On Wed, 27 Dec 2000, Bill Stewart wrote:
fewer talks on new stuff people are doing and more on some commercial business (maybe or maybe not run by cypherpunks) doing their product or non-technical talks by EFF lawyer types.
I'm in the midddle of composing a reply to Tim's message (which is getting bigger every time I sit down to finish it, ominously enough). One of the points that has popped into my mind so far is that while we've had academic crypto research since the 80s, thanks to Rivest, Shamir, Aldeman, Diffie, Hellman, and others willing to defy the NSA, we have _not_ had a similar tradition of commercial cryptography - or at least, not a tradition of companies obtaining money for cryptographic *protocols* as opposed to ciphers. It seems to me that it took a long while for people to even recognize that there was more to cryptography than secrecy. Maybe it happened quickly in academia, but it doesn't seem to have filtered out quickly (and then there's still the chilling effect from export controls). This is one of the reasons why the early Cypherpunk work is so damn important -- it showed the amazing, powerful things you can do given cryptography and a little cleverness, and it did so to a (comparatively) wide audience! Even after "everyone" knows that you can do, say, cryptographic voting, there's still the question of "who's going to pay for it?" That question seems to have found a partial answer with the Internet/Web/"e-commerce" frenzy. The thing is, that is *new*, only 4 or 5 years old. Before, you could go out and say "I want to go commercialize neat protocol X," and good luck to you...today, you might get funding. Until you get that funding, you can't start the engineering work that's required to take a protocol from the "cool CRYPTO paper" stage to the "real world product." Before Tim jumps on me, yes, I know there were early electronic markets, and yes, electronic trading was around before the Web. Yes, these could have been viable markets for digital cash, fair exchange protocols, whatever. Even electronic voting could and did get started earlier (though not using cryptographic techniques AFAIK) I do not dispute this! It simply seems to me that the climate today has the possibility of demand for such protocols (and more) on a wider scale than previously.
of crypto out of math and CS areas and into engineering. Mojo Nation, for example, is partly interesting because it's not just Yet Another Encrypted Music Sharing Product - it's mixing the crypto with economic models in ways that are intellectually complex, even if they're somewhat at the hand-waving level rather than highly precise.
Maybe it will force smart people to move the mix from the hand-waving level to something highly precise. Insh'allah.
Cool. Are the proceedings on line anywhere? (Or is it only for people who know the secret keys...)
The 2nd and 3rd are, via Springer-Verlag LINK service. Tables of contents are free; you should be able to recover the papers from their authors' home pages (use Google!). If you can't find something, e-mail me. Page for past proceedings: http://chacs.nrl.navy.mil/IHW2001/past-workshops.html Page for IHW 2001: http://chacs.nrl.navy.mil/IHW2001/ Unfortunately, the TOC for the first IHW is not online, nor do the papers seem to be available. You can extract the papers from Petitcolas' bibliography at http://www.cl.cam.ac.uk/users/fapp2/steganography/bibliography/index.html and may be able to get some of the papers that way. I note a previous message from Hal Finney which has some links as well http://www.inet-one.com/cypherpunks/dir.1997.05.15-1997.05.21/msg00298.html (I haven't tried them) I should state up front that the workshops are a little heavy on watermarking papers, which may not be of too much interest to cypherpunks. The papers on breaking watermarks, on the other hand, may be of more interest. :-)
On the other hand, we can oppose this to the fact that we have a bunch of remailers, and they seem to work. They may be unreliable, but no one seems to have used padding flaws to break a remailer, as far as we know.
Arrgh! Dave, just because nobody's known to have broken them doesn't mean that nobody's succeeded in breaking them (without us knowing they've succeeded),
[snip a well-deserved beating] Well, this is what I get for trying to moderate myself. Everything you say is correct - of course. I actually agree with you! I mentioned this because I wanted to avoid playing the part of a "theoretical Cassandra," which is something I do too often. (In fact, if I'm not mistaken, that's part of what Tim's response about different adversary models attempts to speak to - the fact that traditional cryptographic models assume a maximally powerful adversary, while we might want a finer grained hierarchy of adversaries and their effects...) -David