Last week saw the fifth Real World Cryptography (RWC) workshop held in Stanford University, California. The RWC workshop series was founded by Kenny Paterson and our own Nigel Smart five years ago at a small meeting of about 80 people in Cambridge UK. Since then it has grown into one of the largest conferences in cryptography in the world.
The RWC workshop brings together academics and leading players in industry to discuss the issues and problems associated with deploying and designing cryptographic solutions.
This year, much of the focus was on these two themes:
Firstly, the ongoing problems with the TLS protocol. The TLS protocol is one of the mainstays of the security of the internet, yet it has been dogged by problems both in terms of design and in terms of deployment. A new version, TLS 1.3, is currently being standardized. Yet attacks are beginning to appear on TLS 1.3 even before it is deployed due to the need to support “legacy” certificates which use the RSA algorithm. Thus whilst TLS 1.3 is in some sense a clean break from the mistakes of the past, it still has some legacy issues related to certificates.
Secondly, was the theme of deploying security solutions at “scale”. There were interesting talks by speakers from Google, Facebook and others on how security solutions can be deployed over a vast number of users, machines and connections. Of particular interest was the large usability study conducted by Google into error messages shown to users due to incorrect TLS configurations being encountered. It turned out the vast majority of these were due to clock issues on the users own computer.
The main event of the week, however, was the awarding of the first Levchin Prize for Real World Cryptography. This is a new annual award, sponsored by Max Levchin (the co-founder of PayPal) for work in the area of Real World Cryptography. The first winners, who both receive a check for $10,000, were Phil Rogaway and the miTLS team.