Blockchain & Cryptocurrency
,
Encryption & Key Management
,
Events
Hot Topics Also Include Quantum Computing, Blockchains, Artificial Intelligence
One of the world’s leading cryptographers said cryptocurrencies have dramatically failed to deliver what they promised.
See Also: The Operationalization of Threat Intelligence Programs
“My personal opinion is the world would be better without cryptocurrencies,” said Adi Shamir, the “S” in the RSA cryptosystem, during the Cryptographers’ Panel on Tuesday at the RSAC Conference in San Francisco.
The panel, an annual fixture at the conference, comprises leading thinkers analyzing some of the industry’s hottest topics, which this year included securing artificial intelligence, quantum computing, the British government’s attempt to undercut Apple’s end-to-end encryption offerings, as well as blockchains and cryptocurrency and their societal benefit – or lack of it.
“It would be foolish to sit here and try to defend every cryptocurrency in the world or everybody who’s in that space,” said panelist Ed Felten, chief scientist at blockchain research and development firm Offchain Labs. “It reminds me of the early internet, there are a lot of people doing silly things, some people doing dangerous and criminal things, but there’s a lot of people building actually interesting, things.”
Cryptocurrency Shortcomings
Shamir said he “was referring to currencies which are anonymous, which can be sent around the world to anyone without any kind of supervision or the ability to stop it,” and said that “blockchain technology might still have great applications.”
Today’s reality of cryptocurrency is far different from the decentralized system for payments envisioned by blockchain progenitor Satoshi Nakamoto in the original white paper, Shamir said. “Everything is highly centralized in a small number of very large exchanges. No one is using it in order to make payments – people are using it mostly to speculate.” At the same time, cryptocurrency has enabled cybercriminals to monetize attacks in new ways, including as the means of paying extortion after a ransomware attack.
Quantum Computing
Moderator Tal Rabin, a senior principal applied scientist at Amazon Web Services and professor at the University of Pennsylvania, turned the discussion to quantum computing, noting that predictions of the timeline for a viable quantum computer vary from just months from now up to never.
Applied cryptography expert Raluca Ada Popa, an associate professor of computer science at University of California, Berkeley, senior staff research scientist for Google DeepMind, highlighted the “harvest now, decrypt later” threat. Multiple intelligence agencies are likely intercepting encrypted traffic in the expectation they can crack the encryption later.
“What the intelligence community would call ‘collect now, exploit later,’ is the heart of signals intelligence,” said public-key cryptography pioneer Whitfield Diffie, who’s best known for the Diffie–Hellman key exchange.
“The good news is, we seem to be in pretty good shape,” said Vinod Vaikuntanathan, a professor at the Massachusetts Institute of Technology, referring to the U.S. National Institute of Standards and Technology having standardized on two public key encryption algorithms and three digital signature algorithms.
Vaikuntanathan said his recommendation “is to be conservative and employ what’s called hybrid encryption,” where “when you want to encrypt data, you encrypt it in two pairs.” One pair gets encrypted using a classical system such as RSA, and other with a quantum-resistant algorithm. “Unless you break both pairs, you cannot get to the data,” and from a technical standpoint, doing this is “very easy.”
While European standards bodies recommend this approach, American ones do not, although some companies – such as Amazon – have opted for the hybrid approach, he said. “That costs a little more than not doing it, but what price can you put on having peace of mind?”
“And the same for digital signatures,” Popa said of the hybrid approach.
Shamir is also a fan. “I believe that not moving to hybrid systems is a major mistake,” he said.
Blockchains in a Post-Quantum World
Felten said the blockchain world is also going to have to move to quantum-resistant algorithms, although “the good news there is that blockchain systems mostly don’t rely on encryption for confidentiality,” but rather digital signatures to authenticate hashing or prove data hasn’t been tampered with. They rely on types of encryption technology that are easier to adopt in a post-quantum world.
The larger challenge, he said, is that because blockchains are based on consensus, everyone involved needs to agree and then switch over at the same moment. That switchover also needs to happen before quantum computers become capable of deriving a private key from a public key, which would break blockchain security.
To effect a switchover to using quantum-resistant cryptography to secure a blockchain, “you have to have a checkpoint of the state,” which could require temporarily freezing funds, Felten said. “You may require people who have signing keys that will become breakable to actually register a new key actively during some switch-over period,” he said. “That’s going to be a mess.”