Jump to content

Daniel J. Bernstein

From Wikipedia, the free encyclopedia
(Redirected fromCr.yp.to)
For the American businessman and activist, seeDaniel J. Bernstein (businessman).
Daniel J. Bernstein
Born(1971-10-29)October 29, 1971(age 52)
East Patchogue, New York[1]
CitizenshipAmerican,German[1]
Alma materUniversity of California, Berkeley
New York University
Known forqmail,djbdns,Salsa20,ChaCha20,Poly1305,Curve25519
Scientific career
FieldsMathematics,Cryptography,
Computer Security
InstitutionsUniversity of Illinois at Chicago,Eindhoven University of Technology,Ruhr University Bochum
Doctoral advisorHendrik Lenstra
Websitecr.yp.to/djb.html

Daniel Julius Bernstein(sometimes known asdjb;born October 29, 1971) is an Americanmathematician,cryptologist,andcomputer scientist.He is avisiting professorat CASA[2]atRuhr University Bochum,as well as aresearch professorof Computer Science at theUniversity of Illinois at Chicago.Before this, he was a visiting professor in the department of mathematics and computer science at theEindhoven University of Technology.[citation needed]

Early life[edit]

Bernstein attendedBellport High School,a public high school onLong Island,graduating in 1987 at the age of 15.[3]The same year, he ranked fifth in theWestinghouse Science Talent Search.[4]In 1987 (at the age of 16), he achieved a Top 10 ranking in theWilliam Lowell Putnam Mathematical Competition,[5]and was a member of the second-place team fromPrinceton Universitythe following year.[6]Bernstein earned a B.A. in mathematics fromNew York University(1991) and a Ph.D. in mathematics from theUniversity of California, Berkeley(1995), where he studied underHendrik Lenstra.[citation needed]

Bernstein v. United States[edit]

Theexport of cryptography from the United Stateswas controlled as amunitionstarting from theCold Waruntil recategorization in 1996, with further relaxation in the late 1990s.[7]In 1995, Bernstein brought the court caseBernstein v. United States.The ruling in the case declared that software wasprotected speechunder theFirst Amendment,which contributed to regulatory changes reducing controls on encryption.[8]Bernstein was originally represented by theElectronic Frontier Foundation.[9]He laterrepresented himself.[10]

Cryptography[edit]

Bernstein designed theSalsa20stream cipherin 2005 and submitted it toeSTREAMfor review and possible standardization. He later published theChaCha20variant of Salsa in 2008. In 2005, he proposed theelliptic curveCurve25519as a basis forpublic-keyschemes. He worked as the lead researcher on theEd25519version ofEdDSA.The algorithms made their way into popular software. For example, since 2014, whenOpenSSHis compiled withoutOpenSSLthey power most of its operations, andOpenBSDpackagesigningis based on Ed25519.[11][12]

Nearly a decade later,Edward Snowdendisclosed mass surveillanceby theNational Security Agency,and researchers discovered abackdoorin the Agency'sDual EC DRBGalgorithm. These events raised suspicions of the elliptic curve parameters proposed by NSA and standardized byNIST.[13]Many researchers feared[14]that the NSA had chosen curves that gave them acryptanalyticadvantage.[15][16]Googleselected ChaCha20 along with Bernstein'sPoly1305message authentication codefor use inTLS,which is widely used for Internet security.[17]Many protocols based on his works have been adopted by variousstandards organizationsand areused in a variety of applications,such asApple iOS,[18]theLinuxkernel,[19]OpenSSH,[20][21]andTor.[22]

In spring 2005, Bernstein taught a course on "high speed cryptography."[23]He introduced newcache attacksagainst implementations ofAESin the same time period.[24]

In April 2008,[25]Bernstein'sstream cipher"Salsa20"was selected as a member of the final portfolio of theeSTREAMproject, part of aEuropean Unionresearch directive.

In 2011, Bernstein published RFSB, a variant of theFast Syndrome Based Hashfunction.

He is one of the editors of the 2009 bookPost-Quantum Cryptography.[26]

Software[edit]

Starting in the mid-1990s, Bernstein wrote a number of security-aware programs, includingqmail,ezmlm,djbdns,ucspi-tcp,daemontools,and publicfile.

Bernstein criticized the leadingDNSpackage at the time,BIND,and wrote djbdns as a DNS package with security as a primary goal.[27]Bernstein offers "security guarantees" for qmail and djbdns in the form of monetary rewards for the identification of flaws.[28][29]A purported exploit targeting qmail running on64-bit platformswas published in 2005,[30][31]but Bernstein believes that the exploit does not fall within the parameters of his qmail security guarantee. In March 2009, Bernstein awarded $1000 to Matthew Dempsky for finding a security flaw indjbdns.[32]

In August 2008, Bernstein announced[33]DNSCurve,a proposal to secure theDomain Name System.DNSCurve applies techniques fromelliptic curve cryptographywith the goal of providing a vast increase in performance over theRSApublic-key algorithm used byDNSSEC.It uses the existing DNS hierarchy to propagate trust by embedding public keys into specially formatted,backward-compatibleDNS records.

