Perry asked for an overview of Crypto '95. I missed the rump session, so hopefully someone else will write about that. The best talks were probably by Ross Anderson (Robustness Principles for Public Key Protocols) and Adi Shamir (Myths and Realities of Cryptography). Since Anderson's paper is in the proceedings, I won't rehash it here, but Shamir's talk is not, I present his 10 commandments of Commercial Security: 1. Don't aim for perfect security. 2. Don't solve the wrong problem. 3. Don't try to sell security bottom up. 4. Don't use cryptographic overkill. 5. Don't make it complicated. 6. Don't make it expensive. 7. Don't use a single line of defense. 8. Don't forget the mystery attack. (Know how to regenerate security when you don't know whats going wrong.) 9. Don't trust systems. 10. Don't trust people. In other news: Richard Schroeppel, Hillarie Orman (and others) presented some speedups to elliptic curve systems, based on fast calculation of reciprocals. The speedup is about a factor of 3. There were some interesting analysis of RC5, SAFER-K64. Bruce Dodsen and Arjen Lenstra presented some interesting results running NFS with four large primes. From their abstract: "[factoring with 2 large primes] completion time can quite accurately be predicted...For NFS such extrapolations seem to be impossible--the number o useful combinations suddenly `explodes' in an as yet unpredictable way, that we have not yet been able to understand completely. The consequence of this is that NFS factoring is substantially faster than expected, which implies that factoring is somewhat easier than we thought." Please note that that doesn't mean RSA has been broken, or that they can factor products of large primes in their heads. It means that there are speedups possible, but not enough that anyone should be worrying about a 1024 bit key. The best quote of the conference was doubtless Robert Morris, Sr, reminding us of the first rule of cryptanalysis, "Don't forget to look for plaintext." Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
The best talks were probably by Ross Anderson (Robustness Principles for Public Key Protocols) and Adi Shamir (Myths and Realities of Cryptography).
One interesting aspect of Anderson's result is that it decisively breaks X.509 (he shows how to forge signatures in encrypt-before-signing protocols by computing a discrete log over the RSA modulus). I strongly recommend the paper. -- Mark Chen chen@intuit.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D
participants (2)
-
Adam Shostack -
chen@intuit.com