Cryptographer Bruce Schneier has reviewed 1998 and concluded that it was an exciting year to be a cryptographer. At first glance, the important events of the year seem completely unrelated, he reports, but when we step back and reflect on the year-that-was, some common threads emerge – as do important lessons about the evolution and direction of cryptography. First among those threads was the emergence of new algorithms. In June, the US National Security Agency declassified KEA and Skipjack (CI No 3,439). This was the first time any of NSA’s own algorithms had been declassified for release into the public domain. Schneier calls the event a watershed in public cryptanalysis. That’s because Skipjack is so good, it provides a reference against which other cryptographers can measure their efforts. Think of it as alien technology, said Schneier, for the next decade researchers will pick Skipjack apart. June also saw the announcement of candidates for the Advanced Encryption Standard (AES), a replacement for the now-venerable Data Encryption Standard (DES). The fifteen candidate algorithms are now under review. A March, 1999 conference in Rome will select five for a second round of analysis. The winner will be announced in 2000. The importance of replacing DES became clear in July, when the Electronic Frontier Foundation built Deep Crack, its DES cracker, for the bargain-basement price of $220,000 (CI No 3,455). Cryptanalysts also discovered a couple of devastating methods of decrypting smart cards by analyzing their power usage and how they respond to faults. We need to rethink how data is stored on smart cards, Schneier warned. Meanwhile, flaws discovered in the GSM digital cellular decryption algorithm and in Microsoft’s point to point tunneling protocol made it clear that closed groups working on proprietary technology are at a serious disadvantage compared to their open, peer-reviewed rivals like the far more robust IPSec. Schneier also noted the achievement of Sarah Flannery, the Irish teenager whose holiday work with Baltimore Technologies Inc appears to have turned up a faster version of RSA. Is this going to change the world, no. Might be interesting, yes, We’ll have to wait and see, a cagey Schneier concluded. In any case, it is cool to see serious cryptography out of a new researcher.
