SAN FRANCISCO -- An intense discussion on cryptography research and developments ensued among several of the founders and designers of cryptographic protocols and algorithms, which protect virtually all data in the modern world, met at the RSAC 2016 Cryptographers' Panel. Panelist and audience members differed, often sharply, particularly on the conflict between the FBI and Apple over access to the iPhone.
Diffie, Hellman react to their Turing Award win
The A.M. Turing Award, given by the Association for Computing Machinery, is often referred to as the Nobel Prize of computing. The award comes with a $1 million prize, funded by Google. ACM President Alexander L. Wolf presented the prize via video connection.
Whitfield Diffie, a cryptographer and security expert who sits on the technical advisory board of Cryptomathic, said he was "thrilled for cryptography as well as for public key and myself," and noted it was the third time the award had been given to cryptographers. He also said the fact that cryptography research has become so central to mathematics is "amazing." As for what Diffie's plans are for the prize money as well as the platform provided by being winner of the prestigious prize, he said he is currently investigating the history of cryptography research, but it can be "difficult, because everyone tries to keep things secret."
Martin E. Hellman, professor emeritus of electrical engineering at Stanford University, said he was "greatly honored," and noted he planned to use the award to continue his efforts to build a "more peaceful and sustainable world," focusing on nuclear weapons. Hellman also noted two of three other Turing Award winners seated with him on the panel -- Ron Rivest and Adi Shamir -- who with Len Adleman won in 2002 for their work on the eponymous RSA encryption algorithm.
"We need to work with the FBI and the NSA," Hellman said, noting that he found "things got better" in his personal life, with him and his wife, when they stopped fighting and tried working together. Hellman also said two of his former adversaries, former NSA director Admiral Bobby Ray Inman and former RSA president Jim Bidzos, both eventually became friendly and signed Hellman's statement "Defusing the Nuclear Threat."
"Put ourselves in the shoes of these agencies and try to understand their position," Hellman said, in order to get to solutions that will work for everyone.
What about Apple?
After the award presentation, moderator Paul Kocher, president and chief scientist for Cryptography Research, a division of Rambus, went straight to the key question on everyone's mind: What about Apple?
Kocher noted while the FBI worries about access to potentially useful information, the tech industry worries about the possibility of setting an unpleasant precedent of creating more access to information the tech sector is trying to defend. "Are we more or less safe?" Kocher asked the panelists, if technology companies can be compelled to create circumventions within their products.
Ron Rivest of MIT asked, if the FBI can gain access to the iPhone in question "under what basis could this be done?" He answered his own question by saying "Congress is the right place to adjudicate that," reminding all of what Microsoft president and chief legal officer Brad Smith said earlier in the morning: "The road to hell starts with a backdoor." Rivest added "the systems we have are so fragile that having extra keys is just asking for trouble."
Martin E. Hellman
Hellman pointed out the key question is figuring out "what's right for the country, rather than what's right for this or that agency."
"Where do you put the line?" Adi Shamir, Borman Professor of Applied Mathematics at the Weizmann Institute in Israel, asked. "Apple goofed" twice, Shamir said. First, it tried to put itself in the position that it could tell the FBI it couldn't help when it actually could because it failed to close a "loophole" in its phone's security. According to Shamir, Apple should close the loophole and roll out a new version of iOS that will, in the future, make it impossible for Apple to gain access to locked phones.
Apple's second goof, according to Shamir, was in choosing the wrong battleground. He continued, the FBI had been "waiting for the ideal situation from their perspective to force the issue." While, he acknowledged, "Apple is right in fighting it," Shamir felt the situation was "aligned in favor of the FBI."
"The reason we're having this conversation is that Apple decided to make products that actually serve their customers," Moxie Marlinspike, founder of Open Whisper Systems, said, eliciting applause from the audience when he added, "and we should applaud them for that."
"Law enforcement should be difficult," Marlinspike said. "It should be possible to break the law." Citing historical instances of unjust laws that were ultimately reversed, such as those prohibiting gay marriage or infringing civil rights, Marlinspike said "those developments would not be possible without the possibility of breaking the law."
The difference between a free society and totalitarianism, Diffie added, is being answerable for actions; in a tyranny, you remove the possibility of even taking those actions. "Now that we're moving to interactions between people and machines," Diffie said, "who controls machines is going to be who controls the world." Marlinspike noted the precedent set by forcing Apple to defeat its own security could ultimately result in Apple being asked to distribute compromised apps through its app store.
The Juniper backdoor and the future of quantum crypto
Kocher asked the panel about last year's disclosure of a backdoor in Juniper devices, asking them to talk about the cryptographic and security perspective of what happened.
According to Marlinspike, the backdoor had apparently first found its way into Juniper systems through the inclusion of an insecure Dual EC algorithm, which by 2008 had been deployed in a way that made the backdoor exploitable "likely by the NSA." And then in 2012, an unknown attacker changed the random number generator in a way that allowed someone else to decrypt all the content in a VPN exchange after observing only a single VPN handshake.
This was a "good example of a backdoor that could not be contained" to "the good guys," Marlinspike said, adding that the U.S. Office of Personnel Management was running these devices on their network, making it possible that a backdoor the U.S. government developed was responsible for exploitation of the OPM systems.
Because of speculation that the NSA's turnaround on its previous position on post-quantum cryptography, Kocher asked the panel their position on the possibility that quantum computing would be able to break current cryptosystems.
In reviewing many of the documents that NSA whistleblower Edward Snowden disclosed, Shamir said he found a "gem": "The state of the art as far as the NSA Is concerned" was a document that revealed the NSA's secret budget for 2013, which mentioned an allocation of about $80 million for research into quantum computing. The deliverable for that research, Shamir said, was the ability "to demonstrate reliable control of two semiconductor qubits," though "as far as I understand, the NSA is far away from anything like that."
Shamir's best guess? The NSA has made some "breakthrough" in elliptical curve cryptography research, but being a large organization that has a dual mission, he said, "they are warning people away from quantum computing," but they're not saying why.
SHA-1 is truly dead
Shamir asserted that while a weaker version SHA-1 was demonstrated to fall in 2015, "in the next few months we'll see a real collision in SHA-1" by a team at the Weizmann Institute.
"For once, we're ahead of the game," Marlinspike said, noting that "we are already moving away from browsers using SHA-1," and by 2016 SHA-1 support in browsers will be gone.
Read about the basics of full-disk encryption products
Find out where encryption keys should be stored
Why the government needs to support strong encryption