Welcome,
Since the last Bulletin, we were delighted to welcome Alex Pruden as Founder and CEO at Project Eleven. Alex is a former U.S. Army Green Beret. He served in Afghanistan, Iraq and Syria, where his experiences sparked a deep belief in the value of crypto.
He has since earned an MBA from Stanford, worked as an investor at Andreessen Horowitz’ first crypto fund and was most recently CEO at Aleo, one of the world’s most advanced deployments of zero-knowledge cryptography. He can be reached at [email protected].
Testing for Strength
Most technologies don’t respond well to pressure. They are not designed to be broken, or tested. Cryptography is different in this regard. The more attacks and attention an encryption scheme withstands, the more trust we have in its security - RSA and ECC secure the world’s information because they stand strong after many years of attention, not because we have theoretical proofs of their security.
In the early 1970s, IBM researchers designed a block cipher called Lucifer - part of a broader push toward computer security in an era when the Internet was just an ARPA project. When the U.S. National Bureau of Standards (now NIST) sought an encryption algorithm to standardize, Lucifer became the basis for what would be known as the Data Encryption Standard (DES).
The path to adoption was contentious. IBM had designed Lucifer with a 128-bit key and by the time DES was standardized in the mid 70s, the key was just 56 bits - a 64-bit version with 8 bits used for parity checks. Why the reduction? This has never been fully explained, but the National Security Agency (NSA) had a seat at the table. For years, this fueled speculation: Did the NSA intentionally weaken DES? Did they understand that 56 bits would remain secure for little more than 15 years? In a meeting with Whitfield Diffie and Martin Hellman (of Diffie-Hellman fame) in 1976, the NSA generally deflected concerns about DES’s long-term security.
The DES debates helped give rise to a new kind of technical activism, made up of cryptographers that were highly skeptical of government interference in cryptography.
In the late 90s, Diffie and Hellman were proven right. Just 6 months after a $10,000 prize for breaking DES was announced, a volunteer effort brute forced the cipher, revealing the answer (”Strong cryptography makes the world a safe place”). Thousands of Internet users donated their computers to the effort, which ultimately tested a quarter of the 256 valid keys for DES. Months alter, the Electronic Frontier Foundation spent $250k building Deep Crack, a machine that could brute-force DES in less than three days. What had once been a military-grade cipher was now a weekend project for a nonprofit.
There have been many other cryptography challenges. The DES Challenge is just one example. The RSA Factoring Challenge, which ran from 1991 - 2007 offered prizes for factoring large numbers, helping drive research into RSA attacks, and simultaneously building trust in RSA. More recently, in 2021, Microsoft launched the SIKE Cryptographic Challenge. Supersingular Isogeny Key Encapsulation (SIKE) was a candidate for post-quantum encryption standards that emerged in the early 2010s as an alternative to lattice-based schemes, and was under consideration by NIST. Microsoft, who had helped develop SIKE, offered a $50k bounty for successful attacks. It took just over a year for both prizes to be claimed, sealing SIKE’s fate.
Cryptography is antifragile. Challenges like the above exert a healthy pressure on schemes, allowing vulnerabilities to be surfaced early, before they make their way into critical infrastructure - or the challenges can prove that it’s time to move on from an outdated standard.
RSA itself arrived in 1977, in the wake of the Diffie-Hellman key exchange, which had just revealed that public-key cryptography was possible. RSA made it practical. It was slow, but it worked.
Public-key cryptography became highly controversial. The NSA opposed its export, viewing strong encryption as a national security risk. Researchers faced restrictions under the International Traffic in Arms Regulations (ITAR), which treated cryptographic algorithms as weapons. Exporting code — even posting it online — could be a federal offense. Because it displayed instructions for RSA, a t-shirt designed by Adam Back qualified as an export-controlled munition.
More than DES, this tension shaped the culture of cryptography. It bred a generation of Cypherpunks - a loose collective of privacy-focused activists and programmers and laid the ideological groundwork for systems like PGP, Tor, and eventually Bitcoin.
Get in touch with us at [email protected].
Until next time,
Team P11
Links