Daniel J. Bernstein

Last updated
Daniel J. Bernstein
Dan Bernstein 27C3.jpg
Born (1971-10-29) October 29, 1971 (age 53)
East Patchogue, New York [1]
Citizenship American, German [1]
Alma mater University of California, Berkeley (PhD)
New York University (BA)
Known for qmail, djbdns, Salsa20, ChaCha20, Poly1305, Curve25519
Scientific career
Fields Mathematics, Cryptography,
Computer Security
Institutions University of Illinois at Chicago, Eindhoven University of Technology
Doctoral advisor Hendrik Lenstra
Website cr.yp.to/djb.html

Daniel Julius Bernstein (sometimes known as djb; born October 29, 1971) is an American mathematician, cryptologist, and computer scientist. He was a visiting professor at CASA [2] at Ruhr University Bochum until 2024 [3] , as well as a research professor of Computer Science at the University of Illinois at Chicago. Before this, he was a visiting professor in the department of mathematics and computer science at the Eindhoven University of Technology. [4]

Contents

Early life

Bernstein attended Bellport High School, a public high school on Long Island, graduating in 1987 at the age of 15. [5] The same year, he ranked fifth in the Westinghouse Science Talent Search. [6] In 1987 (at the age of 16), he achieved a Top 10 ranking in the William Lowell Putnam Mathematical Competition, [7] and was a member of the second-place team from Princeton University the following year. [8] Bernstein earned a B.A. in mathematics from New York University (1991) and a Ph.D. in mathematics from the University of California, Berkeley (1995), where he studied under Hendrik Lenstra. [1]

Bernstein v. United States

The export of cryptography from the United States was controlled as a munition starting from the Cold War until recategorization in 1996, with further relaxation in the late 1990s. [9] In 1995, Bernstein brought the court case Bernstein v. United States . The ruling in the case declared that software was protected speech under the First Amendment, which contributed to regulatory changes reducing controls on encryption. [10] Bernstein was originally represented by the Electronic Frontier Foundation. [11] He later represented himself. [12]

Cryptography

Bernstein designed the Salsa20 stream cipher in 2005 and submitted it to eSTREAM for review and possible standardization. He later published the ChaCha20 variant of Salsa in 2008. In 2005, he proposed the elliptic curve Curve25519 as a basis for public-key schemes. He worked as the lead researcher on the Ed25519 version of EdDSA. The algorithms made their way into popular software. For example, since 2014, when OpenSSH is compiled without OpenSSL they power most of its operations, and OpenBSD package signing is based on Ed25519. [13] [14]

Nearly a decade later, Edward Snowden disclosed mass surveillance by the National Security Agency, and researchers discovered a backdoor in the Agency's Dual EC DRBG algorithm. These events raised suspicions of the elliptic curve parameters proposed by NSA and standardized by NIST. [15] Many researchers feared [16] that the NSA had chosen curves that gave them a cryptanalytic advantage. [17] [18] Google selected ChaCha20 along with Bernstein's Poly1305 message authentication code for use in TLS, which is widely used for Internet security. [19] Many protocols based on his works have been adopted by various standards organizations and are used in a variety of applications, such as Apple iOS, [20] the Linux kernel, [21] OpenSSH, [22] [23] and Tor. [24]

In spring 2005, Bernstein taught a course on "high speed cryptography." [25] He introduced new cache attacks against implementations of AES in the same time period. [26]

In April 2008, [27] Bernstein's stream cipher "Salsa20" was selected as a member of the final portfolio of the eSTREAM project, part of a European Union research directive.

In 2011, Bernstein published RFSB, a variant of the Fast Syndrome Based Hash function.

He is one of the editors of the 2009 book Post-Quantum Cryptography. [28]

Software

Starting in the mid-1990s, Bernstein wrote a number of security-aware programs, including qmail, ezmlm, djbdns, ucspi-tcp, daemontools, and publicfile.

Bernstein criticized the leading DNS package at the time, BIND, and wrote djbdns as a DNS package with security as a primary goal. [29] Bernstein offers "security guarantees" for qmail and djbdns in the form of monetary rewards for the identification of flaws. [30] [31] A purported exploit targeting qmail running on 64-bit platforms was published in 2005, [32] [33] but Bernstein believes that the exploit does not fall within the parameters of his qmail security guarantee. In March 2009, Bernstein awarded $1000 to Matthew Dempsky for finding a security flaw in djbdns. [34]

In August 2008, Bernstein announced [35] DNSCurve, a proposal to secure the Domain Name System. DNSCurve applies techniques from elliptic curve cryptography with the goal of providing a vast increase in performance over the RSA public-key algorithm used by DNSSEC. It uses the existing DNS hierarchy to propagate trust by embedding public keys into specially formatted, backward-compatible DNS records.

Bernstein proposed Internet Mail 2000, an alternative system for electronic mail, which he intended to replace the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP3) and the Internet Message Access Protocol (IMAP). [36]

Bernstein is also known for his string hashing function djb2 [37] [38] and the cdb database library. [39]

Mathematics

Bernstein has published a number of papers on mathematics and computation. Many of his papers deal with algorithms or implementations.

In 2001, Bernstein circulated "Circuits for integer factorization: a proposal," [40] which suggested that, if physical hardware implementations could be brought close to their theoretical efficiency, the then-popular estimates of adequate security parameters might be off by a factor of three. Since 512-bit RSA was breakable at the time, so might be 1536-bit RSA. Bernstein was careful not to make any actual predictions, and emphasized the importance of correctly interpreting asymptotic expressions. Several prominent researchers (among them Arjen Lenstra, Adi Shamir, Jim Tomlinson, and Eran Tromer) disagreed strongly with Bernstein's conclusions. [41] Bernstein has received funding to investigate whether this potential can be realized.[ citation needed ]

Bernstein is also the author of the mathematical libraries DJBFFT, a fast portable FFT library, and primegen, an asymptotically fast small prime sieve with low memory footprint based on the sieve of Atkin (rather than the more usual sieve of Eratosthenes). Both have been used effectively in the search for large prime numbers.[ citation needed ]

In 2007, Bernstein proposed the use of a (twisted) Edwards curve, Curve25519, as a basis for elliptic curve cryptography; it is employed in Ed25519 implementation of EdDSA.[ citation needed ]

In February 2015, Bernstein and others published a paper on a stateless post-quantum hash-based signature scheme called SPHINCS. [42] In July 2022, SPHINCS+, a signature scheme adapted from SPHINCS by Bernstein and others, was one of four algorithms selected as winners of the NIST Post-Quantum Cryptography Standardization competition. It was the only hash-based algorithm of the four winners. [43] [44]

In April 2017, Bernstein and others published a paper on Post-Quantum RSA that includes an integer factorization algorithm claimed to be "often much faster than Shor's". [45]

Teaching

In 2004, Bernstein taught a course on computer software security where he assigned each student to find ten vulnerabilities in published software. [46] The 25 students discovered 44 vulnerabilities, and the class published security advisories about the issues. [46]

See also

Related Research Articles

In cryptography, key size or key length refers to the number of bits in a key used by a cryptographic algorithm.

Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys to provide equivalent security, compared to cryptosystems based on modular exponentiation in Galois fields, such as the RSA cryptosystem and ElGamal cryptosystem.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security. There are many kinds of public-key cryptosystems, with different security goals, including digital signature, Diffie-Hellman key exchange, public-key key encapsulation, and public-key encryption.

Articles related to cryptography include:

In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography.

NTRU is an open-source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It consists of two algorithms: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. Unlike other popular public-key cryptosystems, it is resistant to attacks using Shor's algorithm. NTRUEncrypt was patented, but it was placed in the public domain in 2017. NTRUSign is patented, but it can be used by software under the GPL.

<span class="mw-page-title-main">Nothing-up-my-sleeve number</span> Cryptography number with no hidden properties

In cryptography, nothing-up-my-sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties. They are used in creating cryptographic functions such as hashes and ciphers. These algorithms often need randomized constants for mixing or initialization purposes. The cryptographer may wish to pick these values in a way that demonstrates the constants were not selected for a nefarious purpose, for example, to create a backdoor to the algorithm. These fears can be allayed by using numbers created in a way that leaves little room for adjustment. An example would be the use of initial digits from the number π as the constants. Using digits of π millions of places after the decimal point would not be considered trustworthy because the algorithm designer might have selected that starting point because it created a secret weakness the designer could later exploit—though even with natural-seeming selections, enough entropy exists in the possible choices that the utility of these numbers has been questioned.

Poly1305 is a universal hash family designed by Daniel J. Bernstein in 2002 for use in cryptography.

<span class="mw-page-title-main">Salsa20</span> Stream ciphers

Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. ChaCha is a modification of Salsa20 published in 2008. It uses a new round function that increases diffusion and increases performance on some architectures.

