Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inventors of RSA win Turing Award

Posted by michael on from the yay dept.

Frisky070802 writes "The NY Times has an article on how Rivest, Shamir, and Adleman (the inventors of the eponymous RSA public-key encryption algorithm) have won the ACM's Turing award for contributions to computer science. You mean they didn't win already?"

2 of 24 comments (clear)

  1. They already won through patent 'royaltees' by Anadalucia · · Score: 5, Interesting
    Through some nifty back door dealings, the patented RSA algorithm made it into standard and mission critical Internet protocols like SSL. (RSA let Netscape use the RSA algorithm in return for stock in Netscape. Who knows what deal they had with Microsoft to do the same. It was in the best interest of both Netscape and Microsoft to use RSA and not support any of the free alternatives such as DSA because it meant other companies couldn't get into the secure web serving business without a substantial cash investment to the RSA corp. RSA eventually became Verisign and/or Network Solutions.)

    Meanwhile, Verisign made a killing off charging an arm and a leg for SSL certificates. In order to support a wide variety of browsers, you needed to support the oldest certificates, and Verisign, a division of RSA, created both the need and the solution for themselves.

    I agree that RSA was a wonderful creation. The fact that it was patented, and that these sly companies were able to abuse that for millions upon millions of dollars was a horrible shame in contrast.

    Anyone know what day-to-day involvment R. S. and A. had in the companies that profited from their algorithm?

    And any chance that Diffie/Helman or other luminaries will be recognized for their similar contributions to the field? Contributions that were not as recognized because they made their discoveries available to all?

  2. What about Koblitz and Miller? by vorwerk · · Score: 4, Informative

    I've always found it interesting that RSA is so hyped, and elliptic curve cryptography (ECC) -- introduced independently by Koblitz and Miller in 1986 -- has received so little attention.

    Basically, with a 160 bit key, ECC achieves the same level of security as 1024 bit RSA. (Another example: a 591 bit ECC key is said to possess the same security as 15000+ bit RSA. Hyperelliptic curves may achieve comparable security in even smaller keys, but they remain mostly theoretical due to poor performance and questionable security relative to elliptic curves.) And, because the keys are so much smaller -- and there are efficient techniques for scalar point multiplication over a Galois Field -- ECC tends to offer incredibly good performance.

    Unfortunately, the general adoption of ECC just isn't there in the same way as RSA. Mind you, there has been some recent research in which ECC was implemented in OpenSSL (0.9.6b), but I don't think that the SSL 3.0 protocol has been extended to support it yet. Also, there is a tremendous amount of research continuing in this field to improve ECC performance (not just in software, but in elliptic curve processors for smart cards, for instance). And, of course, ANSI, IEEE, and NIST FIPS 180-2 standards are working their way thru the pipes.

    But still ... for an idea that's been around for more than 15 years, and which has made a lot of inroads in academia, it sure hasn't gone too far in industry (Certicom and Motorola being two notable exceptions).