On Tue, Dec 26, 2000 at 10:38:36AM -0800, Tim May wrote: | >I don't think I'd go that far. As far as I'm concerned, elliptic curves | >are just another group to do Diffie-Hellman & friends in. What I'd call | >the "core" of mathematical crypto is the work that Goldreich, Goldwasser, | >Micali, et. al. have been doing over the past fifteen years -- trying to | >rough out just what kind of assumptions are necessary and sufficient to | >give us the kind of cryptography we want. | | Has there really been much progress in the last ten years? I remember | the flurry of ground-breaking work in the mid-80s, and it was much in | the air at the first "Crypto Conference" I attended in 1988 (also the | last such conference I attended, for various reasons). Depends on your definition of progress. I think that the work that esp. Goldreich has been doing in the foundations of cryptography (ie, http://www.toc.lcs.mit.edu/~oded/tfoc.html) is very exciting stuff, because it pushes us towards a solid grounding for systems, and away from the need for one of a dozen or so really solid cryptanalysts to look at each system published. Is this progress in the space of librarization, standardization, or economics of security? No. But we need stronger foundations in both security and crypto in order to justify the investments in it. When a company can spend really large sums of money for only small assurance that its systems are more secure, its a hard decision to justify. (Not that there aren't justifications, they're just non-obvious.) When those investments are butressed by an understanding that the features will work as planned, they'll be easier to make. Speaking for myself, Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume