Posted by: jonkatz | May 12, 2010

What do we know?

Bill’s recent post asks: what should a person working in some field know? This is a reasonable question that comes up quite often: as professors we need to make decisions about what is essential and what is not whenever we design a syllabus or decide what courses are required for the major, and as researchers we need to decide how to allocate our time in terms of learning new results.

I think in many instances it is clear that some piece of knowledge should be known by someone working in the field. (I was surprised by Bill’s example of an applied mathematician who did not know that the reals were uncountable — this is something that anyone interested in math as a high school student learns.) But in other cases the things that one person thinks are critical might be viewed by another person working in the same field as irrelevant, depending on the specific topics each person works on.

This all reminds me of a story that happened to me a few years ago. I was speaking with some researchers whose focus is cryptanalysis and made some remark about NIZK; they had no idea what I was talking about. (NIZK stands for “non-interactive zero knowledge”.) Turns out they were familiar with the concept but not the acronym, and they were not at all aware of the construction of NIZK for NP based on trapdoor permutations. After I expressed some mild surprise, they pointed out to me (correctly) that most theoretical cryptographers have no idea how DES works…

And then there’s the famous example of the theoretical cryptographer from Israel who, two years into his PhD, didn’t know what Diffie-Hellman key exchange was…

As I interact more with the outside world, I also find a huge disconnect between what academic cryptographers and security practitioners know (even those who are quite educated when it comes to cryptography). For example, a security professional would probably be very familiar with the low-level details of SSL, whereas an academic cryptographer might find the details unimportant.

The point is, in all these cases it makes sense. For a cryptanalyst, NIZK might be intellectually interesting but has little importance; for the theoretical cryptographer who just wants to use DES as a black-box pseudorandom permutation, the internal structure of DES is irrelevant. A security professional who has to analyze network traces had better know the details of SSL inside and out, while for the academic cryptographer working on something else the details of SSL are largely besides the point. When you get down to it, I think there are not very many core facts that every cryptographer must know. Suggestions for that these might be are welcome in the comments.



  1. I see two reasons for this phenomenom.

    One is specialization. This is probably a healthy thing, as a field matures.

    The other is that modern academic cryptographic seems increasingly focused on theoretical esoterica, much of which is intellectually interesting but whose relevance to practice is…unclear at best. Most of the problems that practitioners run into are already solved (from an engineering perspective), so theoreticians have to work harder and harder to make up problems that are intellectually interesting, have not been solved before, and yet are amenable to solution. Given that, it’s no surprise that practitioners will have a hard time talking to theoretically oriented researchers, and no surprise that there is not a lot in the intersection of what both communities need to know. Theoretical researchers can do research that other theoreticians consider great stuff without much about how crypto is used in practice. And practitioners can build systems that their users consider great without knowing much about the theoretical foundations of cryptography. So the intersection of what both communities /need/ to know is slim.

  2. A professor named Juliana (I won’t tell the college) was supposed to teach a small and concise course in cryptography (DES, 3DES, Feistel, Symmetric and Asymetric encryption) for undergrads. At the end, one of the students asks: “Ms Wanderley, what is a hash? I have always heard of it.” She didn’t know. She is from the area of image processing and the department put her to give these classes. However, if she just had studied the subject a little, she would answer this very basic question. So, sometimes, it can be lack of responsibility. Other times, the person does need to know it for his/her research. Other times, the person does not have the time to acquire the adequate basis to start the research.

  3. Correction: “Other times, the person does NOT need to know it for his/her research. ”

    Now it is right.

  4. Anyone interested in math as a high school student learns the reals are uncountable? From where? I didn’t hear about it until a discrete math course in the CS dept in college. No course in the math dept covered it until an upper-division real analysis class (as far as I remember).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: