DOCSLIB.ORG

Cryptography, the Clipper Chip, and the Constitution A

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cryptography, the Clipper Chip, and the Constitution A University of Miami Law School University of Miami School of Law Institutional Repository Articles Faculty and Deans 1995 The etM aphor Is the Key: Cryptography, the Clipper Chip, and the Constitution A. Michael Froomkin University of Miami School of Law, [email protected] Follow this and additional works at: https://repository.law.miami.edu/fac_articles Part of the Constitutional Law Commons, and the Privacy Law Commons Recommended Citation A. Michael Froomkin, The Metaphor Is the Key: Cryptography, the Clipper Chip, and the Constitution, 143 U. Pa. L. Rev. 709 (1995). This Article is brought to you for free and open access by the Faculty and Deans at University of Miami School of Law Institutional Repository. It has been accepted for inclusion in Articles by an authorized administrator of University of Miami School of Law Institutional Repository. For more information, please contact [email protected]. THE METAPHOR IS THE KEY: CRYPTOGRAPHY, THE CLIPPER CHIP, AND THE CONSTITUTION A. MICHAEL FROOMKINt TABLE OF CONTENTS INTRODUCTION .................................. 712 I. MODERN CRYPTOGRAPHY: PRIVATE SECURITY, GOVERNMENT INSECURITY .................................. 718 A. Who Needs Cryptography?....................... 718 1. Banks, ATM-Users, Electronic Transactors ..... .719 2. Businesses with Commercial and Trade Secrets . 722 3. Professionals ............................ 724 4. National ID Cards and Data Authentication .... 725 5. Criminals ............................... 727 6. Users of Telephones, Electronic Mail, Faxes, or Computers .......................... 728 a. Cellular Telephones ..................... 728 b. Standard Telephones .................... 729 c. Faxes ............................... 729 d. E-mail ............................. 729 e. PersonalRecords ....................... 730 t © A. Michael Froomkin, 1995. Associate Professor, University of Miami School of Law. B.A. 1982, Yale College; M.Phil. 1984, Cambridge University;J.D. 1987, Yale Law School. Internet: [email protected] (PGP 2.6.2 public key appears infra note 787). Research for this article was supported by the University of Miami School of Law Summer Research Grant Fund. SueAnn Campbell, Nora de ]a Garza, YolandaJones, and Brian Williams provided superb library support, Rosalia Lliraldi provided secretarial support, andJulie Owen provided indefatigable research assistance. I am grateful to Abe Abraham, Stewart Baker, Tom Baker, Ken Bass, Caroline Bradley, Dorothy Denning, John Ely, Steve Fishbein,John Gilmore, Lance Hoffman, Mark Lemly, Larry Lessig, Charles C. Marson, George Mundstock, David Post,Jonathan Simon, Miles Smid, David Sobel, Cleveland Thorton, Lee Tien, Eugene Volokh, Stephen F. Williams, Steve Winter, two anonymous bureaucrats, and the participants in a University of Miami faculty seminar for their comments, corrections, and suggestions. I first encountered several of the issues discussed in this Article in the Cypherpunks and Cyberia-L mailing lists, and on the misc.legal.moderated newsgroup. For an earlier version of portions of Part III of this Article, see A. Michael Froomkin, The Constitutionality of Mandatory Key Escrow-A First Look, in BUILDING IN BIG BROTHER: THE CRYPTOGRAPHIC POLICY DEBATE (Lance Hoffman ed., forthcoming Mar. 1995) (manuscript at 413) [hereinafter BUILDING IN BIG BROTHER]. Unless otherwise specified, this Article reflects legal and technical developments occurring on or before January 1, 1995. (709) 710 UNIVERSITY OF PENNSYLVANIA LAW REVIEW [Vol. 143: 709 7. Dissidents and Others .................... 730 B. The U.S. DataEncryption Standard(DES) Is Increasingly Vulnerable ................................ 735 1. How DES Became a Standard ............... 735 2. DES Is Vulnerable to Attack ................ 738 3. How to Achieve Better Security ............. 740 C. The Escrowed Encryption Standard (EES) ........... 742 1. Why the Government Wants EES to Replace DES ................................... 743 a. Domestic Law Enforcement ................ 744 b. Intelligence Gathering ................... 747 c. Failure of Laws Designed to Prevent the Spread of Strong Cryptography ............. 748 i. Export Control: The ITAR ........... 748 ii. "Classified at Birth".................. 751 2. How Clipper Works ...................... 752 a. A Tale of Three Keys .................... 753 b. The Escrow Agents' CriticalRole ............ 759 c. Limited Recoursefor Improper Key Disclosure ... 762 II. THE ESCROWED ENCRYPTION PROPOSAL-LEGAL, POLICY, AND TECHNICAL PROBLEMS .......................... 764 A. EES: The Un-Rule Rule ....................... 764 1. FIPS 185: A Strange Standard .............. 764 2. An End-Run Around Accountability .......... 767 3. Did NIST's Cooperation with the NSA over FIPS 185 Violate the Computer Security Act of 1987? ........................... 776 4. Who Should Hold the Keys? ................ 782 B. Unresolved Issues ............................. 786 1. Requests from Foreign Governments ......... 787 2. Clipper Abroad? ........................ 788 3. What Level of Protection Do LEAFs Have Under the Electronic Communications Privacy Act? ............................. 789 C. Voluntary EES Is Constitutional ................. 793 D. Voluntary EES Is Unlikely to Displace Un-Escrowed Cryptography................................ 796 1. Why EES Worries People .................. 798 a. Preserving the Status Quo Prevents a Return to the Status Quo Ante ............. 798 b. EES Does Not Preserve the Status Quo ........ 800 c. The Status Quo May Not Be Stable .......... 802 1995] THE METAPHOR IS THE KEY- THE CLIPPER CHIP 711 2. Spoofing EES: The LEAF-Blower ............ 806 E. What Happens If EES Fails? .................... 808 III. WOULD MANDATORY KEY ESCROW BE CONSTITUTIONAL? . 810 A. First Amendment Issues ........................ 812 1. Compelled Speech ......................... 813 2. Chilling Effect on Speech .................. 815 3. Anonymity and the Freedom of Association .... 817 4. The Parallel to Antimask Laws .............. 821 B. Fourth Amendment Issues ....................... 823 1. The Fourth Amendment Does Not Give the Government an Affirmative Right to an Effective Search .......................... 826 2. Mandatory Escrow of a Key Is a "Search or Seizure"................................ 827 3. Mandatory Key Escrow as a "Regulatory Search". ............................... 830 C. Fifth Amendment Issues ....................... 833 1. The Chip Key as a Private Paper .............. 834 2. Is a Chip Key or a Session Key "Incriminating"? . 836 D. Privacy Issues ............................... 838 1. The Right to Autonomous Choice Regarding Nonintimate Matters ..................... 838 2. The Right to Be Left Alone ................ 839 3. The Right to Autonomous Choice Regarding Intimate Matters ........................ 840 E. What Next? ................................. 843 IV. IDEAS ARE WEAPONS ........................... 843 A. Caught Between Archetypes ...................... 846 1. Big Brother ............................ 847 2. The Conspirator ........................ 850 a. Panics over Plotters ..................... 851 b. Modem Incarnations: The Drug Kingpin and the Terrorist ...................... 856 B. Mediating the Clash: A Metaphoric Menu ........... 859 1. Focus on Communication .................... 862 a. "Car"--How Messages Travel ............... 863 b. "Language"............................ 865 2. Focus on Exclusion ...................... 870 a. "Safe"............................... 871 b. "House"-Where Messages Come from ......... 874 C. The Power to Choose .......................... 879 CONCLUSION .................................... 882 712 UNIVERSITY OF PENNSYLVANIA LAW REVIEW [Vol. 143: 709 TECHNICAL APPENDIX: BRUTE-FORCE CRYPTANALYSIS, PUBLIC-KEY ENCRYPTION, AND DIGITAL SIGNATURES ....... 885 A. Brute-Force Cryptanalysis ...................... 887 B. Public-Key Cryptography ......................... 890 C. Digital Signatures ........................... 