Hacker News new | comments | show | ask | jobs | submit login
Real World Crypto 2018 (iacr.org)
118 points by altro 5 days ago | hide | past | web | favorite | 27 comments

Here's a link to the YouTube channel for the conference. Some videos for this year are already up: https://www.youtube.com/channel/UCQiIRDBmp3pfTdRJ99EeDEw

RWC was created to be "like Crypto [the annual conference in Santa Barbara] but with talks on practically relevant things". RWC is now bigger than Crypto, as far as I can tell (Zurich had 600+ participants). It doesn't have formal proceedings but it does get input from MSR, google, amazon, facebook ...

Highlights for me: MSR has implemented post-quantum stuff (and it works), Spectre/Meltdown of course, google's TLS team talking about trying to test TLS 1.3 and everything that broke as a result, mozilla using F* to verify their crypto/TLS libraries and learning that "encrypted" aircraft (ACARS) communications use a monoalphabetic cipher with one of around a dozen hard-coded keys.

Good to hear it's very big now! I was there for 2014 New York and 2015 London and they were both excellent, although back then it was only 100-150 people or so. Kind of regret not going to this one.

Did this conference link just get upvoted purely because it has "crypto" in the title? I'm sure there will be some great talks (Jann Horn talking about meltdown/spectre for instance) but it's not clear to me why this is on the front page.

No. It's an excellent conference about cryptography for industry practitioners (i.e., the real, non-academic world).

Note to self: the academic world is not real.

tbh I never considered academic to be the real world. the real world is outside the academia.

This bifurcation doesn't really make sense in cryptography research. Most cryptographers developing practical systems for real world usage are academics, or at the very least used to be academics.

The way I read these categories is:

Academic = mathiness

real world = no mathiness

Another way to look at it (exceptions abound of course):

Academic = comes up with new ideas

Industry = tweaks and implements those ideas for practical applications

There was plenty of mathiness though! The audience were overwhelmingly cryptographers.

"Non-mathy" cryptography is unserious cryptography. The math doesn't go away when you take an industry job.

Cryptography is almost entirely applied mathematics. If you're not working with (typically advanced) mathematics, you're not actually doing cryptography. That might come across as pretentious, but it's true - industry cryptographers doing implementation work need to understand the research even if they're not making novel academic contributions to the field. For that matter, I also think terms like "academic" and "real world" present a false dichotomy.

A better way to capture the differences you're looking for might be the following categorization:

1. Theoretical cryptography, which is primarily concerned with the mathematics and computational complexity of cryptosystems that are very new, not widely deployed or currently open research problems. This includes post-quantum cryptography, pairings-based cryptography, multiparty computation, indistinguishability obfuscation, homomorphic encryption, cryptanalytic attacks, etc.

2. Practical (real world) cryptography, which is primarily concerned with the mathematics and computational complexity of cryptosystems that can be practically used or which are widely deployed. Implementation, performance, peripheral security infrastructure and side channel attacks also fall under the purview of practical cryptography. The safety and development of cryptographic libraries and protocols falls into this realm. A lot of cryptanalysis also falls into this area.

There are many academic cryptographers in both domains, which is why I say that "academic" is not a useful signal as to which area someone is working in. As an example I have off the top of my head, Phil Rogaway (who won Real World Cryptography's Levchin Prize in 2016) is an academic cryptographer who specializes in practical cryptography. He invented PMAC[1] and OCB[2], which are both practical primitives for use in authenticated encryption cryptosystems; nevertheless, research like Rogaway's requires significant understanding of relevant mathematics and complexity theory. On the other side of the spectrum, Craig Gentry is an industry cryptographer working at IBM as a research scientist; he won a MacArthur Fellowship for his PhD thesis[3], which was the first feasible realization of homomorphic encryption. He was also part of the research team that made the first significant progress towards multilinear maps in pairings-based cryptography using a graded encoding scheme.[4]


1. http://web.cs.ucdavis.edu/~rogaway/ocb/pmac.htm

2. http://web.cs.ucdavis.edu/~rogaway/ocb/index.html

3. https://crypto.stanford.edu/craig/craig-thesis.pdf

4. https://eprint.iacr.org/2012/610.pdf

> industry cryptographers doing implementation work need to understand the research even if they're not making novel academic contributions to the field.

Having implemented Monocypher, I can only concur: merely implementing the algorithm from spec required a solid understanding of some of the mathematical concepts involved. For instance:


Huh? where the downvote could possibly come from?

RWC papers are mostly written and consumed by academics.

That describes virtually all crypto papers. RWC is distinct for inviting industry practitioners and for selecting talks of interest to the industry. It is the most industry-engaged cryptography conference in the world.

Which is why I would not describe it as "for industry practitioners (i.e., the real, non-academic world)". There is much greater industry presence than at, say, eurocrypt, but it is clearly not "for industry practitioners".

If you're an industry cryptography engineer, not only is it for you, but it's probably at this point the most important event of the year.

Maybe they are real, after all.

Sure. I would nevertheless bet a few satoshis that at least some of the attendees bought their tickets because they thought it would be about "coins" by mistake ;)

Huge pet peeve is "crypto" being used to speak of cryptocurrency exclusively instead of the more general cryptography (or even referring to something hidden, i.e. cryptozoology).

Yes, yes, descriptive vs prescriptive, but I think it's dumb to destroy a perfectly good prefix just due to the fact that cryptocurrency is currently at the peak of the hype cycle.

There was a session on blockchains and a few well-placed jokes about them in other sessions. It's not the cryptographers who are riding the hype wave at the moment.

It is nice to see crypto not followed by the word currency every now and then.

I was going to say people might be interested in going, but it's already basically over.

I'm at RWC this year, the last session begins in 45 minutes.

Talks are being live streamed atm

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact