Daniel J. Bernstein Explained

Daniel J. Bernstein
Birth Date:29 October 1971
Birth Place:East Patchogue, New York
Citizenship:American, German[1]
Fields:Mathematics, Cryptography,
Computer Security
Workplaces:University of Illinois at Chicago, Eindhoven University of Technology, Ruhr University Bochum
Alma Mater:University of California, Berkeley
New York University
Doctoral Advisor:Hendrik Lenstra
Known For:qmail, djbdns, Salsa20, ChaCha20, Poly1305, Curve25519

Daniel Julius Bernstein (sometimes known as djb; born October 29, 1971) is an American mathematician, cryptologist, and computer scientist. He is a visiting professor at CASA[2] at Ruhr University Bochum, as well as a research professor of Computer Science at the University of Illinois at Chicago. Before this, he was a visiting professor in the department of mathematics and computer science at the Eindhoven University of Technology.

Early life

Bernstein attended Bellport High School, a public high school on Long Island, graduating in 1987 at the age of 15.[3] The same year, he ranked fifth in the Westinghouse Science Talent Search.[4] In 1987 (at the age of 16), he achieved a Top 10 ranking in the William Lowell Putnam Mathematical Competition,[5] and was a member of the second-place team from Princeton University the following year.[6] Bernstein earned a B.A. in mathematics from New York University (1991) and a Ph.D. in mathematics from the University of California, Berkeley (1995), where he studied under Hendrik Lenstra.

Bernstein v. United States

The export of cryptography from the United States was controlled as a munition starting from the Cold War until recategorization in 1996, with further relaxation in the late 1990s.[7] In 1995, Bernstein brought the court case Bernstein v. United States. The ruling in the case declared that software was protected speech under the First Amendment, which contributed to regulatory changes reducing controls on encryption.[8] Bernstein was originally represented by the Electronic Frontier Foundation.[9] He later represented himself.[10]

Cryptography

Bernstein designed the Salsa20 stream cipher in 2005 and submitted it to eSTREAM for review and possible standardization. He later published the ChaCha20 variant of Salsa in 2008. In 2005, he proposed the elliptic curve Curve25519 as a basis for public-key schemes. He worked as the lead researcher on the Ed25519 version of EdDSA. The algorithms made their way into popular software. For example, since 2014, when OpenSSH is compiled without OpenSSL they power most of its operations, and OpenBSD package signing is based on Ed25519.[11] [12]

Nearly a decade later, Edward Snowden disclosed mass surveillance by the National Security Agency, and researchers discovered a backdoor in the Agency's Dual EC DRBG algorithm. These events raised suspicions of the elliptic curve parameters proposed by NSA and standardized by NIST.[13] Many researchers feared[14] that the NSA had chosen curves that gave them a cryptanalytic advantage.[15] [16] Google selected ChaCha20 along with Bernstein's Poly1305 message authentication code for use in TLS, which is widely used for Internet security.[17] Many protocols based on his works have been adopted by various standards organizations and are used in a variety of applications, such as Apple iOS,[18] the Linux kernel,[19] OpenSSH,[20] [21] and Tor.[22]

In spring 2005, Bernstein taught a course on "high speed cryptography."[23] He introduced new cache attacks against implementations of AES in the same time period.[24]

In April 2008,[25] Bernstein's stream cipher "Salsa20" was selected as a member of the final portfolio of the eSTREAM project, part of a European Union research directive.

In 2011, Bernstein published RFSB, a variant of the Fast Syndrome Based Hash function.

He is one of the editors of the 2009 book Post-Quantum Cryptography.[26]

Software

Starting in the mid-1990s, Bernstein wrote a number of security-aware programs, including qmail, ezmlm, djbdns, ucspi-tcp, daemontools, and publicfile.

Bernstein criticized the leading DNS package at the time, BIND, and wrote djbdns as a DNS package with security as a primary goal.[27] Bernstein offers "security guarantees" for qmail and djbdns in the form of monetary rewards for the identification of flaws.[28] [29] A purported exploit targeting qmail running on 64-bit platforms was published in 2005,[30] [31] but Bernstein believes that the exploit does not fall within the parameters of his qmail security guarantee. In March 2009, Bernstein awarded $1000 to Matthew Dempsky for finding a security flaw in djbdns.[32]

In August 2008, Bernstein announced[33] DNSCurve, a proposal to secure the Domain Name System. DNSCurve applies techniques from elliptic curve cryptography with the goal of providing a vast increase in performance over the RSA public-key algorithm used by DNSSEC. It uses the existing DNS hierarchy to propagate trust by embedding public keys into specially formatted, backward-compatible DNS records.

