
Real World Crypto 2018 - altro
https://rwc.iacr.org/2018/
======
gnfurlong
Here's a link to the YouTube channel for the conference. Some videos for this
year are already up:
[https://www.youtube.com/channel/UCQiIRDBmp3pfTdRJ99EeDEw](https://www.youtube.com/channel/UCQiIRDBmp3pfTdRJ99EeDEw)

------
red_admiral
RWC was created to be "like Crypto [the annual conference in Santa Barbara]
but with talks on practically relevant things". RWC is now bigger than Crypto,
as far as I can tell (Zurich had 600+ participants). It doesn't have formal
proceedings but it does get input from MSR, google, amazon, facebook ...

Highlights for me: MSR has implemented post-quantum stuff (and it works),
Spectre/Meltdown of course, google's TLS team talking about trying to test TLS
1.3 and everything that broke as a result, mozilla using F* to verify their
crypto/TLS libraries and learning that "encrypted" aircraft (ACARS)
communications use a monoalphabetic cipher with one of around a dozen hard-
coded keys.

~~~
infinity0
Good to hear it's very big now! I was there for 2014 New York and 2015 London
and they were both excellent, although back then it was only 100-150 people or
so. Kind of regret not going to this one.

------
keypusher
Did this conference link just get upvoted purely because it has "crypto" in
the title? I'm sure there will be some great talks (Jann Horn talking about
meltdown/spectre for instance) but it's not clear to me why this is on the
front page.

~~~
bugmen0t
No. It's an excellent conference about cryptography for industry practitioners
(i.e., the real, non-academic world).

~~~
loup-vaillant
Note to self: the academic world is not real.

~~~
Nokinside
The way I read these categories is:

Academic = mathiness

real world = no mathiness

~~~
dsacco
Cryptography is almost entirely applied mathematics. If you're not working
with (typically advanced) mathematics, you're not actually doing cryptography.
That might come across as pretentious, but it's true - industry cryptographers
doing implementation work need to understand the research even if they're not
making novel academic contributions to the field. For that matter, I also
think terms like "academic" and "real world" present a false dichotomy.

A better way to capture the differences you're looking for might be the
following categorization:

1\. _Theoretical_ cryptography, which is primarily concerned with the
mathematics and computational complexity of cryptosystems that are very new,
not widely deployed or currently open research problems. This includes post-
quantum cryptography, pairings-based cryptography, multiparty computation,
indistinguishability obfuscation, homomorphic encryption, cryptanalytic
attacks, etc.

2\. _Practical_ (real world) cryptography, which is primarily concerned with
the mathematics and computational complexity of cryptosystems that can be
practically used or which are widely deployed. Implementation, performance,
peripheral security infrastructure and side channel attacks also fall under
the purview of practical cryptography. The safety and development of
cryptographic libraries and protocols falls into this realm. A lot of
cryptanalysis also falls into this area.

There are many academic cryptographers in both domains, which is why I say
that "academic" is not a useful signal as to which area someone is working in.
As an example I have off the top of my head, Phil Rogaway (who won Real World
Cryptography's Levchin Prize in 2016) is an _academic_ cryptographer who
specializes in practical cryptography. He invented PMAC[1] and OCB[2], which
are both practical primitives for use in authenticated encryption
cryptosystems; nevertheless, research like Rogaway's requires significant
understanding of relevant mathematics and complexity theory. On the other side
of the spectrum, Craig Gentry is an _industry_ cryptographer working at IBM as
a research scientist; he won a MacArthur Fellowship for his PhD thesis[3],
which was the first feasible realization of homomorphic encryption. He was
also part of the research team that made the first significant progress
towards multilinear maps in pairings-based cryptography using a graded
encoding scheme.[4]

_________________________________

1\.
[http://web.cs.ucdavis.edu/~rogaway/ocb/pmac.htm](http://web.cs.ucdavis.edu/~rogaway/ocb/pmac.htm)

2\.
[http://web.cs.ucdavis.edu/~rogaway/ocb/index.html](http://web.cs.ucdavis.edu/~rogaway/ocb/index.html)

3\. [https://crypto.stanford.edu/craig/craig-
thesis.pdf](https://crypto.stanford.edu/craig/craig-thesis.pdf)

4\.
[https://eprint.iacr.org/2012/610.pdf](https://eprint.iacr.org/2012/610.pdf)

~~~
loup-vaillant
> _industry cryptographers doing implementation work need to understand the
> research even if they 're not making novel academic contributions to the
> field._

Having implemented Monocypher, I can only concur: merely implementing the
algorithm from spec required a solid understanding of some of the mathematical
concepts involved. For instance:

[http://loup-vaillant.fr/tutorials/poly1305-design](http://loup-
vaillant.fr/tutorials/poly1305-design)

~~~
loup-vaillant
Huh? where the downvote could possibly come from?

