
Bruce Schneier writes:
3. Contest prizes are rarely good incentives.
...
Just look at the economics. Taken at a conservative $125 an hour for a competent cryptanalyst, a $10K prize pays for two weeks of work, not enough time to even dig through the code. A $100K prize might be worth a look, but reverse-engineering the product is boring and that's still not enough time to do a thorough job. A prize of $1M starts to become interesting, but most companies can't afford to offer that.
Another point to consider is that a company sponsoring a contest, particularly one which involves one of its products, has a great interest in measuring the state of existing relevant art, and almost no interest at all in directly funding new research leading to the destruction of its cipher. Most such contests have very carefully structured rules, and prizes that are not too large, to sample what current tools and algorithms can do, without single-handedly funding expeditions into unexplored territory. Factoring contests are a good example of this, where you get a few thousand dollars for breaking something slightly larger than the last thing broken, rather than $10 million for inventing the singing and dancing factoring algorithm of the future, and breaking the 500 decimal digit key.
I can offer $10K to the first person who successfully breaks into my home and steals a book off my shelf. If no one does so before the contest ends, that doesn't mean my home is secure. Maybe no one with any burgling ability heard about my contest. Maybe they were too busy doing other things. Maybe they weren't able to break into my home, but they figured out how to forge the real-estate title to put the property in their name. Maybe they did break into my home, but took a look around and decided to come back when there was something more valuable than a $10,000 prize at stake. The contest proved nothing.
Exactly. Contests do nothing in the absence of prior academic interest in the problem, and even then only serve to spotlight and highlight what already exists. Contests do not drive research, nor do they prove ciphers secure. Still, they're fun. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law"