Crypto Gurus Diffie, Hellman Win 2015 Turing Award

alphadogg writes: Whitfield Diffie and Martin Hellman, whose names have been linked since their seminal paper introduced the concepts of public key encryption and digital signatures some 40 years ago, have been named winners of the $1M A.M. Turing Award for 2015 (a.k.a., the 'Nobel Prize of Computing'). The work of Diffie, formerly chief security officer of Sun Microsystems, and Hellman, professor emeritus of electrical engineering at Stanford University, has had a huge impact on the secure exchange of information across the Internet, the cloud and email.

Well deserved

Congrats!! Well deserved. And thanks for all the fish.

I guess neither R. S. nor A. needed $1m

Since their company was already paid off by the N. S. and A.

Re:I guess neither R. S. nor A. needed $1m

[GLMDesigns]

Why? Did the NSA not want secure encryption. All governments like secure encryption for them - what they don't like is for their adversaries to have the same. What counts is living in a country where the government is not in an adversarial position with their citizens.

Which is why I'm a small-government libertarian as opposed to those promoting an all-knowing, all-powerful bureaucracy. You know who your are.

Re: I guess neither R. S. nor A. needed $1m

Guess we'll find out what Hillary has to say about that!

Re:I guess neither R. S. nor A. needed $1m

[Big+Hairy+Ian]

Bear in mind that all the encryption techniques created by RSA, Diffie & Hellman had already been created at the the Top Secret Bletchley Park and later at GCHQ it's successor.

All your Internets belong to us

When encryption is outlawed...

[shanen]

So when will the FBI arrest them? After all, if you have nothing to hide from the government, then you don't need encryption. Wanting encryption proves you MUST be a criminal. Creating encryption makes you the accomplice.

Even worse, if you want encryption you must be a future criminal planning how to hide the evidence!

Actually, you better wave bye-bye to what little privacy is left. Even the multi-millionaires and billionaires can't buy privacy now. Ask Mitt Romney, eh?

(Maybe I spoke too soon? I really wish everyone knew the truth about the big dick Cheney.)

Re:When encryption is outlawed...

What "truth" is that? That ego can get one quite far? That money can extend one's life? That political connections at that level never really fade?

Re:When encryption is outlawed...

Slashdot doesn't do Unicode (as yet) and strips the html entity (≠). So no, there's no way to do a not-equals sign.

I hope you're not one of those confused-anarchist "libertarians" who think that non-coercive government isn't an oxymoron.

Re: When encryption is outlawed...

!= there that's a not equals sign. Easy.

A very well deserved award

[jonwil]

Probably the greatest claim to fame for Diffie and Hellman would be the paper "New Directions in Cryptography" which described Diffie-Hellman key exchange and is one of the first public descriptions of strong (or strong for its day) cryptography. (back then most cryptography was controlled by governments, militaries and intelligence agencies).

I cant find a cite but I could swear the government tried to censor Diffie and Hellman and prevent them from publishing their work (or maybe I am thinking of some other cryptographic paper or presentation from that era)

Re:A very well deserved award

[mikael]

That was GCHQ with their implementation:

http://www.ics.uci.edu/~ics54/...

Re:A very well deserved award

[sconeu]

I attended Hellman's talk in 2014 at "Pohlfest" (celebrating Ira Pohl on his retirement). Hellman flat out said that a Three Letter Agency tried to censor him.

Re:A very well deserved award

[chrism238]

I believe that you're thinking of the DES controversy.

Re:A very well deserved award

Diffie-Hellman is still rock fucking solid and is part of any tight HTTPS setup.

Re:A very well deserved award

[AHuxley]

jonwil the "Charles Babbage Institute Center for the History of Information Technology University of Minnesota" Martin Hellman Interview 22 November 2004 might have some info.
pdf at: https://conservancy.umn.edu/bi...
".... involvement with and the broader context of the debate about the federal government’s cryptography policy—regarding to the National Security Agency’s (NSA) early efforts to contain and discourage academic work in the field"

D&H

Good guys D&H, congrats!

It is about time.

[JoshuaZ]

It is about time. The primary Diffie-Hellman key exchange https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange is one of the most basic cryptographic algorithms out there and is still used practically today. The simplest version of it is simple enough that you can explain it to a bright 8th grader. Variants of it, including both the original version and others such as those using elliptic curves are mainstays of practical crypto today.