Bernstein proposedInternet Mail 2000,an alternative system for electronic mail, which he intended to replace theSimple Mail Transfer Protocol(SMTP), thePost Office Protocol(POP3) and theInternet Message Access Protocol(IMAP).[34]

Bernstein is also known for hisstring hashing functiondjb2[35][36]and thecdbdatabase library.[37]

Mathematics[edit]

Bernstein has published a number of papers onmathematicsandcomputation.Many of his papers deal withalgorithmsor implementations.

In 2001, Bernstein circulated "Circuits forinteger factorization:a proposal, "[38]which suggested that, if physical hardware implementations could be brought close to their theoretical efficiency, the then-popular estimates of adequate security parameters might be off by a factor of three. Since 512-bitRSAwas breakable at the time, so might be 1536-bit RSA. Bernstein was careful not to make any actual predictions, and emphasized the importance of correctly interpretingasymptoticexpressions. Several prominent researchers (among themArjen Lenstra,Adi Shamir,Jim Tomlinson, and Eran Tromer) disagreed strongly with Bernstein's conclusions.[39]Bernstein has received funding to investigate whether this potential can be realized.[citation needed]

Bernstein is also the author of the mathematicallibrariesDJBFFT, a fastportableFFTlibrary, and primegen, an asymptotically fast small primesievewith lowmemory footprintbased on thesieve of Atkin(rather than the more usualsieve of Eratosthenes). Both have been used effectively in the search for largeprime numbers.[citation needed]

In 2007, Bernstein proposed the use of a(twisted) Edwards curve,Curve25519,as a basis forelliptic curve cryptography;it is employed in Ed25519 implementation ofEdDSA.[citation needed]

In February 2015, Bernstein and others published a paper on a statelesspost-quantumhash-based signature schemecalled SPHINCS.[40]In July 2022, SPHINCS+, a signature scheme adapted from SPHINCS by Bernstein and others, was one of four algorithms selected as winners of theNIST Post-Quantum Cryptography Standardizationcompetition. It was the only hash-based algorithm of the four winners.[41][42]

In April 2017, Bernstein and others published a paper on Post-Quantum RSA that includes an integer factorization algorithm claimed to be "often much faster thanShor's".[43]

Teaching[edit]

In 2004, Bernstein taught a course oncomputer software securitywhere he assigned each student to find tenvulnerabilitiesin published software.[44]The 25 students discovered 44 vulnerabilities, and the class publishedsecurity advisoriesabout the issues.[44]

See also[edit]

References[edit]

