONS: • Probability and statistics • Algebra • Number Theory
Related scientific fields: • OLD COMBINATIONS: • Probability and statistics • Algebra • Number Theory • NEW COMBINATIONS: • Signal processing (in steg, fingerprinting) • Electronics (in side channel attacks) • Physics (in quantum computers and crypto)
Cryptography: major trends • From secret to public • From national to international • From art to science • From math to physics • From theory to practice
Cryptography unites Theory & practice • Practical theory: - using abstract math tools in cryptanalysis - proving the security of real protocols -developing new cryptographic schemes • Theoretical practice: - developing new notions of security, complexity, logics, and randomness - turning cryptography from art to science
New challenges in cryptography • Payment systems • Cellular telephony • Wi-Fi networks • RFID tags • DRM systems
Cryptography: major trends • From secret to public • From national to international • From art to science • From math to physics • From theory to practice • From political to legal issues
Cryptographic misconceptions • By policy makers: crypto is dangerous, but: - weak crypto is not a solution - controls can’t stop the inevitable • By researchers: A provably secure system is secure, but: - proven false by indirect attacks - can be based on false assumptions - requires careful choice of parameters • By implementers: Cryptography solves everything, but: - only basic ideas are successfully deployed - only simple attacks are avoided - bad crypto can provide a false sense of security
The three laws of security: • Absolutely secure systems do not exist • To halve your vulnerability, you have to double your expenditure • Cryptography is typically bypassed, not penetrated
Cryptography: A rapidly moving field • 75-80: Public key cryptography, basic schemes
Cryptography: A rapidly moving field • 75-80: Public key cryptography, basic schemes • 80-85: Theoretical foundations, new protocols
Cryptography: A rapidly moving field • 75-80: Public key cryptography, basic schemes • 80-85: Theoretical foundations, new protocols • 85-90: Zero Knowledge, secure computation
Cryptography: A rapidly moving field • 75-80: Public key cryptography, basic schemes • 80-85: Theoretical foundations, new protocols • 85-90: Zero Knowledge, secure computation • 90-95: Diff&lin cryptanalysis, quantum comp
Cryptography: A rapidly moving field • 75-80: Public key cryptography, basic schemes • 80-85: Theoretical foundations, new protocols • 85-90: Zero Knowledge, secure computation • 90-95: Diff&lin cryptanalysis, quantum comp • 95-00: Side channel attacks, elliptic curves
Cryptography: A rapidly moving field • 75-80: Public key cryptography, basic schemes • 80-85: Theoretical foundations, new protocols • 85-90: Zero Knowledge, secure computation • 90-95: Diff&lin cryptanalysis, quantum comp • 95-00: Side channel attacks, elliptic curves • 00-05: ???
The basic schemes: Major trends • Secret key cryptography: DES out, AES in
The basic schemes: Major trends • Secret key cryptography: DES out, AES in • Public key cryptography: RSA steady, EC improving, faster schemes increasingly risky and less appealing. Should not be used for long term security.
The basic schemes: Major trends • Secret key cryptography: DES out, AES in • Public key cryptography: RSA steady, EC improving, faster schemes increasingly risky and less appealing. Should not be used for long term security. • Quantum schemes: the wild card
Some of my controvertial positions: When applied in practice:
Some of my controvertial positions: When applied in practice: • Security should not be overdone
Some of my controvertial positions: When applied in practice: • Security should not be overdone • Security should not be overexposed
Some of my controvertial positions: When applied in practice: • Security should not be overdone • Security should not be overexposed • Security should not be underregulated
Some of my controvertial positions: When applied in practice: • Security should not be overdone • Security should not be overexposed • Security should not be underregulated • Security should be guided by an ethical code
Some of my controvertial positions: When applied in practice: • Security should not be overdone • Security should not be overexposed • Security should not be underregulated • Security should be guided by an ethical code • Security should be complemented by legal measures
Cryptographic status report In each of the six major subareas I’ll summarize: • The major achievements so far • Strong and weak points, major challenges • A 1-10 grade
Theory of cryptography • Well defined primitives & definitions of security • Well understood relationships between notions • Deep connections with randomness & complexity • Beautiful mathematical results • Highly developed theory • Excellent design tools • Challenge: reduce dependence on assumptions • Final grade: 9
Public key encryption and signature schemes • RSA, DH, DSA • Based on modular arithmetic, EC, other ideas(?) • Vigorous cryptanalytic research • Excellent theory • Expanding applications • Challenges: Break a major scheme, make a new one • Final grade: 8
Secret key cryptography – block ciphers • DES, AES, modes of operation • Differential and linear cryptanalysis • Good cryptanalytic tools • Reasonable choice of primitives • Many good schemes • Challenge: Connect strong theory with strong practice • Final grade: 7
Secret key cryptography – stream ciphers • Linear feedback shift registers • Fast correlation attacks, algebraic attacks • Limited cryptanalytic tools • Narrow choice of primitives • Many insecure schemes • Challenge: Improve weak theory and weak practice • Final grade: 4
Theoretical Cryptographic protocols • Zero knowledge interactive proofs • Secure multiparty computations • Almost anything is doable and provable • Many gems • Theoretical protocols are too slow • Challenge: Make the strong theory practical • Final grade: 8
Practical Cryptographic protocols • Many ad-hoc ideas • Proofs in the random oracle model (ROM) • Rapidly expanding body of results • Lots of buggy protocols • Reasonable design primitives • Improving theory • Challenges: incorporate side channel attacks, ROM • Final grade: 5
Cryptographic predictions: • AES will remain secure for the forseeable future • Some PK schemes and key sizes will be successfully attacked in the next few years • Crypto will be invisibly everywhere • Vulnerabilities will be visibly everywhere • Crypto research will remain vigorous, but only its simplest ideas will become practically useful • Non-crypto security will remain a mess
Summary • It was a thrilling 25 year journey • The best is yet to come • Thanks to everyone!