Bernstein proposed Internet Mail 2000, an alternative system for electronic mail, which he intended to replace the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP3) and the Internet Message Access Protocol (IMAP).[34]

Bernstein is also known for his string hashing function djb2[35] [36] and the cdb database library.[37]

Mathematics

Bernstein has published a number of papers on mathematics and computation. Many of his papers deal with algorithms or implementations.

In 2001, Bernstein circulated "Circuits for integer factorization: a proposal,"[38] which suggested that, if physical hardware implementations could be brought close to their theoretical efficiency, the then-popular estimates of adequate security parameters might be off by a factor of three. Since 512-bit RSA was breakable at the time, so might be 1536-bit RSA. Bernstein was careful not to make any actual predictions, and emphasized the importance of correctly interpreting asymptotic expressions. Several prominent researchers (among them Arjen Lenstra, Adi Shamir, Jim Tomlinson, and Eran Tromer) disagreed strongly with Bernstein's conclusions.[39] Bernstein has received funding to investigate whether this potential can be realized.

Bernstein is also the author of the mathematical libraries DJBFFT, a fast portable FFT library, and primegen, an asymptotically fast small prime sieve with low memory footprint based on the sieve of Atkin (rather than the more usual sieve of Eratosthenes). Both have been used effectively in the search for large prime numbers.

In 2007, Bernstein proposed the use of a (twisted) Edwards curve, Curve25519, as a basis for elliptic curve cryptography; it is employed in Ed25519 implementation of EdDSA.

In February 2015, Bernstein and others published a paper on a stateless post-quantum hash-based signature scheme called SPHINCS.[40] In July 2022, SPHINCS+, a signature scheme adapted from SPHINCS by Bernstein and others, was one of four algorithms selected as winners of the NIST Post-Quantum Cryptography Standardization competition. It was the only hash-based algorithm of the four winners.[41] [42]

In April 2017, Bernstein and others published a paper on Post-Quantum RSA that includes an integer factorization algorithm claimed to be "often much faster than Shor's".[43]

Teaching

In 2004, Bernstein taught a course on computer software security where he assigned each student to find ten vulnerabilities in published software.[44] The 25 students discovered 44 vulnerabilities, and the class published security advisories about the issues.