Moreover, DH key exchange along with RSA started modern crypto in a fundamental way. Prior to that work, the idea was to have the key be completely secret and maximize the fundamental entropy of the encrypted messages, leading to the ultimate logical conclusion of the one-time pad. RSA and DH both showed that instead of relying on high entropy, one can rely on the computational difficulty of actually understanding the order that really is in the encrypted message.

The upshot of DH key exchange is that two people (or computers) have a conversation and at the end of it they will have a shared secret, but no one who is listening even if they hear the entire conversation will have any hope of finding out the shared secret unless they have far more computational power. This is a wildly counterintuitive claim once you hear it, and that lasts for about ten minutes (about as long as it takes to explain their algorithm). It is true that DH iand RSA are both only conjecturally secure, since the difficulty of discrete log and factoring would imply that P != NP (and in fact appear to be much stronger claims), and there are some serious thinkers who have expressed skepticism that such systems really are theoretically secure. (See for example Henry Cohn's short essay here http://research.microsoft.com/en-us/um/people/cohn/Thoughts/factoring.html which focuses on factoring but most of it applies just as well to discrete log). And we know that if we can ever get practical quantum computers working then DH will be breakable, but the overall impact of this work is absolutely undeniable.

Re:It is about time.

[Major+Blud]

Agreed, awarding this to them was way overdue. I think Linus Torvalds and John Carmack should get it eventually as well.

Re:It is about time.

[Major+Blud]

Oh, and add Tim Berners-Lee to that list, he should definitely get it.

Re:It is about time.

"difficulty of discrete log and factoring would imply that P != NP"

Maybe. P = NP would mean both discrete log and factoring would trivially be in P. This does not necessarily imply an efficient algorithm but it would definitely be an improvement on the current complexity and so, probably would be significant. Then again if P = NP almost all cryptography vanishes in a puff of smoke as reversing hashes and computing symmetric keys is now in P and thus easier than brute force.

Showing factoring is in P would again be interesting and a breakthrough but wouldn't imply P = NP. Showing that the best possible algorithm for factoring is psuedo-polynomial (I believe this is the current best known algorithm) would suggest that P != NP but would give us the question of Pseudo-P ?= NP which might not be any better.

Anyway; make some progress on this and you can probably get your own Turing award. Good luck!

Re:It is about time.

[JoshuaZ]

Please reread my comment. The statement I made was that factoring *not being in P* would imply that P is not equal to NP. This is because factoring is in NP (although conjecturally not NP-hard). You are correct that proving that factoring is in P would not prove that P = NP, but that's the converse of the relevant statement.

Got to see Whitfield give a talk

[MerlynEmrys67]

One of the questions from the audience still strikes me 10 years later. Someone asked how he felt about his Cryptography being used by bad people to do bad things. His reply is he didn't think anything of it. He provides a tool - what people do with the tool is on them, not himself. This was a very interesting response - why do we blame scientists for their inventions rather than the criminals for their behavior

Re:Got to see Whitfield give a talk

I've never heard of somebody blaming Diffie for bad uses of encryption. I mostly hear this about the Manhattan project, and sometimes genetic engineering, and auotmating people out of manual labour jobs. Interestingly drone weapons rarely seem to get the "what hath science wrought!" in my experience, even though their use is logically comparable to the Manhattan Project. I might be missing some other category.

"And." The word is "and."

[wonkey_monkey]

Crypto Gurus Diffie, Hellman Win 2015 Turing Award

What is the big problem with using the word "and" in a headline? It's the internet. You're not paying per byte and you don't have a fixed width to squeeze your headline into.

Throw off the shackles of your printed media forebears!

Re:"And." The word is "and."

[jeffb+(2.718)]

Fighting the irrationalities of written English style is an admirable pursuit, but I must warn you that those windmills can take a ridiculous amount of punishment without toppling.

Re:"And." The word is "and."

The laws of physics are the same; yet Space Nutters still wank themselves over space fantasies!

Re:"And." The word is "and."

[Harik]

Headline. On physical newspaper, or in the sidebar with related links. Extremely limited in terms of space, so it's an art form to eliminate extraneous words.

God knows writers are happy to more than make up for it in the articles themselves.

Re:"And." The word is "and."

Headlines should be terse because I want to scroll through them in my feed sidebar. And this one is actually too long: "Crypto gurus" provides no additional information. Also, "Diffie, Hellman" without "and" has strong recognition value.