In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security and designed for use with the Elliptic-curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software.

Lattice-based cryptography is the generic term for constructions of cryptographic primitives that involve lattices, either in the construction itself or in the security proof. Lattice-based constructions support important standards of post-quantum cryptography. Unlike more widely used and known public-key schemes such as the RSA, Diffie-Hellman or elliptic-curve cryptosystems — which could, theoretically, be defeated using Shor's algorithm on a quantum computer — some lattice-based constructions appear to be resistant to attack by both classical and quantum computers. Furthermore, many lattice-based constructions are considered to be secure under the assumption that certain well-studied computational lattice problems cannot be solved efficiently.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between resolvers and authoritative servers.

Mbed TLS is an implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. It is distributed under the Apache License version 2.0. Stated on the website is that Mbed TLS aims to be "easy to understand, use, integrate and expand".

Post-quantum cryptography (PQC), sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant, is the development of cryptographic algorithms that are currently thought to be secure against a cryptanalytic attack by a quantum computer. Most widely-used public-key algorithms rely on the difficulty of one of three mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm or even faster and less demanding alternatives.

wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS written in the C programming language. It includes SSL/TLS client libraries and an SSL/TLS server implementation as well as support for multiple APIs, including those defined by SSL and TLS. wolfSSL also includes an OpenSSL compatibility interface with the most commonly used OpenSSL functions.

In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature schemes without sacrificing security. It was developed by a team including Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. The reference implementation is public-domain software.

NaCl is a public domain, high-speed software library for cryptography.

A Secure Shell fingerprint record is a type of resource record in the Domain Name System (DNS) which identifies SSH keys that are associated with a host name. The acquisition of an SSHFP record needs to be secured with a mechanism such as DNSSEC for a chain of trust to be established.

In cryptographic protocol design, cryptographic agility or crypto-agility is the ability to switch between multiple cryptographic primitives.