895 INTRODUCTION Without the ability to keep secrets, individuals lose the capacity to distinguish themselves from others, to maintain independent lives, to be complete and autonomous persons.... This does not mean that a person actually has to keep secrets to be autonomous, just that she must possess the ability to do so. The ability to keep secrets implies the ability to disclose secrets selectively, and so the capacity for selective disclosure at one's own discretion is impor- tant to individual autonomy as well.' Secrecy is a form of power.2 The ability to protect a secret, to preserve one's privacy, is a form of power.' The ability to pene- trate secrets, to learn them, to use them, is also a form of power. Secrecy empowers, secrecy protects, secrecy hurts. The ability to learn a person's secrets without her knowledge-to pierce a person's privacy in secret-is a greater power still. People keep secrets for good reasons and for evil ones. Learning either type of secret gives an intruder power over another. Depending on the people compromised and the secrets learned, this power may be deployed for good (preventing a planned harm) or ill (blackmail, intimidation). This Article is about the clash between two types of power: the individual's power to keep a secret from the state and others, and the state's power to penetrate that secret.' It focuses on new 'KIM L. SCHEPPELE, LEGAL SECRETS 302 (1988) (footnote omitted). 2 "Secrecy" refers to the intentional concealment of information so as to prevent others
Load more

Recommended publications
  • Tarjan Transcript Final with Timestamps
    A.M. Turing Award Oral History Interview with Robert (Bob) Endre Tarjan by Roy Levin San Mateo, California July 12, 2017 Levin: My name is Roy Levin. Today is July 12th, 2017, and I’m in San Mateo, California at the home of Robert Tarjan, where I’ll be interviewing him for the ACM Turing Award Winners project. Good afternoon, Bob, and thanks for spending the time to talk to me today. Tarjan: You’re welcome. Levin: I’d like to start by talking about your early technical interests and where they came from. When do you first recall being interested in what we might call technical things? Tarjan: Well, the first thing I would say in that direction is my mom took me to the public library in Pomona, where I grew up, which opened up a huge world to me. I started reading science fiction books and stories. Originally, I wanted to be the first person on Mars, that was what I was thinking, and I got interested in astronomy, started reading a lot of science stuff. I got to junior high school and I had an amazing math teacher. His name was Mr. Wall. I had him two years, in the eighth and ninth grade. He was teaching the New Math to us before there was such a thing as “New Math.” He taught us Peano’s axioms and things like that. It was a wonderful thing for a kid like me who was really excited about science and mathematics and so on. The other thing that happened was I discovered Scientific American in the public library and started reading Martin Gardner’s columns on mathematical games and was completely fascinated.
    [Show full text]
  • 1. Course Information Are Handed Out
    6.826—Principles of Computer Systems 2006 6.826—Principles of Computer Systems 2006 course secretary's desk. They normally cover the material discussed in class during the week they 1. Course Information are handed out. Delayed submission of the solutions will be penalized, and no solutions will be accepted after Thursday 5:00PM. Students in the class will be asked to help grade the problem sets. Each week a team of students Staff will work with the TA to grade the week’s problems. This takes about 3-4 hours. Each student will probably only have to do it once during the term. Faculty We will try to return the graded problem sets, with solutions, within a week after their due date. Butler Lampson 32-G924 425-703-5925 [email protected] Policy on collaboration Daniel Jackson 32-G704 8-8471 [email protected] We encourage discussion of the issues in the lectures, readings, and problem sets. However, if Teaching Assistant you collaborate on problem sets, you must tell us who your collaborators are. And in any case, you must write up all solutions on your own. David Shin [email protected] Project Course Secretary During the last half of the course there is a project in which students will work in groups of three Maria Rebelo 32-G715 3-5895 [email protected] or so to apply the methods of the course to their own research projects. Each group will pick a Office Hours real system, preferably one that some member of the group is actually working on but possibly one from a published paper or from someone else’s research, and write: Messrs.