Re:"And." The word is "and."

[Coren22]

Exactly! The laws of physics say space colonization is perfectly doable, so we all must be "nutters" for claiming it!

It is the law of economics which has made space colonization difficult, as NASA is eternally choked for money, space colonization will only happen when a corporation takes the risks, and that is not terribly far off either.

Re:"And." The word is "and."

Weird, the dickhead who capitalizes 'space nutter' showing up in a non-space related thread. Still talking about 'space nutters'. Are you genuinely just a pathetic obsessed gimp of some kind? Hey - I hope you're aware of some of the missions coming up - JUICE, ExoMars, etc? I hope they really, really, piss you off. BILLIONS being spent on SPACE. You know, that place you hate, despite living in it. Twat.

Re:"And." The word is "and."

That's a troll who spouts nothing but shit about how space is a waste of time. Can be safely ignored. Nothing useful to say.

Public-key cryptography is the death of freedom

[Myria]

Public-key cryptography is the source of locked-down computers. It's clear that the entire industry is headed toward locking down computers to run only software signed by the conglomerates. Just look at the major operating systems other than non-proprietary Linux. Linux itself is going to face hard times as the hardware that can run it dwindles to the point that only small devices can use it, or devices made (and locked down) by a large corporation.

I truly hope that either quantum computers come along to ruin public-key cryptography or the hidden-subgroup problem has a polynomial-time solution.

Re:Public-key cryptography is the death of freedom

[dargaud]

I truly hope that either quantum computers come along to ruin public-key cryptography

Then you'll love Travelling Salesman.

Re:Public-key cryptography is the death of freedom

[Phil+Karn]

I don't like locked-down computers any more than you do. I hate ransomware even more; it's the single most despicable use of public key cryptography there is. But consider that without public key cryptography Apple wouldn't even be in a position to stop the FBI from hacking the iPhone. Individuals wouldn't even have the option to secure their personal communications, at least not in practice. (Yes, I know all about one-time pads. That's why I said "in practice"). Nor would we have the Internet, or at least anything like the one we have now. And without the Internet, computers of all kinds (secure or non-secure boot) wouldn't be nearly as capable and available as they are now because the volume and demand would be vastly less.

Re:Public-key cryptography is the death of freedom

[110010001000]

Not only locked down computers: locked-down Internet. Eventually it will be that you need an "approved and signed" Internet connection device in order to use the Internet. It is only a matter of time and will be done to catch terrorists and protect the children, or vice versa.

Re:Public-key cryptography is the death of freedom

[cbhacking]

The feds are only thwarted by public-key crypto in Apple's case because their hardware on the 5C trusts the software too much. If Apple had designed their hardware crypto correctly in the first place, the software wouldn't matter. The actual device encryption is 100% symmetric-key (and the key derivation probably involves hash functions, which are another beast entirely). However, the lockout / device wipe is in software, and it's that software the feds want to replace. Code signing (public key) stops them from doing that, but even then, all they get is the ability to try pin codes as fast as the hardware will permit (which is probably enough to get the phone unlocked in a reasonable time, unless the lock screen code is way beyond what mere mortals ever use).

If the lockout / device wipe were implemented in hardware, the software wouldn't matter. Imagine a hardware security module (HSM) that itself tracks whether the device is locked. Software can tell the HSM to lock, but not to unlock; only the code can do that. Hardware (physical connection to the power button, hardware timer in the HSM, whatever) can also lock the HSM, of course. Software can tell the HSM to change the lock code or maximum allowed attempts, but only while the HSM is unlocked. Software can tell the HSM to reset, even if the HSM is locked, but doing so permanently purges material needed to re-derive the device encryption key. Similarly, if too many lock code entry attempts are made while the HSM is locked, it automatically resets and purges the key derivation material. Even if the actual data was backed up or is never erased to begin with, it can now never be decrypted short of cracking AES-256; the storage is, in effect, wiped.

Good fucking luck breaking *that* with a court order, or a stolen signing key, or anything else. This is what Apple (and everybody else) should have been doing.

Also, yes, fuck mandatory code signing. I'm OK with the signing concept in principle, but it *must* be under the owner's control. That same HSM could hold the list of allowable public keys, and (when the HSM is unlocked) could allow people to manage their own keys (including the pre-loaded OEM one), for example.