See also

External links

Notes and References

  1. Web site: Bernstein. Daniel J.. Curriculum vitae. cr.yp.to. 20 March 2019.
  2. Web site: Team CASA . 22 February 2021.
  3. News: 1987-01-21 . New York Times . New Yorkers Excel In Contest . November 9, 2008 .
  4. News: 1987-01-21 . New York Times . TWO GIRLS WIN WESTINGHOUSE COMPETITION . March 14, 2011 .
  5. News: 2322251. The William Lowell Putnam Mathematical Competition. Oct 1988 . 717–727. The American Mathematical Monthly. L. F. Klosinski. G. L. Alexanderson. Gerald L. Alexanderson. L. C. Larson. 95. 8.
  6. News: 2324716. The William Lowell Putnam Mathematical Competition. Oct 1989. 688-695. The American Mathematical Monthly. L. F. Klosinski. G. L. Alexanderson. Gerald L. Alexanderson. L. C. Larson. 96. 8.
  7. Web site: Crypto Law Survey - Overview per country. Koops. Bert-Jaap. August 2004. Bert-Jaap Koops homepage. 2019-03-21.
  8. Web site: EFF at 25: Remembering the Case that Established Code as Speech. Dame-Boyle. Alison. 2015-04-16. Electronic Frontier Foundation. en. 2019-03-21.
  9. Reluctant Hero. Cassidy. Peter. 1996-06-01. Wired. 2019-03-21. 1059-1028.
  10. Web site: Plaintiff's Notice Of Substitution of Counsel. 2002-10-07. 2019-03-20.
  11. Web site: OpenSSH No Longer Has To Depend On OpenSSL . Constantine A. . Murenin . Soulskill . 2014-04-30 . 2014-12-26 . Slashdot.
  12. Web site: OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto . Constantine A. . Murenin . Soulskill . 2014-01-19 . 2014-12-27 . Slashdot.
  13. Web site: SafeCurves: choosing safe curves for elliptic-curve cryptography. Bernstein. Daniel J.. Lange. Tanja. 2017-01-22. 2019-03-20.
  14. Web site: [tor-talk] NIST approved crypto in Tor?]. Maxwell. Gregory. September 8, 2013. 2015-05-20.
  15. Web site: SafeCurves: Rigidity. safecurves.cr.yp.to. 2015-05-20.
  16. Web site: The NSA Is Breaking Most Encryption on the Internet - Schneier on Security. www.schneier.com. 2015-05-20.
  17. News: ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS) . A. Langley . W. Chang . N. Mavrogiannopoulos . J. Strombergson . S. Josefsson. 2015-12-16. Internet Draft.
  18. https://www.apple.com/business/docs/iOS_Security_Guide.pdf iOS Security Guide
  19. Web site: Replacing /dev/urandom. Corbet, Jonathan. Linux Weekly News. 2016-09-20.
  20. Web site: ssh/PROTOCOL.chacha20poly1305. Miller. Damien. 2016-05-03. Super User's BSD Cross Reference: PROTOCOL.chacha20poly1305. 2016-09-07.
  21. Web site: OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein. Murenin. Constantine A.. 2013-12-11. Unknown Lamer. Slashdot. 2016-09-07.
  22. Web site: Tor's Protocol Specifications - Blog. Roger Dingledine & Nick Mathewson. 20 December 2014.
  23. Web site: MCS 590, High-Speed Cryptography, Spring 2005 . Daniel J. Bernstein . Authenticators and signatures . September 23, 2005 .
  24. Web site: Cache timing attacks on AES . Daniel J. Bernstein . cr.yp.to . 2004-04-17.
  25. Web site: The eSTREAM Portfolio . Steve Babbage . Christophe De Canniere . Anne Canteaut . Anne Canteaut . Carlos Cid . Henri Gilbert . Thomas Johansson . Matthew Parker . Bart Preneel . Vincent Rijmen . Matthew Robshaw . April 28, 2010 . August 13, 2012 . https://web.archive.org/web/20120813112048/http://www.ecrypt.eu.org/stream/portfolio.pdf . dead .
  26. Book: Post-Quantum Cryptography. 2009. Springer-Verlag. 978-3-540-88701-0. Bernstein. Daniel J.. Berlin Heidelberg. 10.1007/978-3-540-88702-7. 24166515 . en. Buchmann. Johannes. Dahmen. Erik.
  27. Book: Bauer, Michael D.. Linux Server Security. 2005. "O'Reilly Media, Inc.". 978-0-596-00670-9. 172–173. en.
  28. Book: Hagen, William von. Ubuntu Linux Bible. 2007-03-26. John Wiley & Sons. 978-0-470-12454-3. 769. en.
  29. Web site: Lighten Your DNS Load with TinyDNS. Binnie. Chris. ADMIN Magazine. en-US. 2019-03-21.
  30. Web site: Georgi Guninski. 2005-05-31. Georgi Guninski security advisory #74, 2005. September 23, 2005 .
  31. Web site: James Craig Burley. 2005-05-31. My Take on Georgi Guninski's qmail Security Advisories. 2007-08-24. 2007-08-25. https://web.archive.org/web/20070825110407/http://www.jcb-sc.com/qmail/guninski.html. dead.
  32. Web site: Daniel J. Bernstein . 2009-03-04 . djbdns<=1.05 lets AXFRed subdomains overwrite domains . 2009-03-04 . https://web.archive.org/web/20090305125545/http://article.gmane.org/gmane.network.djbdns/13864 . 2009-03-05 .
  33. Web site: Daniel J. Bernstein . High-speed cryptography.
  34. Web site: Internet Mail 2000 . live . https://web.archive.org/web/20230125001404/https://cr.yp.to/im2000.html . 25 January 2023 . 13 March 2023 . cr.yp.to.
  35. Web site: String hash functions. Yigit. Ozan.
  36. Web site: Hash function constants selection discussion.
  37. Web site: cdb.
  38. Web site: Circuits for integer factorization: a proposal . Daniel J. Bernstein . cr.yp.to . 2001-11-09.
  39. Analysis of Bernstein's Factorization Circuit . Arjen K. Lenstra . Adi Shamir . Jim Tomlinson . Eran Tromer . Proc. Asiacrypt . 2002 . LNCS 2501 . 1–26.
  40. https://sphincs.cr.yp.to/
  41. 2022-07-05 . NIST Announces First Four Quantum-Resistant Cryptographic Algorithms . NIST . en.
  42. Web site: Computer Security Division . Information Technology Laboratory . 2017-01-03 . Selected Algorithms 2022 - Post-Quantum Cryptography CSRC CSRC . 2024-03-27 . CSRC NIST . EN-US.
  43. Web site: Post-quantam RSA . June 11, 2024 . cr.yp.to.
  44. Web site: Students uncover dozens of Unix software flaws. Lemos. Robert. 2004-12-16. CNET. en. 2019-03-21.