    [Show full text]
  • Race in the Age of Obama Making America More Competitive
    american academy of arts & sciences summer 2011 www.amacad.org Bulletin vol. lxiv, no. 4 Race in the Age of Obama Gerald Early, Jeffrey B. Ferguson, Korina Jocson, and David A. Hollinger Making America More Competitive, Innovative, and Healthy Harvey V. Fineberg, Cherry A. Murray, and Charles M. Vest ALSO: Social Science and the Alternative Energy Future Philanthropy in Public Education Commission on the Humanities and Social Sciences Reflections: John Lithgow Breaking the Code Around the Country Upcoming Events Induction Weekend–Cambridge September 30– Welcome Reception for New Members October 1–Induction Ceremony October 2– Symposium: American Institutions and a Civil Society Partial List of Speakers: David Souter (Supreme Court of the United States), Maj. Gen. Gregg Martin (United States Army War College), and David M. Kennedy (Stanford University) OCTOBER NOVEMBER 25th 12th Stated Meeting–Stanford Stated Meeting–Chicago in collaboration with the Chicago Humanities Perspectives on the Future of Nuclear Power Festival after Fukushima WikiLeaks and the First Amendment Introduction: Scott D. Sagan (Stanford Introduction: John A. Katzenellenbogen University) (University of Illinois at Urbana-Champaign) Speakers: Wael Al Assad (League of Arab Speakers: Geoffrey R. Stone (University of States) and Jayantha Dhanapala (Pugwash Chicago Law School), Richard A. Posner (U.S. Conferences on Science and World Affairs) Court of Appeals for the Seventh Circuit), 27th Judith Miller (formerly of The New York Times), Stated Meeting–Berkeley and Gabriel Schoenfeld (Hudson Institute; Healing the Troubled American Economy Witherspoon Institute) Introduction: Robert J. Birgeneau (Univer- DECEMBER sity of California, Berkeley) 7th Speakers: Christina Romer (University of Stated Meeting–Stanford California, Berkeley) and David H.
    [Show full text]
  • Magic Adversaries Versus Individual Reduction: Science Wins Either Way ?
    Magic Adversaries Versus Individual Reduction: Science Wins Either Way ? Yi Deng1;2 1 SKLOIS, Institute of Information Engineering, CAS, Beijing, P.R.China 2 State Key Laboratory of Cryptology, P. O. Box 5159, Beijing ,100878,China [email protected] Abstract. We prove that, assuming there exists an injective one-way function f, at least one of the following statements is true: – (Infinitely-often) Non-uniform public-key encryption and key agreement exist; – The Feige-Shamir protocol instantiated with f is distributional concurrent zero knowledge for a large class of distributions over any OR NP-relations with small distinguishability gap. The questions of whether we can achieve these goals are known to be subject to black-box lim- itations. Our win-win result also establishes an unexpected connection between the complexity of public-key encryption and the round-complexity of concurrent zero knowledge. As the main technical contribution, we introduce a dissection procedure for concurrent ad- versaries, which enables us to transform a magic concurrent adversary that breaks the distribu- tional concurrent zero knowledge of the Feige-Shamir protocol into non-black-box construc- tions of (infinitely-often) public-key encryption and key agreement. This dissection of complex algorithms gives insight into the fundamental gap between the known universal security reductions/simulations, in which a single reduction algorithm or simu- lator works for all adversaries, and the natural security definitions (that are sufficient for almost all cryptographic primitives/protocols), which switch the order of qualifiers and only require that for every adversary there exists an individual reduction or simulator. 1 Introduction The seminal work of Impagliazzo and Rudich [IR89] provides a methodology for studying the lim- itations of black-box reductions.
    [Show full text]
  • The Best Nurturers in Computer Science Research
    The Best Nurturers in Computer Science Research Bharath Kumar M. Y. N. Srikant IISc-CSA-TR-2004-10 http://archive.csa.iisc.ernet.in/TR/2004/10/ Computer Science and Automation Indian Institute of Science, India October 2004 The Best Nurturers in Computer Science Research Bharath Kumar M.∗ Y. N. Srikant† Abstract The paper presents a heuristic for mining nurturers in temporally organized collaboration networks: people who facilitate the growth and success of the young ones. Specifically, this heuristic is applied to the computer science bibliographic data to find the best nurturers in computer science research. The measure of success is parameterized, and the paper demonstrates experiments and results with publication count and citations as success metrics. Rather than just the nurturer’s success, the heuristic captures the influence he has had in the indepen- dent success of the relatively young in the network. These results can hence be a useful resource to graduate students and post-doctoral can- didates. The heuristic is extended to accurately yield ranked nurturers inside a particular time period. Interestingly, there is a recognizable deviation between the rankings of the most successful researchers and the best nurturers, which although is obvious from a social perspective has not been statistically demonstrated. Keywords: Social Network Analysis, Bibliometrics, Temporal Data Mining. 1 Introduction Consider a student Arjun, who has finished his under-graduate degree in Computer Science, and is seeking a PhD degree followed by a successful career in Computer Science research. How does he choose his research advisor? He has the following options with him: 1. Look up the rankings of various universities [1], and apply to any “rea- sonably good” professor in any of the top universities.