References

  1. 1 2 3 Bernstein, Daniel J. "Curriculum vitae" (PDF). cr.yp.to. Retrieved 20 March 2019.
  2. "CASA team list with Bernstein being a part of it". web.archive.org. 2023-12-18. Archived from the original on 2023-12-18. Retrieved 2024-11-16.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  3. "Team CASA" . Retrieved 16 November 2024.
  4. "Ruhr University Bochum and other places". ResearchGate. 2023-12-08. Retrieved 2024-12-09.
  5. "New Yorkers Excel In Contest". New York Times. 1987-01-21. Retrieved November 9, 2008.
  6. "TWO GIRLS WIN WESTINGHOUSE COMPETITION". New York Times. 1987-01-21. Retrieved March 14, 2011.
  7. L. F. Klosinski; G. L. Alexanderson; L. C. Larson (Oct 1988). "The William Lowell Putnam Mathematical Competition". The American Mathematical Monthly. Vol. 95, no. 8. pp. 717–727. JSTOR   2322251.
  8. L. F. Klosinski; G. L. Alexanderson; L. C. Larson (Oct 1989). "The William Lowell Putnam Mathematical Competition". The American Mathematical Monthly. Vol. 96, no. 8. pp. 688–695. JSTOR   2324716.
  9. Koops, Bert-Jaap (August 2004). "Crypto Law Survey - Overview per country". Bert-Jaap Koops homepage. Retrieved 2019-03-21.
  10. Dame-Boyle, Alison (2015-04-16). "EFF at 25: Remembering the Case that Established Code as Speech". Electronic Frontier Foundation. Retrieved 2019-03-21.
  11. Cassidy, Peter (1996-06-01). "Reluctant Hero". Wired. ISSN   1059-1028 . Retrieved 2019-03-21.
  12. "Plaintiff's Notice Of Substitution of Counsel" (PDF). 2002-10-07. Retrieved 2019-03-20.
  13. Murenin, Constantine A. (2014-04-30). Soulskill (ed.). "OpenSSH No Longer Has To Depend On OpenSSL". Slashdot . Retrieved 2014-12-26.
  14. Murenin, Constantine A. (2014-01-19). Soulskill (ed.). "OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto". Slashdot . Retrieved 2014-12-27.
  15. Bernstein, Daniel J.; Lange, Tanja (2017-01-22). "SafeCurves: choosing safe curves for elliptic-curve cryptography" . Retrieved 2019-03-20.
  16. Maxwell, Gregory (September 8, 2013). "[tor-talk] NIST approved crypto in Tor?" . Retrieved 2015-05-20.
  17. "SafeCurves: Rigidity". safecurves.cr.yp.to. Retrieved 2015-05-20.
  18. "The NSA Is Breaking Most Encryption on the Internet - Schneier on Security". www.schneier.com. Retrieved 2015-05-20.
  19. A. Langley; W. Chang; N. Mavrogiannopoulos; J. Strombergson; S. Josefsson (2015-12-16). "ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)". Internet Draft .
  20. iOS Security Guide
  21. Corbet, Jonathan. "Replacing /dev/urandom". Linux Weekly News. Retrieved 2016-09-20.
  22. Miller, Damien (2016-05-03). "ssh/PROTOCOL.chacha20poly1305". Super User's BSD Cross Reference: PROTOCOL.chacha20poly1305. Retrieved 2016-09-07.
  23. Murenin, Constantine A. (2013-12-11). Unknown Lamer (ed.). "OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein". Slashdot . Retrieved 2016-09-07.
  24. Roger Dingledine & Nick Mathewson. "Tor's Protocol Specifications - Blog" . Retrieved 20 December 2014.
  25. Daniel J. Bernstein. "MCS 590, High-Speed Cryptography, Spring 2005". Authenticators and signatures. Retrieved September 23, 2005.
  26. Daniel J. Bernstein (2004-04-17). "Cache timing attacks on AES" (PDF). cr.yp.to.
  27. Steve Babbage; Christophe De Canniere; Anne Canteaut; Carlos Cid; Henri Gilbert; Thomas Johansson; Matthew Parker; Bart Preneel; Vincent Rijmen; Matthew Robshaw. "The eSTREAM Portfolio" (PDF). Archived from the original (PDF) on August 13, 2012. Retrieved April 28, 2010.
  28. Bernstein, Daniel J.; Buchmann, Johannes; Dahmen, Erik, eds. (2009). Post-Quantum Cryptography. Berlin Heidelberg: Springer-Verlag. doi:10.1007/978-3-540-88702-7. ISBN   978-3-540-88701-0. S2CID   24166515.
  29. Bauer, Michael D. (2005). Linux Server Security. "O'Reilly Media, Inc.". pp. 172–173. ISBN   978-0-596-00670-9.
  30. Hagen, William von (2007-03-26). Ubuntu Linux Bible. John Wiley & Sons. p. 769. ISBN   978-0-470-12454-3.
  31. Binnie, Chris. "Lighten Your DNS Load with TinyDNS". ADMIN Magazine. Retrieved 2019-03-21.
  32. Georgi Guninski (2005-05-31). "Georgi Guninski security advisory #74, 2005" . Retrieved September 23, 2005.
  33. James Craig Burley (2005-05-31). "My Take on Georgi Guninski's qmail Security Advisories". Archived from the original on 2007-08-25. Retrieved 2007-08-24.
  34. Daniel J. Bernstein (2009-03-04). "djbdns<=1.05 lets AXFRed subdomains overwrite domains". Archived from the original on 2009-03-05. Retrieved 2009-03-04.
  35. Daniel J. Bernstein. "High-speed cryptography".
  36. "Internet Mail 2000". cr.yp.to. Archived from the original on 25 January 2023. Retrieved 13 March 2023.
  37. Yigit, Ozan. "String hash functions".
  38. "Hash function constants selection discussion".
  39. "cdb".
  40. Daniel J. Bernstein (2001-11-09). "Circuits for integer factorization: a proposal". cr.yp.to.
  41. Arjen K. Lenstra; Adi Shamir; Jim Tomlinson; Eran Tromer (2002). "Analysis of Bernstein's Factorization Circuit". Proc. Asiacrypt. LNCS 2501: 1–26.
  42. https://sphincs.cr.yp.to/ [ bare URL ]
  43. "NIST Announces First Four Quantum-Resistant Cryptographic Algorithms". NIST. 2022-07-05.
  44. Computer Security Division, Information Technology Laboratory (2017-01-03). "Selected Algorithms 2022 - Post-Quantum Cryptography | CSRC | CSRC". CSRC | NIST. Retrieved 2024-03-27.
  45. "Post-quantam RSA" (PDF). cr.yp.to. Retrieved June 11, 2024.
  46. 1 2 Lemos, Robert (2004-12-16). "Students uncover dozens of Unix software flaws". CNET. Retrieved 2019-03-21.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.