"The field of theoretical cryptography has blossomed in a way that I didn't anticipate in the early days," said Ron Rivest, a professor of electrical engineering and computer science at MIT and, along with Shamir and Len Adelman, one of the inventors of the RSA public-key cryptosystem. "It's related to so many other fields, information theory and others. It's much broader and richer than I imagined it would be."
In April 1977, Rivest, Shamir and Adelman published a paper called "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," (.pdf) which described a practical method for encrypting a message using a publicly shared key.
The paper picked up on the work done a year earlier by Diffie and Hellman, who had invented the concept of public-key cryptography. Until then, no one had been able to work out a practical way to transmit a decryption key to the recipient of a message. Diffie and Hellman's innovation was brilliant in its simplicity: encode the message with a shared public key and decrypt it with a private key.
The RSA paper was the beginning of digital encryption and eventually led to its wide use on the Web and in commercial software. But Hellman, an former engineering and math professor at Stanford University, said he was surprised that cryptography hadn't advanced more in the last 30 years.
"I thought there would be provably secure systems, and 30 years later, we don't have them," he said. "I thought there would be more cryptosystems as well."
But even as they noted the lack of progress in some areas, the panelists emphasized that cryptanalysis has advanced greatly and Shamir said that he expects some significant progress in the coming year on a couple of fronts. He mentioned that there are a number of serious attempts to implement an attack on the SHA-1 hash algorithm.
"I think we'll see success on that in the next few months," Shamir said. He also pointed out that cryptosystems' unfortunate tendency to fail badly when any small change is made to them, makes them somewhat difficult to implement and work with.
"The main problem with cryptography is that it's highly discontinuous. If you have a
cryptosystem and make any slight change, it can lead to devastating attacks," Shamir said. "We didn't think enough at the time about how to recover from these attacks."
Diffie, CSO at Sun Microsystems and a Sun fellow, said the initial zeal that he and the other pioneers of digital cryptography had led to a mistaken belief that their discoveries would make data completely secure.
"I think cryptography will always just be one of the pieces," Diffie said. "The worst you can say is that public-key cryptography has been a great success."