Bruce Schneier
For the past three years, RSA Data Security has sponsored an industry and developers' conference. This year's event, which took place in mid-January, was the largest yet, with over 350 attendees and more than 40 organizations presenting product and technology announcements, technical exhibitions, and product demonstrations.
The most striking aspect of the conference was the variety of companies announcing products. General Magic announced that it will use RSA encryption and authentication in its Telescript language and Magic Cap environment. Fisher International announced Workflow 2020, a system for electronically automating business procedures. Hewlett Packard announced the availability of a cryptographic security module for its HP 9000 UNIX-based business server. National Semiconductor unveiled its iPower PCMCIA card, which supports multiple encryption algorithms.
ViaCrypt was in attendance, distributing literature for its commercial and fully legal version of Pretty Good Privacy (PGP). ViaCrypt has a license to use both the RSA and the IDEA algorithms, although there were some rumors and innuendo from RSA Data Security that the product might not be completely legal.
Other electronic-mail security products were also well represented. Steve Kent of BBN Communications and Steve Crocker of Trusted Information Systems discussed Privacy Enhanced Mail products and services. Enterprise Solutions showed their secure X.400 equipment, and Datamedia Corp. showed their SECURExchange product.
Lynn McNulty from the National Institute of Standards and Technology discussed the ongoing government cryptography initiatives. According to him, both the Digital Signature Standard (DSS) and the Clipper initiative are still progressing, albeit slowly. He was unable to give dates, however, of when we might expect to see either of these standards become official.
Kurt Stammberger of RSA Data Security discussed the procedures for getting export approval for cryptographic products. The talk was informative and well received.
Burt Kaliski, chief scientist for RSA Labs, gave a tutorial on the Public Key Cryptography Standards (PKCS). This is a suite of standards for interoperable applications that utilize certificate-based public-key cryptography. The standards, which are not endorsed by any standards body, cover encryption, key exchange, certificates, passwords, and more.
David Chaum of DigiCash demonstrated his electronic-cash smart-card system. This is a system of electronic money that preserves security and anonymity among the participants. Users can use a credit card-sized smart card to make purchases at cash registers, or pay tolls at toll booths (without having to slow down). This is a very impressive technology that has a high-powered mathematical theory behind it. Details on the theory can be found in Chaum's article, "Achieving Electronic Privacy," in the August 1992 issue of Scientific American, as well as in my book, Applied Cryptography (John Wiley & Sons, 1994).
A new company, Digital Timestamping, announced a system for commercial implementations of secure, digital time-stamping of digital documents. The idea is to be able to prove that a document existed at a certain date, without having to store a copy of the document with a trusted authority.
RSA Data Security announced a new technology they call Arcade, short for "Abuse Resistant Key Distribution." This is a software-distribution scheme that may find limited use in some environments. For example, a CD-ROM might contain 100 different fonts, each encrypted with a different key. To buy a specific font you could call the company and buy the key to decrypt that font.
Martin Hellman of Stanford University discussed recent attacks against DES. He also presented a new result: an attack against 8-round DES that combines techniques from linear and differential cryptanalysis. The attack is much faster than any previously known attack, but at this time cannot be extended to full 16-round DES. Even so, during the early stages of research into differential cryptanalysis, the attack suffered from this same problem. I expect the attack to improve significantly over the next year.
There were other technical presentations. Ron Rivest of MIT discussed advances in factoring large numbers (important for the security of RSA), and Cetin Koc of Oregon State University discussed high-speed software implementations of RSA. Matt Robshaw of RSA Labs discussed the Clipper chip, the Capstone algorithm, and an alternative called "fair cryptosystems," invented by Silvio Micali at MIT.
In only three years this conference has gone from a small meeting of RSA licensees to a major industry gathering. This speaks well for the momentum of public-key cryptography in the marketplace.