cryptography: state of the science asiacrypt 2003 invited talk

CRYPTOGRAPHY:STATE OF THE SCIENCE

ASIACRYPT 2003 invited talk

Adi ShamirComputer Science DeptThe Weizmann Institute

Israel

Cryptography: major trends


From secret to public

Cryptography is central

cryptoMath&

statComputersand chips

Com&infotheory

Compscience

Hi-techindustry

Policyissues

Cryptography is fun Gets lots of media attention Attracts hackers Is full of delightful ideas Serves as an excellent educational tool



From national to international

The geography of cryptography

Publicly started in the US



Followed by Europe



Followed by Europe

Is rapidly expanding in Asia




From art to science

Cryptography as a scientific discipline

Is thriving as a scientific area of research:

Taught at most major universities Attracts many excellent students Discussed at many conferences

(>25 in the next 6 months!) Published in hundreds of papers (e.g., EPRINT) Major conferences have >500 attendees

(Major trade shows have >10,000 attendees)

Received the ultimate seal of approval from the general CS community (the Turing award…)

Should we rename the field?

Cryptography means “secret writing”

The official naming of the field:Cryptology = Cryptography +

cryptanalysis



The official naming of the field:Cryptology = Cryptography + cryptanalysis

These terms have problematic conotations

Many research subfields do not deal with the encryption or decryption of secret information



The official naming of the field:Cryptology = Cryptography +

cryptanalysis

These terms have problematic conotations

Many research subfields do not deal with the encryption or decryption of secret information

I propose to call the broader field Adversity Theory = cryptology + other

areas




From art to science

From math to physics

Related scientific fields: OLD COMBINATIONS: Probability and statistics Algebra Number Theory

Related scientific fields: OLD COMBINATIONS: Probability and statistics Algebra Number Theory

NEW COMBINATIONS: Signal processing (in steg, fingerprinting) Electronics (in side channel attacks) Physics (in quantum computers and

crypto)




From art to science


From theory to practice

Cryptography unites Theory &

practice Practical theory: - using abstract math tools in cryptanalysis - proving the security of real protocols -developing new cryptographic schemes

Theoretical practice: - developing new notions of security, complexity,

logics, and randomness - turning cryptography from art to science

New challenges in cryptography

Payment systems Cellular telephony Wi-Fi networks RFID tags DRM systems




From art to science


From theory to practice

From political to legal issues

Cryptographic misconceptions

By policy makers: crypto is dangerous, but: - weak crypto is not a solution - controls can’t stop the inevitable

By researchers: A provably secure system is secure, but: - proven false by indirect attacks - can be based on false assumptions - requires careful choice of parameters

By implementers: Cryptography solves everything, but: - only basic ideas are successfully deployed - only simple attacks are avoided - bad crypto can provide a false sense of security

The three laws of security:

Absolutely secure systems do not exist

To halve your vulnerability, you have to double your expenditure

Cryptography is typically bypassed, not penetrated

Cryptography: A rapidly moving field


75-80: Public key cryptography, basic schemes



80-85: Theoretical foundations, new protocols




85-90: Zero Knowledge, secure computation





90-95: Diff&lin cryptanalysis, quantum comp






95-00: Side channel attacks, elliptic curves






95-00: Side channel attacks, elliptic curves

00-05: ???

The basic schemes: Major trends


Secret key cryptography: DES out, AES in



Public key cryptography: RSA steady, EC improving, faster schemes increasingly risky and less appealing. Should not be used for long term security.



Public key cryptography: RSA steady, EC improving, faster schemes increasingly risky and less appealing. Should not be used for long term security.

Quantum schemes: the wild card

Some of my controvertial positions:


When applied in practice:



Security should not be overdone




Security should not be overexposed





Security should not be underregulated






Security should be guided by an ethical code






Security should be guided by an ethical code

Security should be complemented by legal measures

Cryptographic status report

In each of the six major subareas I’ll summarize:

The major achievements so far Strong and weak points, major

challenges A 1-10 grade

Theory of cryptography Well defined primitives & definitions of security Well understood relationships between notions Deep connections with randomness &

complexity Beautiful mathematical results

Highly developed theory Excellent design tools Challenge: reduce dependence on assumptions

Final grade: 9

Public key encryption and signature schemes

RSA, DH, DSA Based on modular arithmetic, EC, other ideas(?)

Vigorous cryptanalytic research Excellent theory Expanding applications Challenges: Break a major scheme, make a new

one

Final grade: 8

Secret key cryptography – block ciphers

DES, AES, modes of operation Differential and linear cryptanalysis

Good cryptanalytic tools Reasonable choice of primitives Many good schemes Challenge: Connect strong theory with strong

practice

Final grade: 7

Secret key cryptography – stream ciphers

Linear feedback shift registers Fast correlation attacks, algebraic attacks

Limited cryptanalytic tools Narrow choice of primitives Many insecure schemes Challenge: Improve weak theory and weak

practice

Final grade: 4

Theoretical Cryptographic protocols

Zero knowledge interactive proofs Secure multiparty computations Almost anything is doable and provable

Many gems Theoretical protocols are too slow Challenge: Make the strong theory practical

Final grade: 8

Practical Cryptographic protocols

Many ad-hoc ideas Proofs in the random oracle model (ROM) Rapidly expanding body of results

Lots of buggy protocols Reasonable design primitives Improving theory Challenges: incorporate side channel attacks,

ROM

Final grade: 5

Cryptographic predictions: AES will remain secure for the forseeable

future Some PK schemes and key sizes will be

successfully attacked in the next few years Crypto will be invisibly everywhere Vulnerabilities will be visibly everywhere Crypto research will remain vigorous, but

only its simplest ideas will become practically useful

Non-crypto security will remain a mess

Summary It was a thrilling 25 year journey

The best is yet to come

Thanks to everyone!

cryptography: state of the science asiacrypt 2003 invited talk

Documents