  1. ^abBernstein, Daniel J."Curriculum vitae"(PDF).cr.yp.to.Retrieved20 March2019.
  2. ^"Team CASA".Retrieved22 February2021.
  3. ^"New Yorkers Excel In Contest".New York Times.1987-01-21.RetrievedNovember 9,2008.
  4. ^"TWO GIRLS WIN WESTINGHOUSE COMPETITION".New York Times.1987-01-21.RetrievedMarch 14,2011.
  5. ^L. F. Klosinski;G. L. Alexanderson;L. C. Larson (Oct 1988). "The William Lowell Putnam Mathematical Competition".The American Mathematical Monthly.Vol. 95, no. 8. pp. 717–727.JSTOR2322251.
  6. ^L. F. Klosinski;G. L. Alexanderson;L. C. Larson (Oct 1989). "The William Lowell Putnam Mathematical Competition".The American Mathematical Monthly.Vol. 96, no. 8. pp. 688–695.JSTOR2324716.
  7. ^Koops, Bert-Jaap (August 2004)."Crypto Law Survey - Overview per country".Bert-Jaap Koops homepage.Retrieved2019-03-21.
  8. ^Dame-Boyle, Alison (2015-04-16)."EFF at 25: Remembering the Case that Established Code as Speech".Electronic Frontier Foundation.Retrieved2019-03-21.
  9. ^Cassidy, Peter (1996-06-01)."Reluctant Hero".Wired.ISSN1059-1028.Retrieved2019-03-21.
  10. ^"Plaintiff's Notice Of Substitution of Counsel"(PDF).2002-10-07.Retrieved2019-03-20.
  11. ^Murenin, Constantine A. (2014-04-30). Soulskill (ed.)."OpenSSH No Longer Has To Depend On OpenSSL".Slashdot.Retrieved2014-12-26.
  12. ^Murenin, Constantine A. (2014-01-19). Soulskill (ed.)."OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto".Slashdot.Retrieved2014-12-27.
  13. ^Bernstein, Daniel J.; Lange, Tanja (2017-01-22)."SafeCurves: choosing safe curves for elliptic-curve cryptography".Retrieved2019-03-20.
  14. ^Maxwell, Gregory (September 8, 2013)."[tor-talk] NIST approved crypto in Tor?".Retrieved2015-05-20.
  15. ^"SafeCurves: Rigidity".safecurves.cr.yp.to.Retrieved2015-05-20.
  16. ^"The NSA Is Breaking Most Encryption on the Internet - Schneier on Security".schneier.Retrieved2015-05-20.
  17. ^A. Langley; W. Chang; N. Mavrogiannopoulos; J. Strombergson; S. Josefsson (2015-12-16)."ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)".Internet Draft.
  18. ^iOS Security Guide
  19. ^Corbet, Jonathan."Replacing /dev/urandom".Linux Weekly News.Retrieved2016-09-20.
  20. ^Miller, Damien (2016-05-03)."ssh/PROTOCOL.chacha20poly1305".Super User's BSD Cross Reference: PROTOCOL.chacha20poly1305.Retrieved2016-09-07.
  21. ^Murenin, Constantine A. (2013-12-11). Unknown Lamer (ed.)."OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein".Slashdot.Retrieved2016-09-07.
  22. ^Roger Dingledine & Nick Mathewson."Tor's Protocol Specifications - Blog".Retrieved20 December2014.
  23. ^Daniel J. Bernstein."MCS 590, High-Speed Cryptography, Spring 2005".Authenticators and signatures.RetrievedSeptember 23,2005.
  24. ^Daniel J. Bernstein (2004-04-17)."Cache timing attacks on AES"(PDF).cr.yp.to.
  25. ^Steve Babbage; Christophe De Canniere;Anne Canteaut;Carlos Cid; Henri Gilbert; Thomas Johansson; Matthew Parker; Bart Preneel; Vincent Rijmen; Matthew Robshaw."The eSTREAM Portfolio"(PDF).Archived fromthe original(PDF)on August 13, 2012.RetrievedApril 28,2010.
  26. ^Bernstein, Daniel J.; Buchmann, Johannes; Dahmen, Erik, eds. (2009).Post-Quantum Cryptography.Berlin Heidelberg: Springer-Verlag.doi:10.1007/978-3-540-88702-7.ISBN978-3-540-88701-0.S2CID24166515.
  27. ^Bauer, Michael D. (2005).Linux Server Security."O'Reilly Media, Inc.". pp. 172–173.ISBN978-0-596-00670-9.
  28. ^Hagen, William von (2007-03-26).Ubuntu Linux Bible.John Wiley & Sons. p. 769.ISBN978-0-470-12454-3.
  29. ^Binnie, Chris."Lighten Your DNS Load with TinyDNS".ADMIN Magazine.Retrieved2019-03-21.
  30. ^Georgi Guninski (2005-05-31)."Georgi Guninski security advisory #74, 2005".RetrievedSeptember 23,2005.
  31. ^James Craig Burley (2005-05-31)."My Take on Georgi Guninski's qmail Security Advisories".Archived fromthe originalon 2007-08-25.Retrieved2007-08-24.
  32. ^Daniel J. Bernstein (2009-03-04)."djbdns<=1.05 lets AXFRed subdomains overwrite domains".Archived fromthe originalon 2009-03-05.Retrieved2009-03-04.
  33. ^Daniel J. Bernstein."High-speed cryptography".
  34. ^"Internet Mail 2000".cr.yp.to.Archivedfrom the original on 25 January 2023.Retrieved13 March2023.
  35. ^Yigit, Ozan."String hash functions".
  36. ^"Hash function constants selection discussion".
  37. ^"cdb".
  38. ^Daniel J. Bernstein (2001-11-09)."Circuits for integer factorization: a proposal".cr.yp.to.
  39. ^Arjen K. Lenstra; Adi Shamir; Jim Tomlinson; Eran Tromer (2002)."Analysis of Bernstein's Factorization Circuit".Proc. Asiacrypt.LNCS 2501: 1–26.
  40. ^https://sphincs.cr.yp.to/
  41. ^"NIST Announces First Four Quantum-Resistant Cryptographic Algorithms".NIST.2022-07-05.
  42. ^Computer Security Division, Information Technology Laboratory (2017-01-03)."Selected Algorithms 2022 - Post-Quantum Cryptography | CSRC | CSRC".CSRC | NIST.Retrieved2024-03-27.
  43. ^"Post-quantam RSA"(PDF).cr.yp.to.RetrievedJune 11,2024.
  44. ^abLemos, Robert (2004-12-16)."Students uncover dozens of Unix software flaws".CNET.Retrieved2019-03-21.

External links[edit]

Wikimedia Commons has media related toDaniel J. Bernstein.
Wikiquote has quotations related toDaniel J. Bernstein.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Daniel_J._Bernstein&oldid=1231377298"