![The Edge Logo The Edge Logo](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt530eb1f4e672eb44/653a71690e92cc040a3e9d6d/Dark_Reading_Logo_TheEdge_0.png?width=700&auto=webp&quality=80&disable=upscale)
Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Best 11 Quotes From the Cryptographers' Panel
Cryptographers at an RSA Conference panel aren't worried about adversarial quantum cryptography. Machine learning, though, causes pressing practical issues.
![Drawings and calculations on a chalkboard Drawings and calculations on a chalkboard](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltdd9a592508bfad16/64f0d09ee68ad31f445aaf62/quantumcrypto.jpg?width=700&auto=webp&quality=80&disable=upscale)
Image by Sergey Bitos via Adobe Stock
RSA CONFERENCE 2021 – The annual Cryptographers' Panel, moderated Monday by RSA chief digital officer Zulfikar Ramzan, brought together cryptographers Carmela Troncoso, assistant professor at EPFL; Ross Anderson, professor of security engineering at Cambridge University and Edinburgh University; and panel mainstays (the R and S in "RSA") MIT professor Ron Rivest and Weizmann Institute professor of computer science Adi Shamir. (Another usual participant, cryptographer Whitfield Diffie, was not part of the panel but did a rapid-fire, one-on-one repartee with Ramzan.)
The discussions hit on machine learning (adversarial and otherwise), quantum computing, responsible vulnerability disclosure, COVID-19 contact tracing, supply chain security, cyber resilience, and a recently proposed algorithm for factorization that claims it could defeat the RSA cryptoystem. Read on for a rundown of the most memorable quotes from the discussion.
In response to Ramzan's question, "If you could design a piece of [security] advice short enough to fit on a bumper sticker, what would that advice be?"
'Unplug it, baby.'
— Whitfield Diffie
On quantum computing,
'It is astonishing to me how much energy is going into the commercialization of technology that doesn't yet exist.'
— Ron Rivest
He added, "There are so many startups happening. The amount of money being invested in this technology is incredible. And one wonders if it's really going to be substance there. I think the two major questions are, 'Can you build the quantum computer at scale that will last long enough to do it a useful computation?' That's number one. And number two is, 'Are there useful applications for this technology, even if you could build it?' And I think the answers so far are 'not clear' and 'maybe.'"
On mentioning that Microsoft recently backtracked on research it made three years ago that claimed an impressive "breakthrough" in quantum physics: that it had observed the existence of the elusive Majorana fermium,
'This year, the focus in quantum computing has been two steps ahead, one step back.'
— Adi Shamir
"At the moment it's not clear at all if [the particle] does exist and whether Microsoft will be able to proceed in the way that they have pursued quantum computing over the last 10 years."
On quantum cryptography,
'I'm entirely unimpressed'
— Ross Anderson
"As far as quantum cryptography is concerned, I'm entirely unimpressed because all you can do is rekey your encryptor, and we've known how to do that for 40 years. And the proofs based on quantum entanglement don't convince me because that interpretation only works in certain interpretations of quantum mechanics. I don't want to go into a debate on foundations of quantum computing, but I personally am a skeptic."
On contact tracing,
'They took some decisions that defined the privacy for the whole world.'
— Carmela Troncoso
Mobile phone operating system companies' (Google and Apple) role in the privacy of contact tracing applications.
"Something I found very interesting is that under the data protection regulation, for instance, they are still part of the supply chain and, as such, not subject to the law. So they were very free, which I find very surprising."
On machine learning systems,
'Machine learning [systems] are, at the moment, they're totally untrustworthy.'
— Adi Shamir.
"Machine learning [systems] are, at the moment, they're totally untrustworthy. And we don't have at the moment a good understanding where the adversarial examples are coming from, what do they represent. Some progress is being made along these lines. But I think that until we solve the robustness issue, I'll be worried about deploying any kind of a big machine learning system that no one understands and no one knows in which ways it can fail."
On machine learning and the privacy risks posed by how companies collect the data they feed to ML tools:
'Maybe the question we should be asking is not, 'Can we make the machine trustable?' but, 'Can we make the ones [who] are using these machine learning [someone] we want to trust with them?"