Can't think of more deserving recipients

[Phil+Karn]

I really can't think of more deserving recipients. I've never met Hellman, but I've met Diffie a few times, including when we testified to the Senate Commerce Committee during the 1990s Crypto Wars. He's a national asset whenever the NSA and FBI get a little too far out of line. Which is most of the time.

Re:Donald Trump

Sound just like the Obama voter who though he would pay off her mortgage, or the other Obama voter who voted for him because "she got Obamaphone".

Whitfield Diffie

The eccentricity of McAffee with none of the batshit crazy.

Re:Whitfield Diffie

[Phil+Karn]

Where you see eccentricity, I see genius, insight and long hair. And I couldn't care less about the long hair.

Re:Donald Trump

Phone assistance started with Nixon, expanded by Reagan and again expanded by Obama. Both expansion where to keep up with the times and needs of the nation.

No one called them Nixonphones or Reaganphones.

It is simply a long-standing federal program.

Size

[Pseudonymus+Bosch]

I am reading Slashdot on a smartwatch, you insensitive clod!

Re:Donald Trump

[mark-t]

"you will learn...?" I don't know which is sadder... that anyone would defend him, or that you might seriously mean to suggest that he would or even *could* somehow make good on your implied threat.

Diffie and Ellis

[Tenebrousedge]

Diffie testified in the NewEgg patent troll case and was grilled pretty hard by the attorney, specifically about the work and role of Ellis/GCHQ. He has never tried to deny them credit for their work, but in most practical senses, they didn't invent it.

"Dr. Diffie, you were not the first to invent public key cryptography, were you?"

"I believe that I may have been," said Diffie, speaking cautiously. "But perhaps you could be more specific?"

"In fact, a gentleman named James Ellis in England invented it before you, right?"

Diffie sighed. He seemed, suddenly, almost tired. He had heard this one before. "I spent a lot of time talking to James Ellis, and I can't figure it out," he said. "James Ellis did very fine work."

[...]

"So, in fact, according to the IEEE, someone else invented public key cryptography before you, correct?"

"I disagree," said Diffie. "Ellis' paper is in no sense enabling. [His partner] Malcolm Williamson's paper enables Diffie-Hellman, and it was an internal secret note written two months after I presented that at the largest computer conference in the world."

[...]

"The alleged prior inventors not only kept it secret but did very little with it," said Diffie. "In James Ellis' words to me: 'You did a lot more with it than we did.'"

[...]

"The short answer would be that James Ellis' work in 1969 and 1970 certainly does not teach the methods. Personally, I find that paper incomprehensible. I'm not clear how anybody became convinced of anything from it."

Re:Donald Trump

hillary + trump = anti christ

Re:Donald Trump

Don't inject facts! People need to blame Obama for everything. It rained all day and was freaking cold. Obama!

What about Merkle?

[Ungrounded+Lightning]

In 2002, Hellman suggested the algorithm be called Diffie-Hellman-Merkle key exchange in recognition of Ralph Merkle's contribution to the invention of public-key cryptography (Hellman, 2002), writing:

The system...has since become known as Diffie-Hellman key exchange. While that system was first described in a paper by Diffie and me, it is a public key distribution system, a concept developed by Merkle, and hence should be called 'Diffie-Hellman-Merkle key exchange' if names are to be associated with it. I hope this small pulpit might help in that endeavor to recognize Merkle's equal contribution to the invention of public key cryptography.

Not to diminsh in any way the excellent work of Diffie and Hellmann - but it seems to me (and to at least Hellman) that Merkle (still) doesn't get as much credit as he deserves.

Re:Donald Trump

[Coren22]

This is the person which was being spoken of:
https://www.youtube.com/watch?...

She is the person low on facts and voting for Obama because he gave her a free cell phone. The poster was just bringing up the low information nature of the general public, it is a constant issue during elections, many people just vote by name recognition without knowing anything about the person.

Awesome name

Unfortunately, it took me quite a while to parse the post's title in my mind. I thought that somebody named Crypto Gurus Hellman (and Diffie, of course) had won an award. It seems to me the Crypto Gurus Hellman would be a pretty awesome name.

Re:Donald Trump

[AutodidactLabrat]

He won't break 28%.
Absent the teagaggers he wouldn't break 3%

Re:Donald Trump

Trump has gotten 34% of the GOP vote thus far. The GOP makes up less than 40% of the general electorate.

The loser is fired.