← Back to context

Comment by thisisabore

1 year ago

I'll have you know they had maths PhDs design their security, sir. Eight of them!

Yeah, it's a bit of a joke.

4 comments

thisisabore

Reply
maqp  1 year ago

Yeah, put a geometrician* to do the job of a cryptographer. This is what you get.

* I'm being serious, Nikolai Durov's PhD dissertation title was "New Approach to Arakelov Geometry"

https://bonndoc.ulb.uni-bonn.de/xmlui/handle/20.500.11811/31...

https://arxiv.org/pdf/0704.2030

  • codedokode  1 year ago

    Advanced math is actually more difficult (in my opinion) than programming languages.

    • maqp  1 year ago

      Cryptography is nightmare magic math that cares about the color of the pencil you write it with.

      It's not enough you know how to design a cipher that is actually secure, you need to know how to implement it so that the calculator you run it on consumes exactly the right amount of time, and in some cases power, per operation.

      Then you need to know how to use the primitives together, their modes of operation, and then you get to business, designing protocols. And 10% of your code is calling the libraries that handle all that stuff above, 90% is key management.

      There's a good amount of misuse resistant libraries available, but Nikolai was too proud to not look into how the experts do this, and he failed even with trivial stuff: He went with SHA-1 instead of SHA-256. He didn't implement proper fingerprints. His protocol wasn't IND-CCA secure. He went with weird AES-IGE instead of AES-GCM which is best practice. He used the weird nonces with the FF-DH, instead of going with more robust stuff like x25519.

      One thing you learn early in academia, is that expertise is very narrow. I bet he knows a lot about geometry. Maybe even quite a bit about math in general. But it's clear he doesn't know enough to design cryptographic protocols. The cobbler should have stuck to his last.

      EDIT, to add, the real work with cryptographic protocols starts with designing everyday things that seem easy on the paper, with cryptographic assurance. Take group management that the server isn't controlling.

      For Telegram it's a few boolean flags for admin status and then it's down to writing the code that removes the user from the group and prevents them from fetching group's messages.

      For Signal it's a 58 page whitepaper on the design of how that is done properly https://eprint.iacr.org/2019/1416.pdf

      This is ultimately what separates the good from the bad, figuring out how to accomplish things with cryptography that first seem almost impossible to do.

    • joshuamorton  1 year ago

      Sure, but cryptography is its own subfield of advanced math (and also a bunch of more CS and UX based implementation challenges like avoiding side channels).