— Carmela Troncoso
On SolarWinds,
'The company was being run by bankers as a cash cow.'
— Ross Anderson
"SolarWinds was a mature company. Once upon a time it was a keen startup with lots of lively engineers, but recently it had become a monopoly and much of the technical expertise had been farmed to engineers in Eastern Europe. And so they weren't caring as much about security as they used to. In essence, the company was being run by bankers as a cash cow. One of the pieces of due diligence you have to do if you're running a big IT shop is to ask yourself about the culture of the ownership and the competence of all those suppliers who have got stuff within your security perimeter."
On resiliency and cryptography,
'Cryptographers are actually pretty terrible at designing resilient systems.'
— Ron Rivest.
"The idea of rekeying and reauthenticating everyone is not one we talk about much. Adi may disagree with me. But overall I would give us a grade of C-minus, us cryptographers, on resilience. I think the systems we design tend to be brittle and tend to break if there's a serious key compromise."
Shamir countered, "So I will actually give our system designers a D or an F. But I'll give cryptographers an A."
On the development of "vaccine passport" apps,
'It's just rent-seeking by tech companies.'
—Ross Anderson
"... we have good old-fashioned paper mechanisms like we have for yellow fever vaccination. And so I've got my vaccine card, which was written by the nurse when I got my jab, and that's fine. I can stick it in my passport and that's good enough. Trying to build an all-singing, all-dancing worldwide system is the wrong thing to do at a time like this. It's just rent-seeking by tech companies who want to down governments for hundreds of millions of dollars. And in the process they will cost thousands of more lives to be unnecessarily lost."
On Claus Schnorr's proposed algorithm for factorization.
'I want to see numbers get factored.'
—Ron Rivest
The algorithm claims it could defeat the RSA cryptosystem.
"Of course I asked the author first of all, and I asked Claus what's going on here? Do you really believe this destroys the RSA cryptosystem? Do you have any demonstrated factorization? ... And I pointed him to some criticisms on the Web that he hadn't seen. And so he looked at those, and so he posted as recently as four days ago an updated version of his paper. So I think the dust still hasn't settled on this yet. As everything I tend to be skeptical until the proof is in the pudding in factoring. I want to see numbers get factored."
Shamir said, "One thing I can promise is that if Claus Schnorr's approach succeeds, I will be the first to applaud, and I will not sue Claus Schnorr in any way or form."
On Claus Schnorr's proposed algorithm for factorization.
'I want to see numbers get factored.'
—Ron Rivest
The algorithm claims it could defeat the RSA cryptosystem.
"Of course I asked the author first of all, and I asked Claus what's going on here? Do you really believe this destroys the RSA cryptosystem? Do you have any demonstrated factorization? ... And I pointed him to some criticisms on the Web that he hadn't seen. And so he looked at those, and so he posted as recently as four days ago an updated version of his paper. So I think the dust still hasn't settled on this yet. As everything I tend to be skeptical until the proof is in the pudding in factoring. I want to see numbers get factored."
Shamir said, "One thing I can promise is that if Claus Schnorr's approach succeeds, I will be the first to applaud, and I will not sue Claus Schnorr in any way or form."
RSA CONFERENCE 2021 – The annual Cryptographers' Panel, moderated Monday by RSA chief digital officer Zulfikar Ramzan, brought together cryptographers Carmela Troncoso, assistant professor at EPFL; Ross Anderson, professor of security engineering at Cambridge University and Edinburgh University; and panel mainstays (the R and S in "RSA") MIT professor Ron Rivest and Weizmann Institute professor of computer science Adi Shamir. (Another usual participant, cryptographer Whitfield Diffie, was not part of the panel but did a rapid-fire, one-on-one repartee with Ramzan.)
The discussions hit on machine learning (adversarial and otherwise), quantum computing, responsible vulnerability disclosure, COVID-19 contact tracing, supply chain security, cyber resilience, and a recently proposed algorithm for factorization that claims it could defeat the RSA cryptoystem. Read on for a rundown of the most memorable quotes from the discussion.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024