Wednesday, February 27, 2013

RSA Conference 2013 - Cryptographer's Panel

The RSA Conference is being held this week in San Francisco. This morning there was several keynote talks as well as the Cryptographer's Panel. This year's panel consisted of Whit Diffie, Ron Rivest, Adi Shamir and Dan Boneh, and was chaired by Ari Juels.

Ari began the discussion with a retrospective question regarding how at the advent of modern cryptography there were restrictions on the export of Cryptography, moving on to the present day where there is now a great deal more openness in the Crypto community. All panelists were fully in support of this shift. Dan Boneh in particular highlighted the importance of education and how this can only be good for ensuring our systems are secure. The online crypto course offered by Stanford has had over 150000 students worldwide since it began. Students have even been able to participate from some of the remotest parts of the world.

The second topic of discussion was what each panelist felt was the most significant attack seen in the past year. Here the focus moved to Certification Authorities and the recent problems with these. As a result of this discussion, Ari Juels asked if the importance of Cryptography was diminishing, to which Adi Shamir agreed. He then gave an example focusing on the case where even the most isolated systems have now suffered from attacks. Shamir felt that we need to rethink how we protect ourselves and assume threats are already within our systems. Ron Rivest stressed that he felt that crypto was still essential. As a conclusion Dan Boneh gave what he described as the "killer argument". Here he referred to work on the security analysis of medical equipment such as pacemakers, where cryptography and security really does become something of a life or death matter.

The panelists were than asked what they are working on now and is it crypto? Whit Diffie stated that he always tries to work on as much crypto as he can.  Ron Rivest's two main areas of interest are currently Secure Voting and creating more robust and flexible PKIs. Adi Shamir's focus is currently on the analysis of the SHA-3 algorithm, KECCAK. Up until one year ago the best attack was on only 2 rounds of KECCAK. Soon in joint work with Orr Dunkelman and Itai Dinur, Shamir will publish an attack on 5 rounds but there is still a significant way to go to a full attack since KECCAK has 24 rounds in total. Shamir stated that he felt KECCAK was a good choice for SHA-3 as it has a solid design and was reasonably fast. Finally, Dan Boneh described two of his most recent works, looking at leakage from smartphone accelerometers and an efficient scheme for key rotation within encrypted cloud storage.

The final topic of discussion was on the importance of post-quantum cryptography, to which Whit Diffie's immediate riposte was "I think we should wait for the Physicist's Panel". The general feeling of the panel was that we don't really know what is possible yet in terms of our ability to build a quantum computer. Dan Boneh feels that to be safe it is only logical to start implementing quantum resistant schemes now. With the update cycle of algorithms taking 10-20 years this would mean that if need be quantum-resistant algorithms would be ready to use if a quantum computer were built. Adi Shamir argued that unlike traditional attacks we will see quantum computers appear very gradually and we should be just as worried about new kinds of attack. In response Dan Boneh said this gave further basis to have more diversity in our algorithm choices, highlighting that there are still only two families of public-key algorithms: RSA-based and Diffie-Hellman-based. The crypto community has developed many more families but these are not yet implemented. Whit Diffie stressed caution in switching to these new families as if one fails then this would make people wary of the others. Finally, Dan Boneh described the recent advances in solving the discrete log problem by Antoine Joux (see our recent blog) showing that there is further reason to start implementing other families of algorithms as a fall back.

No comments:

Post a Comment