Cryptographer's Panel: Forefathers still eager for new advances

On the eve of cryptography's 30th anniversary, the men who invented the field say they're proud of what's been accomplished, but new cryptosystems are needed to keep on top of emerging threats.

The members of the Cryptographer's Panel at RSA Conference 2007 were feeling nostalgic Tuesday as they discussed the upcoming 30th anniversary of the invention of public-key cryptography. Panelists Whitfield Diffie, Martin Hellman, Ron Rivest and Adi Shamir all said they were amazed at the way that cryptography has grown and morphed in the past three decades, but also said there is still plenty of room for improvement and refinement in public-key cryptosystems and they ways in which they are implemented.

 "The field of theoretical cryptography has blossomed in a way that I didn't anticipate in the early days," said Ron Rivest, a professor of electrical engineering and computer science at MIT and, along with Shamir and Len Adelman, one of the inventors of the RSA public-key cryptosystem. "It's related to so many other fields, information theory and others. It's much broader and richer than I imagined it would be."

In April 1977, Rivest, Shamir and Adelman published a paper called "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," (.pdf) which described a practical method for encrypting a message using a publicly shared key.

The paper picked up on the work done a year earlier by Diffie and Hellman, who had invented the concept of public-key cryptography. Until then, no one had been able to work out a practical way to transmit a decryption key to the recipient of a message. Diffie and Hellman's innovation was brilliant in its simplicity: encode the message with a shared public key and decrypt it with a private key.

The RSA paper was the beginning of digital encryption and eventually led to its wide use on the Web and in commercial software. But Hellman, an former engineering and math professor at Stanford University, said he was surprised that cryptography hadn't advanced more in the last 30 years.

"I thought there would be provably secure systems, and 30 years later, we don't have them," he said. "I thought there would be more cryptosystems as well."

But even as they noted the lack of progress in some areas, the panelists emphasized that cryptanalysis has advanced greatly and Shamir said that he expects some significant progress in the coming year on a couple of fronts. He mentioned that there are a number of serious attempts to implement an attack on the SHA-1 hash algorithm.

"I think we'll see success on that in the next few months," Shamir said. He also pointed out that cryptosystems' unfortunate tendency to fail badly when any small change is made to them, makes them somewhat difficult to implement and work with.

"The main problem with cryptography is that it's highly discontinuous. If you have a

cryptosystem and make any slight change, it can lead to devastating attacks," Shamir said. "We didn't think enough at the time about how to recover from these attacks."

Diffie, CSO at Sun Microsystems and a Sun fellow, said the initial zeal that he and the other pioneers of digital cryptography had led to a mistaken belief that their discoveries would make data completely secure.

"I think cryptography will always just be one of the pieces," Diffie said. "The worst you can say is that public-key cryptography has been a great success."

<< Return to our special coverage of RSA Conference 2007

Read more on Data centre hardware