Peter Wayner (pcw@flyzone.com)
Wed, 16 Dec 1998 14:24:40 -0500
While I agree with Bruce about all of the problems with
contests, I think it is fair to point out that he's wrong when
he makes the general statement:
"The best products/systems/protocols/algorithms available today
have not been the subjects of any contests, and probably
never will be."
What he means to say is, "We don't embrace the best
products/systems/protocols/algorithms simply because of any
contest results."
Rivest, Shamir and Adleman offered a $100 prize to someone
breaking the cipher in the original paper. They predicted it
would take bazillions (give or take a couple orders of
magnitude) of years. It only took twenty or so years. The result
didn't weaken general support for RSA because it used an
algorithm that took an amount of time expoentially proportional
the number of bits. RS&A's original key was just too small.
Still, it did make it clear that factoring is not a bedrock
foundation for the algorithm.
Of course, the folks who collected this prize spent too much to
earn it and were supported by research funding. The cipher is
famous enough now that many folks probably look at breaking it
for the sheer reputation points available.
It's important to note that RSA Data Security probably continues
to offer $10,000 prize to the people who factor significantly
larger keys. Their goal is to keep track of the right size of
keys to recommend. They also support other efforts.
Jim Bidzos also told me once that they made private offers to
individuals who were vetting their systems. He seemed to imply
that they made it worth their consultants time to break RSA.
That is, they offered prizes. Of course my memory is a bit
sketchy and he was cryptic at the time so the real truth is
anyone's guess.
My impression is that the last two paragraphs described serious,
laudable efforts at testing the strength of RSA. They may not
guarantee anything, but they do provide some sort of assurance.
I think Bidzos was smart enough to recognize that this sort of
engineering testing is an essential part of converting a few
equations into a viable business.
Of course, no one is ultimately happy because these contests
have not yielded either a robust factoring algorithm or a solid
proof of intractability.
-Peter
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:17:37