February 14, 2008

FC2008 -- report by Dani Nagy

This was my first time [writes Dani Nagy] at the annual Financial Cryptography and Data Security Conference, even though I have extensively used results published at this conference in my research. In short, it was very interesting from both a technical and a social point of view (as in learning new results and meeting interesting people from the field). And it was a lot of fun, too.

Pairing based cryptography seems to be all the rage in the fundamental crypto research department. Secure Function Evaluation seems to be slowly inching from pure theory into the realm of applicable techniques. But don't hold your breath, yet.

In between theory and practice, was Moty Yung's very entertaining invited talk about Kleptography -- using cryptographic techniques for offensive, malicious purposes, rather than defenses, typically against other cryptographic systems. As an example, he gave a public-private RSA key generation algorithm, which is indistinguishable from an honest, random one in a black box manner, and even if reverse engineered, the keys generated with it can be factored only with the effort of factoring a key half that long. The attacker, however, that pushes this key generation algorithm on unsuspecting victims, will be able to factor their keys with very little effort.

By sheer accident, I found myself on the panel about e-cash. The topic was the gap between real-life electronic cash and academic research. One rule was not to speak about one's own work. The participants were selected from different parts of the world and different walks of life. For me, the biggest news was that credit cards are not common at all in Japan. For most of the people, WebMoney (which was what I talked about) was a complete novelty; I, in turn, found it a bit surprising that WebMoney is almost entirely unknown among FC people. On the other hand, the reason is obvious: most of their publications, including scientific ones, are available only in Russian.

The rump session was a lot of fun, too. In the last minute, I decided to present the core of my other paper that was rejected. There were many different talks, with quite a bit of humor.

The other panel, about usability issues was also interesting, but my personal conclusion was that there's still a very long way to go, until Skype-like usability becomes the norm rather than odd exceptions. The completely wrong threat models of the 1990-es with all-powerful adversaries, men in the middle and completely trustworthy third parties are still to deeply entrenched in many people's thinking.

For future conferences, the goal is to attract more people with finance, business and law backgrounds, in addition to cryptography and CS, which still dominate almost exclusively, despite the fact that there is a growing realization that it is not necessarily the crypto part that makes or breaks FC solutions.

At the general meeting of IFCA, there were the usual voting-on-voting discussions and people not willing to take any responsibility for anything, but I sort of expected it. The important news is that the next island is Barbados and the one after that is, hopefully, Tenerife (this is what most voting members seem to prefer, including myself). The financial objective of having the cost of two conferences in the bank has not been achieved yet, but IFCA is getting there. The nightmare scenario is that a hurricane destroys the island AFTER EVERYTHING HAS BEEN PAID, and all registered participants still need to be refunded.

The conference hotel (Beach Resort El Cozumeleño) was excellent (except for one of the evening shows, which was horrible), the Internet access was reasonably good, the food was good, the sea and the weather were warm, so the overall impression is very positive. The various organized activities were fun, too, such as diving and snorkeling.

For those of us, who left some time before and/or after the conference for exploring, the Yucatan peninsula also offered numerous opportunities. But that was not strictly part of the conference.

Daniel A. Nagy
AgilEight, Security Architect

Posted by iang at February 14, 2008 02:09 PM | TrackBack

Why is there such a gap between academic work and reality? Something I've wondered about too. It isn't unique to IFCA's conferences, especially.

One reason is the academic conference structure: Academics are rewarded according to peer-review work at accepted conferences, so the committees tend to be stuffed full of academics, who work the favour-trading network of peers. You have to be in it to win it (both the network and the committees), and there is hence little room for any outsiders. Check the papers committee of any conference and count up the university to corporates ratio, it's in the 20:1 area.

And not a single small-company representative will be found in the conference selection committees. Not one! Which excludes most real world digital cash systems at a stroke.

WebMoney was just such a small company when it presented at EFCE, and it also caught me by surprise. I fell into the trap and didn't give it the attention it deserved. Primarily because it was not academically novel, the guys presenting it were out of their elements, and it was competitive to my own work. Silly really, as I of all people should have known that business was not about sex appeal.

Posted by: Iang at February 14, 2008 02:41 PM

It was FC2008. According to the report at the general meeting of IFCA, there will be a much stronger business component at FC2009.

Posted by: Daniel A. Nagy at February 14, 2008 03:52 PM

I would also like to give credit where it is due:
The presented paper was co-authored with Ms. Nadzeya Shakel, who has a background in international private law and is doing her PhD on the topic of internet law.
Also, both pictures above are due to her.

Posted by: Daniel A. Nagy at February 14, 2008 06:10 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.