    [Show full text]
  • The Growth of Cryptography
    The growth of cryptography Ronald L. Rivest Viterbi Professor of EECS MIT, Cambridge, MA James R. Killian Jr. Faculty Achievement Award Lecture February 8, 2011 Outline Some pre-1976 context Invention of Public-Key Crypto and RSA Early steps The cryptography business Crypto policy Attacks More New Directions What Next? Conclusion and Acknowledgments Outline Some pre-1976 context Invention of Public-Key Crypto and RSA Early steps The cryptography business Crypto policy Attacks More New Directions What Next? Conclusion and Acknowledgments The greatest common divisor of two numbers is easily computed (using “Euclid’s Algorithm”): gcd(12; 30) = 6 Euclid – 300 B.C. There are infinitely many primes: 2, 3, 5, 7, 11, 13, . Euclid – 300 B.C. There are infinitely many primes: 2, 3, 5, 7, 11, 13, . The greatest common divisor of two numbers is easily computed (using “Euclid’s Algorithm”): gcd(12; 30) = 6 Greek Cryptography – The Scytale An unknown period (the circumference of the scytale) is the secret key, shared by sender and receiver. Euler’s Theorem (1736): If gcd(a; n) = 1, then aφ(n) = 1 (mod n) ; where φ(n) = # of x < n such that gcd(x; n) = 1. Pierre de Fermat (1601-1665) Leonhard Euler (1707–1783) Fermat’s Little Theorem (1640): For any prime p and any a, 1 ≤ a < p: ap−1 = 1 (mod p) Pierre de Fermat (1601-1665) Leonhard Euler (1707–1783) Fermat’s Little Theorem (1640): For any prime p and any a, 1 ≤ a < p: ap−1 = 1 (mod p) Euler’s Theorem (1736): If gcd(a; n) = 1, then aφ(n) = 1 (mod n) ; where φ(n) = # of x < n such that gcd(x; n) = 1.
    [Show full text]
  • The RSA Algorithm
    The RSA Algorithm Evgeny Milanov 3 June 2009 In 1978, Ron Rivest, Adi Shamir, and Leonard Adleman introduced a cryptographic algorithm, which was essentially to replace the less secure National Bureau of Standards (NBS) algorithm. Most impor- tantly, RSA implements a public-key cryptosystem, as well as digital signatures. RSA is motivated by the published works of Diffie and Hellman from several years before, who described the idea of such an algorithm, but never truly developed it. Introduced at the time when the era of electronic email was expected to soon arise, RSA implemented two important ideas: 1. Public-key encryption. This idea omits the need for a \courier" to deliver keys to recipients over another secure channel before transmitting the originally-intended message. In RSA, encryption keys are public, while the decryption keys are not, so only the person with the correct decryption key can decipher an encrypted message. Everyone has their own encryption and decryption keys. The keys must be made in such a way that the decryption key may not be easily deduced from the public encryption key. 2. Digital signatures. The receiver may need to verify that a transmitted message actually origi- nated from the sender (signature), and didn't just come from there (authentication). This is done using the sender's decryption key, and the signature can later be verified by anyone, using the corresponding public encryption key. Signatures therefore cannot be forged. Also, no signer can later deny having signed the message. This is not only useful for electronic mail, but for other electronic transactions and transmissions, such as fund transfers.
