RSA Cryptographers panel

Last year we heard about the new attacks on SHA-1.

Rivest: This is 30 years since D-H invented public key and DES came out. 15 years ago, first RSA conference people were attacking RSA and Tim was inventing the Web. He is looking forward to RFID, computer vision and speech.

Shamir: Has been beating up on RFID tags, how secure are they? Normal power analysis does not work, but it is possible to measure the amount of energy being absorbed from the environment. This allows the password schemes to be defeated, the chips have a surge in energy after the password fails. So an incremental attack can be used.

Diffie: Talking about NSA Suite B, the non-classified algorithms expects them to squeeze out other schemes. Most notably they are using ECC. This sis going to make it harder for cryptographers to propose new schemes, instead focus is likely to be onb analyzing existing schemes.

Hellman: Comment on the paradox of public awareness, if a disaster is averting the money spent on prevention appears wasted. Comments on the 'small gene pool' for public key cryptography. There are in essence only two principle schemes. ECC is realy just a gene on the chromosome. Why don't we use key distribution centers and public key crypto in combination - hey sounds very similar to my NIST paper.

Shamir: Arguing for raising general awareness of security risks rather than preventing attack.

Diffie: Points out that 9/11 was actually due to failure to secure the cockpit door and the failure of the passengers to beat up hijackers. Cowardice of giving planes to the terrorists [Me: as Jeff Schiller pointed out after the attack, they did four the same day because they knew it was the last time it would work]

Shamir: Commenting on the Hash algorithm developments in the last year. Practical impact not yet apparent.

Rivest: A wakeup call. Need to design schemes from scratch, not just tweak existing designs. Unlike public key crypto the gene pool is very large. In the past we were skating too close to the design/efficiency edge.

Diffie: Cryptography is still the best hook for security despite the breaks.

Shamir: Imagine you are going to break AES, can either spend $gazillion or $50K befriending the head of security and entrapping him. Side channel attacks in 55 ms. if you can send the machine certain data.

Kaliski: Asking Rivest on usability of security, did you invent the right thing

Diffie: (Answering) Security is always political, security measures always advantage one group and thus disadvantage others. Security codes for legitamacy. Security channels them into particular relationships. [Good comment on DRM politics]

Hellman: Security needs to be built into an application. At the time could not get the O/S people involved at the time.

Rivest: We did the right thing with the math, but scenarios. Model was the agent was the computer, Alice is really a computer. Problem is how does the user trust their electronic agent?

Shamir: You did the litterature a favor by making it more user friendly with Alice.

Diffie: Write down your password, your wallet is much more secure than your computer.

Rivest: [on next 15 years] We still have not proved the fundamentals, P=NP etc. Answer question raised by Diffie, field is a lot richer and innovation is on different fronts, different constructs etc.

Shamir: Problem of long term security much different from problem of sending message today needing limited security in transit.

Hellman: Can't go forward, but can go back. Almost 30 years ago we said 2000 bits minimum for 30 year security, 4000 was preferable, 10K not too much. We did not do too baddly.

Diffie: In some respects the signatures on the constitution and the signatures on the Magna Carta are still important.

Rivest: It takes about 15 years for ideas to go from concept to use. Identity based crypto may be becomming the right approach to authenticated email.

Shamir: Multiparty computation is a good idea but existing schemes are too complex, e.g. voting. Protocols are too complex, they do a lot of proofs but they are not protecting against real world attacks. Example of Palestinian elections, use of camera phones to demonstrate voting for/against certain candidate.

Diffie: Intel going to talk about covert channels.