The renaissance of cryptography

This is a declaration of a new era.

Cryptography was almost exclusively a military technology for centuries. When in 1990s millions of personal computers connected to the internet, cryptography graduated from a munition to an industrial tool to secure credit card payments over a global, open and hostile environment.

For the next 20 years cryptographic research and engineering was very vibrant, but culminating in a loud confirmation by Edward Snowden that the resulting products were not good enough. SSL, PGP and other protocols turned out to be insecure, their implementations were buggy and hard maintain, all cryptographic primitives are broken and/or easy to misuse (MD5, RC4, RSA). High-level protocols were full of design and engineering mistakes and full of misunderstandings. The whole discipline had a culture of abstinence-only cryptography and, as a result, poor engineering standards mixed with academic hubris and sabotage by the governments. 20 years of real-world cryptography produced a few useful artifacts and a lot of mess.

Then, three things started to happen:

First, personal computers and the internet reached very deep into lives of almost everyone. Individuals now store their entire life in affordable pocket computers, businesses run all their operations over the internet, governments routinely participate in cyberwars. The importance of securing information shifted from “good to have” to “actively desirable”. Apple, the most valuable corporation on Earth, is selling billions of computers with _security_ and _privacy_ as a one of their main selling points.

Second, Bitcoin and blockchains happened. Things envisioned by Nick Szabo, Hal Finney, Wei Dai, Tim May and other cypherpunks back in 1990s finally started to materialize. The internet discovered a whole new continent: with “wild west” anarchy, “gold rushes”, and massive real and fictional opportunities. On that continent the excellence in cryptography is no longer simply desirable, but becomes vitally important: the unauthorized access to data now equates to the immediate loss of unbounded amount of highly liquid assets.

Finally, a new generation of software engineers has grown up, who have an enormous enthusiasm to fix mistakes of the past and bring cryptographic engineering to a new level: with clean designs, excellent documentation, record-breaking performance, safety and usability, and, most importantly, strong ethics.

Today we have robust cryptographic building blocks that are not only safer and faster, but also designed to be composable and extensible to build on top of them with confidence: such as Keccak, AES-SIV and Ristretto.

We have better programming languages (Rust, Go, Swift) where engineering can be done with clarity, safety and ease. Pure Rust libraries such as Miscreant and Dalek set a new bar for all cryptography engineers.

For the first time ever, the ambitious ideas of zero-knowledge proofs that were stuck in academic papers for many years are finally implemented for the blockchain applications: Zcash, Confidential Transactions, Monero and Bulletproofs.

We are living in a renaissance era of cryptography: we have fantastic tools, amazing people and strong demand for high-quality cryptographic products with direct financial incentives. We are now at a lift-off point: we have a strong foundation to build upon with confidence. Now is the best time ever to learn and work with cryptography. Expect truly transformative technologies come out of this mix in the coming years.

Oct 12   cryptography