    [Show full text]
  • A Library of Graph Algorithms and Supporting Data Structures
    Washington University in St. Louis Washington University Open Scholarship All Computer Science and Engineering Research Computer Science and Engineering Report Number: WUCSE-2015-001 2015-01-19 Grafalgo - A Library of Graph Algorithms and Supporting Data Structures Jonathan Turner This report provides an overview of Grafalgo, an open-source library of graph algorithms and the data structures used to implement them. The programs in this library were originally written to support a graduate class in advanced data structures and algorithms at Washington University. Because the code's primary purpose was pedagogical, it was written to be as straightforward as possible, while still being highly efficient. afalgoGr is implemented in C++ and incorporates some features of C++11. The library is available on an open-source basis and may be downloaded from https://code.google.com/p/grafalgo/. Source code documentation is at www.arl.wustl.edu/~jst/doc/grafalgo. While not designed as... Read complete abstract on page 2. Follow this and additional works at: https://openscholarship.wustl.edu/cse_research Part of the Computer Engineering Commons, and the Computer Sciences Commons Recommended Citation Turner, Jonathan, "Grafalgo - A Library of Graph Algorithms and Supporting Data Structures" Report Number: WUCSE-2015-001 (2015). All Computer Science and Engineering Research. https://openscholarship.wustl.edu/cse_research/242 Department of Computer Science & Engineering - Washington University in St. Louis Campus Box 1045 - St. Louis, MO - 63130 - ph: (314) 935-6160. This technical report is available at Washington University Open Scholarship: https://openscholarship.wustl.edu/ cse_research/242 Grafalgo - A Library of Graph Algorithms and Supporting Data Structures Jonathan Turner Complete Abstract: This report provides an overview of Grafalgo, an open-source library of graph algorithms and the data structures used to implement them.
    [Show full text]
  • Party Time for Mathematicians in Heidelberg
    Mathematical Communities Marjorie Senechal, Editor eidelberg, one of Germany’s ancient places of Party Time HHlearning, is making a new bid for fame with the Heidelberg Laureate Forum (HLF). Each year, two hundred young researchers from all over the world—one for Mathematicians hundred mathematicians and one hundred computer scientists—are selected by application to attend the one- week event, which is usually held in September. The young in Heidelberg scientists attend lectures by preeminent scholars, all of whom are laureates of the Abel Prize (awarded by the OSMO PEKONEN Norwegian Academy of Science and Letters), the Fields Medal (awarded by the International Mathematical Union), the Nevanlinna Prize (awarded by the International Math- ematical Union and the University of Helsinki, Finland), or the Computing Prize and the Turing Prize (both awarded This column is a forum for discussion of mathematical by the Association for Computing Machinery). communities throughout the world, and through all In 2018, for instance, the following eminences appeared as lecturers at the sixth HLF, which I attended as a science time. Our definition of ‘‘mathematical community’’ is journalist: Sir Michael Atiyah and Gregory Margulis (both Abel laureates and Fields medalists); the Abel laureate the broadest: ‘‘schools’’ of mathematics, circles of Srinivasa S. R. Varadhan; the Fields medalists Caucher Bir- kar, Gerd Faltings, Alessio Figalli, Shigefumi Mori, Bào correspondence, mathematical societies, student Chaˆu Ngoˆ, Wendelin Werner, and Efim Zelmanov; Robert organizations, extracurricular educational activities Endre Tarjan and Leslie G. Valiant (who are both Nevan- linna and Turing laureates); the Nevanlinna laureate (math camps, math museums, math clubs), and more.
    [Show full text]
  • Leonard (Len) Max Adleman 2002 Recipient of the ACM Turing Award Interviewed by Hugh Williams August 18, 2016
    Leonard (Len) Max Adleman 2002 Recipient of the ACM Turing Award Interviewed by Hugh Williams August 18, 2016 HW: = Hugh Williams (Interviewer) LA = Len Adelman (ACM Turing Award Recipient) ?? = inaudible (with timestamp) or [ ] for phonetic HW: My name is Hugh Williams. It is the 18th day of August in 2016 and I’m here in the Lincoln Room of the Law Library at the University of Southern California. I’m here to interview Len Adleman for the Turing Award winners’ project. Hello, Len. LA: Hugh. HW: I’m going to ask you a series of questions about your life. They’ll be divided up roughly into about three parts – your early life, your accomplishments, and some reminiscing that you might like to do with regard to that. Let me begin with your early life and ask you to tell me a bit about your ancestors, where they came from, what they did, say up to the time you were born. LA: Up to the time I was born? HW: Yes, right. LA: Okay. What I know about my ancestors is that my father’s father was born somewhere in modern-day Belarus, the Minsk area, and was Jewish, came to the United States probably in the 1890s. My father was born in 1919 in New Jersey. He grew up in the Depression, hopped freight trains across the country, and came to California. And my mother is sort of an unknown. The only thing we know about my mother’s ancestry is a birth certificate, because my mother was born in 1919 and she was an orphan, and it’s not clear that she ever met her parents.
