Each year at RSAC, a cadre of celebrated cryptographers weigh in on the most important issues of the day. The Cryptographers’ Panel is one of the conference’s must-see events, even as RSAC embarks on its first-ever virtual event. That unusual backdrop made the experts’ concerns all the more stark.
Instead of a semicircle of chairs on stage at the Moscone Center, the Cryptographers’ Panel was in the form of a pre-recorded video conference released on May 17, the first day of the 2021 conference. Members’ faces floated in individual boxes akin to the Zoom calls so many of us have grown accustomed to during the pandemic.
Dr. Zulfikar Ramzan, chief digital officer at RSA, served as the moderator, alongside Ross Anderson, professor of Security Engineering at Cambridge University and Edinburgh University; Ronald Rivest, professor at the Massachusetts Institute of Technology and the “R” in RSA; Adi Shamir, professor at the Weizmann Institute and the “S” in RSA; and Carmela Troncoso, an assistant professor at EPFL. Whitfield Diffie, one half of the Whitfield-Diffie key exchange, appeared in a separate interview.
The discussion covered the biggest topics in security and cryptography from the past year, starting with the sudden interest in collecting and selling NFTs—non-fungible tokens that serve as blockchain-backed proof of ownership to digital goods.
The speakers were cool on the subject, with Shamir wryly suggesting that NFTs are a hobby akin to stamp collecting. Rivest brought up the one-time fad of raising tulips. If you have a tulip bulb in hand, that’s the real, physical thing. You can take a picture of the tulip flower and enjoy it, share it, or copy it. An NFT of your tulip picture is one more level removed from the real thing.
Despite these negative impressions, Shamir did announce that the first page of the 1977 research paper that outlines the RSA cryptosystem will be offered via NFT. Any proceeds will be donated to charity, Ramzan said.
Throughout the discussion, the speakers took on several topics which they believed to be overblown. Shamir and Rivest, for example, cast doubt on work by German mathematician Clause Schnorr that claimed a breakthrough in factoring large numbers that would break portions of their namesake cryptosystem. They did, however, underline the importance of this kind of research in ensuring critical technology actually works, and decried litigous companies that file lawsuits to suppress such claims.
“If Schnorr’s approach succeeds I will be the first to applaud, and will not sue Clause Schnorr,” Shamir said.
In a similar vein, many of the panelists were skeptical that quantum computers would become a threat to encryption anytime soon. Current encryption systems rely on enormously complex math that would take machines many lifetimes to solve, but quantum computers could theoretically break them. Shamir pointed out that many recent claims about developing quantum computers have not materialized, and Anderson declared himself skeptical about the foundations of quantum computing.
Rivest noted that despite the enormous amount of money being invested in quantum computing, its utility is unclear. Two important questions, Rivest said, are whether a quantum computer could exist long enough to do a useful application and whether there are any useful applications. The answers are “not clear, and maybe,” he said.
The SolarWinds hack grabbed headlines for weeks after the company’s infrastructure was hijacked and used to export malware to its customers. Anderson placed the blame on complacency within SolarWinds, which he said was being “run by bankers as a cash cow.”
Recommended by Our Editors
While the format of the discussion was a constant reminder of how the COVID-19 pandemic has altered society, the disease was also a subject of discussion for the panel. Troncoso pointed out that Apple and Google effectively made privacy decisions for the whole world with their joint contact tracing API. Contact tracing is when all the individuals who came in contact with a sick person are contacted (and possibly quarantined), to limit the spread of a disease. Anderson pointed out that contact-tracing apps have not seen widescale adoption and that technology sometimes gets in the way of “old fashioned” contact tracing.
The main discussion ended with the speakers rating the resilience—the theme for RSAC 2021—of cryptographers. Shamir was optimistic, saying that new standards for cryptosystems are making encryption more robust. Rivest and Troncoso were more critical, with Troncoso pointing out that even the best cryptographic system can be difficult to deploy in practice.
An epilogue of sorts was a one-on-one discussion between Ramzan and Diffie, who appeared separately from the other speakers. It was a rapid-fire discussion. What did Diffie think of “resilience?” He said it was springy and bouncy, “the exact opposite of what we have in cybersecurity right now.” One word for the biggest challenge to security? “Companies.” Bumper-sticker sized advice for security? “Unplug it, baby.”
Despite his wit, Diffie was downcast on the future. He sees “no way” that human freedom can survive as the ease and persistence of communication increases. It seems likely, he said, that the freedoms we now enjoy will be very hard to come by in the future. Hopefully, he and the other panelists will be able to explore these topics in greater depth next year, and without the constraints of social distancing.
This is a syndicated post. Read the original post at Source link .