RSA panel covers cryptography trends, elections and more

Panel at RSAC on cryptography trends offers views on AI's coming domination of cybersecurity, quantum computing and quantum cryptography, politics and elections and more.

SAN FRANCISCO -- Each year at RSA Conference, the world's top cryptographers gather on stage after the show's opening keynotes to share their views and opinions on cryptography trends.

This year, the panel was moderated for the fourth consecutive time by Paul Kocher, president in the cryptography research division of Rambus. Kocher opened the session by pointing out that with exponential growth experienced in recent years with the internet, the internet of things and related technologies, each doubling of growth brings about more change than in all prior doublings -- combined.

Kocher said one bright spot this year is that cryptography is one of the few technologies that has been able to withstand "decades of scaling" and exponential growth.

Before diving into the latest cryptography trends, Kocher began the session by congratulating Adi Shamir on winning the Japan Prize, "a prestigious international award presented to individuals whose original and outstanding achievements are not only scientifically impressive, but have also served to promote peace and prosperity for all mankind."

Shamir, Borman professor of computer science at the Weizmann Institute in Israel, said the honor was "much more than a personal prize," because the award is granted for all areas of science and technology, and the fact that they chose to honor achievement in cryptography was a sign of the importance of the field. Last year, two panel participants -- Whitfield Diffie, cryptographer and security expert at Cryptomathic, and Martin E. Hellman, professor emeritus of electrical engineering at Stanford University -- received the A.M. Turing Award for their foundational work in developing the fundamental basis of public-key cryptography.

Kocher's first question to the panel was how artificial intelligence would affect computer security. Ronald Rivest, a professor in the MIT department of electrical engineering and computer science, opined that based on what was seen during last year's presidential election, chatbots might dominate in 10 to 15 years.

Shamir was more forceful, noting that when computers become super-intelligent they will be likely to say, "In order to save the internet I have to kill it; the internet as we know it today is beyond salvaging," when asked how to solve internet security problems. He added that "AI can be very helpful on the defensive side," but he doubted it would be very helpful in finding new zero-days because of the need for human originality. However, AI will be useful for finding deviations from normal behavior that will help compare "strange behaviors" to identify threats.

Cryptography trends point to quantum computers

In response to a question about whether and how long it will take for quantum computers to be available to threaten traditional cryptosystems, Diffie suggested it would not be worth worrying about as "we'll be dead by then."

There's a "higher chance" that RSA will be broken by classical attempts, Shamir said, though he admitted it "could turn out quantum computers will be able to break all the quantum proof schemes we're working on now."

"We've tried to factor quickly for about two thousand years," said Susan Landau, professor of cybersecurity policy and professor of computer science at Worcester Polytechnic Institute, but she's "not seeing same level of math research behind proposed quantum algorithms," which she called "worrying." Many modern cryptosystems rely on the difficulty of factoring products of large primes to protect encrypted data.

Cybersecurity in recent politics

In response to a question about controversy swirling around the 2016 election, Rivest pointed out that while allegations of rigging are not new, "trying to convince the winner" that he won is unusual. "We should have done post-election audits everywhere to see if there were problems."

The Russians, Landau said, see this as "war by other means" and are attacking the west this way. The techniques they use for hacking are "old-fashioned," but they are using the information in a new way. "We've known for 20 years that we need to protect government data," Landau said, but now that smaller civic organizations with fewer resources are being targeted, "that's a much broader swath of society we have to protect."

"The U.S. [has] done its share of similar dirty ops to influence other country's elections," Shamir added. "Using stolen documents that are compromising is not a new invention."

"I'm shocked -- shocked -- by what the Russians have been doing, but they are not alone," Shamir said.

Kocher asked the panel about the recent statement by Attorney General Jeff Sessions, calling for the ability of law enforcement to "overcome encryption." Rivest said, "overcoming encryption, to me, means a backdoor," but Landau suggested there are other ways, and that she has not found those in Congress necessarily supporting Session's position.

For U.S. companies, Shamir said that putting backdoors in their products would be "shooting themselves in the foot."

Next Steps

Learn about elliptic curve cryptography in ticketing

Keep up with the rest of the RSA Conference 2017

Dig Deeper on Security operations and management