    [Show full text]
  • RON RIVEST Viterbi Professor of Computer Science, MIT's Department of Electrical Engineering and Computer Science
    Feb 1st 10:30 am - noon, Newcomb Hall, South Meeting Room RON RIVEST Viterbi Professor of Computer Science, MIT's Department of Electrical Engineering and Computer Science Security of Voting Systems While running an election sounds simple, it is in fact extremely challenging. Not only are there millions of voters to be authenticated and millions of votes to be carefully collected, count- ed, and stored, there are now millions of "voting machines" containing millions of lines of code to be evaluated for security vulnerabilities. Moreover, voting systems have a unique requirement: the voter must not be given a "receipt" that would allow them to prove how they voted to some- one else---otherwise the voter could be coerced or bribed into voting a certain way. The lack of receipts makes the security of voting system much more challenging than, say, the security of banking systems (where receipts are the norm). We discuss some of the recent trends and innovations in voting systems, as well as some of the new requirements being placed upon voting systems in the U.S., and describe some promising directions for resolving the conflicts inherent in voting system requirements, including some approaches based on cryptography. Professor Rivest is the Viterbi Professor of Computer Science in MIT's Department of Electrical Engineering and Computer Science. He is a member of MIT's Computer Science and Artificial Intelligence Laboratory, and Head of its Center for Information Security and Privacy. Professor Rivest has research interests in cryptography, computer and network security, and algo- rithms. Professor Rivest is an inventor, with Adi Shamir and Len Adleman of the RSA public-key cryp- tosystem, and a co-founder of RSA Data Security.
    [Show full text]
  • LEONID REYZIN Boston University, Department of Computer Science, Boston, MA 02215 (617) 353-3283 [email protected] Updated February 15, 2014
    LEONID REYZIN Boston University, Department of Computer Science, Boston, MA 02215 (617) 353-3283 [email protected] http://www.cs.bu.edu/~reyzin Updated February 15, 2014 EDUCATION A. B. Summa cum Laude in Computer Science, Harvard University 1992-1996 Honors Senior Thesis on the relation between PCP and NP: “Verifying Membership in NP-languages, or How to Avoid Reading Long Proofs” Thesis Advisor: Michael O. Rabin M.S. in Computer Science, MIT 1997-1999 M.S. Thesis: “Improving the Exact Security of Digital Signature Schemes” Thesis Advisor: Silvio Micali Ph. D. in Computer Science, MIT 1999-2001 Ph. D. Thesis: “Zero-Knowledge with Public Keys” Thesis Advisor: Silvio Micali POSITIONS HELD Associate Professor, Department of Computer Science, Boston University 2007-present Consultant at Microsoft Corp. 2011 Visiting Scholar, Computer Science and Artificial Intelligence Laboratory, MIT 2008 Assistant Professor, Department of Computer Science, Boston University 2001-2007 Fellow, Institute for Pure and Applied Mathematics (IPAM), UCLA 2006 Consultant at CoreStreet, Ltd. (part-time) 2001-2009 Consultant at Peppercoin, Inc. (part-time) 2004 Consultant at RSA Laboratories (part-time) 1998-2000 Research Staff at RSA Laboratories 1996-1997 PUBLICATIONS Note: most are available from http://www.cs.bu.edu/fac/reyzin/research.html Refereed Journal Articles “Improving the Exact Security of Digital Signature Schemes,” by S. Micali and L. Reyzin, appears in Journal of Cryptology, 15(1), pp. 1-18, 2002. Conference versions in SCN 99 and CQRE ’99. “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data,” by Y. Dodis, R. Ostrovsky, L. Reyzin and A.
    [Show full text]