If you have similar interests to mine, you're probably wondering why all those crypto-theorists are so riled up about Neal Koblitz's latest piece in the AMS notices.

In hopes of sparing you all the hour I just wasted trying to read Neal's deathless prose, here is a short (or at least shorter) and likely rather biased summary of what he says.

Pages 972-974: A brief history of number-theoretic cryptography in the 1980s, in which Koblitz shows off his credentials as the inventor of elliptic curve cryptography. Cryptography used to be a form of rebellion against the fascist and corporatist system. Everyone loved everyone else and wore flowers in their hair.

Page 974: Someone invented an algorithm, but the theoretical worst-case analysis showed that it was too inefficient, which it turned out to be as well for practical problem sizes. Instead of seeing this as a success for theory, Koblitz somehow turns this into an example of worst-case analysis being wrongheaded and unhelpful.

Page 975: In the 1990s, more mathematicians wanted to start doing crypto, and that's bad because they weren't already experts and therefore shouldn't have even tried. More funding agencies wanted to fund crypto research, and that's also bad because it led people to become patriots.

Page 976: Cryptography conference have deadlines, and that's bad because authors get sloppy in the rush to meet the deadlines. If you can't write a stellar breakthrough paper, better not to write at all. But only a true mathematician can have been alive for the thousands of years necessary to understand this self-evident truth. Cryptography has been corrupted by impure influences of technology and corporatism and therefore cryptographers are too impatient and greedy. Mathematicians are large slow-moving mammals, cryptographers are quick-witted birds, and somehow that strained analogy implies that mathematicians are best.

Page 976: Koblitz whines that people resent him and wish he would go away.

Pages 976-977: Provable security is only as good as your attack model and hardness assumptions. (As everyone with even the slightest familiarity with crypto already knew.)

Page 977: Provable security is used to trick non-experts. (Probably also true, but there seems to be some intellectual dishonesty going on here: the people who are using claims of provable security to trick non-experts into buying their shoddy cryptosystems are, I think, largely not the same as the people who are publishing academic provable security papers, and he's tarring one group with the sins of the other.)

Pages 977-978: Proofs in cryptography are occasionally mistaken, and therefore we shouldn't trust any of them. Someone's paper bashing someone else's paper didn't get refereed by the people it was bashing, and would have been rejected if it had. Anyway, only true mathematicians should be allowed to use the word "proof" because it's too powerful to let loose among the hoi polloi. "Proof" means "skip this part because you won't understand it" and cryptographers shouldn't be allowed to let people skip things. Cryptographers should be forced to call their proofs "arguments" instead, and they should be allowed even that much only if they write in a way that is perfectly clear and understandable to non-experts.

Page 978: Asymptotic analysis is fallacious and absurd.

Page 978: Someone wanted to label Koblitz' editorial as an editorial. And he was a Jew.

Page 979: Everyone hates Koblitz, therefore he's right. Cryptographers are childish, but he enjoys fighting with them.



Comments:

arvindn:
2007-09-05T01:33:59Z
Hilarious!
11011110:
2007-09-05T17:27:39Z
Thanks, glad to hear that this whole kerfuffle has at least produced some amusement value.
None:
2007-09-06T03:27:13Z
Thanks for the summary, :)
11011110:
2007-09-06T04:15:38Z
You're welcome!
None: Good Summary
2007-09-06T03:51:05Z
This was great. Best coverage of the whole dilemma. Thanks.
11011110: Re: Good Summary
2007-09-06T04:15:46Z
You're welcome!
su_ku_gh: Re: Good Summary
2007-09-08T17:36:41Z
Thanks for this great summary. Though I read it before reading your summary, and what I find most wonderful about this article is the fine classification that has been made between Mathematicians, Mathematicians – lured into cryptography, Mathematicians who proved something that was useful in cryptography than what Cryptographers could manage, Cryptographers, who submit more than 35 papers within the very last hour of conference deadline, and Cryptographers, who think themselves as King Hezekiah.
11011110: Re: Good Summary
2007-09-08T20:18:55Z
Thanks! I like the way you describe that classification; it almost reminds me of Borges' Chinese taxonomy of animals.
ephermata:
2007-09-06T06:15:13Z
Goodness, that does about cover it. Thanks for the summary!
11011110:
2007-09-06T15:04:56Z
You're welcome. It took a couple days, but this does seem to have started attracting a little more attention...
ciphergoth:
2007-09-06T07:54:06Z
Like it - thanks! Did you read Katz's response?
11011110:
2007-09-06T15:10:17Z
You mean his letter to the editor, not just the guest post on the computational complexity blog that I linked to under "those"? Yes. It will be interesting to see which if any of these responses the Notices chooses to publish. I suppose by posting this, I'm playing into the publicity that Katz wishes Koblitz wasn't getting for this all. But then, with his post, so was he. Koblitz did make a few valid points, and I tried to make sure they were included in my summary here, but they were buried under a lot of bullshit.
None: Feh
2007-09-06T10:54:51Z

I found your summary misleading and hateful. Maybe you became upset early in the article and read the rest with the worst possible interpretation rather than trying to understand the point. Regarding your "Page 978" summary, do you really believe "And he was a Jew." was in any way part of the point? Perhaps he should have referred to "Oded X, professor at a widely-respected yet here unnamed institution"? Or "Page 977", selling takes places at many levels: there is selling of products (agree it's a different crowd) and there is selling of research (to funding bodies, tenure committees, deans,...). You use a straw man argument to make accusations of intellectual dishonesty. Poetic.

11011110: Re: Feh
2007-09-06T15:20:56Z
Interesting how the defenders of Koblitz have been so consistently anonymous in the comments here and on the other blogs I've seen. I guess I can understand the reasons, though, if one feels that Crypto is controlled by people with the opposite opinion and wants to continue publishing there. Your IP address is safe with me. As for the "Jew" part, I hesitated to put that in, because I found it quite unfunny, and I wondered what the reaction would be to saying it. But I wanted to honestly summarize what I read, and that's what I read from the part where Koblitz goes on at length about the old testament nature of Goldreich's comment. My feeling is that anyone of good will should have picked up on the implications and been very careful on this point. Koblitz didn't and wasn't.
None: Re: Feh
2007-09-07T18:30:14Z
The summary was excellent. Just shows that the Koblitz article is ridiculous even without knowing how he destorted the facts. Good for you for not ducking the J issue!
11011110: Re: Feh
2007-09-08T01:41:31Z
Someday I would like to read the more serious point-by-point rebuttal that everyone keeps promising that someone else would make, so I can see the distortions more clearly. I mean, the letters I've seen posted go carefully through some of the points, but not all of them.
None: Re: Feh
2007-09-12T16:42:06Z
Which points did you want to see a rebuttal of?
11011110: Re: Feh
2007-09-12T16:51:30Z
The point is more that as I'm not really a crypto expert, I don't know which of the more technical points might need rebuttal.
None: Great summary
2007-09-08T00:01:59Z
Saved me a lot of time. Thanks!
11011110: Re: Great summary
2007-09-08T01:41:46Z
Then my work here is done. You're welcome!