Quantum-resistant crypto, Elliptic Curves, and other learnings
This Winter quarter I took Stanford CS255: Introduction to Cryptography. It was a super challenging and enriching course and I learned a ton about the mathematics and algorithms behind the cryptography we depend on every day. Here are some memorable high-level takeaways from the course.
1. Don’t implement crypto yourself
Cryptography primitives like AES are extremely powerful and extremely difficult to do correctly. Use a high-level API to ensure you’re doing things right. If you’re typing the letters “AES” into your text editor, you’re doing it wrong.
The cryptography you use today rests on the assumption that P≠NP. If you were to prove P=NP, then you’d break all cryptosystems. Finding good, “hard” problems for crypto algorithms is difficult because you need to find math problems that are hard on average, not only in some cases.
3. Some of today’s algorithms are Quantum-resistant
Quantum computing will not destroy all cryptography. You don’t have to wait for quantum-resistant cryptography algorithms to be standardized by NIST to encrypt things in a quantum-resistant fashion. But be careful! Currently anything encrypted with 128 bits or less of security will be vulnerable. AES256, for instance, is fine. Quantum cryptography speeds up certain types of algorithms, like integer factorization, which means RSA is toast.
4. Shout out to ECC
Elliptic curve cryptography is one of the most beautiful applications of mathematics. It combines all three fields of math: algebra, geometry, and analysis. Elliptic curves were discovered in ancient Egypt as a purely mathematical curiosity with no real applications, rescued in scrolls from the burning library of Alexandria, forgotten for hundreds of years, and then re-discovered by modern mathematicians as something that would improve the security of asymmetric cryptography.