Matthew D. Green

Last updated
Matthew Daniel Green
Matthew Green.jpeg
Matthew Green
Born
Hanover, New Hampshire, United States
CitizenshipAmerican
Alma mater Johns Hopkins University
Oberlin College
Known for Zerocoin, Zerocash, TrueCrypt Audit, Sealance
Scientific career
Fields Computer Science
Cryptography
Institutions Johns Hopkins University

Matthew Daniel Green (born 1976) is an American cryptographer and security technologist. Green is an Associate Professor of Computer Science at the Johns Hopkins Information Security Institute. He specializes in applied cryptography, privacy-enhanced information storage systems, anonymous cryptocurrencies, elliptic curve crypto-systems, and satellite television piracy. He is a member of the teams that developed the Zerocoin anonymous cryptocurrency [1] and Zerocash. [2] He has also been influential in the development of the Zcash system. He has been involved in the groups that exposed vulnerabilities in RSA BSAFE, [3] Speedpass and E-ZPass. [4] Green lives in Baltimore, MD with his wife, Melissa, 2 children and 2 miniature dachshunds.

Contents

Education

Green received a B.S. from Oberlin College (Computer Science), a B.M. from Oberlin College (Electronic Music), a Master's from Johns Hopkins University (Computer Science), and a PhD from Johns Hopkins University (Computer Science). His dissertation was titled "Cryptography for Secure and Private Databases: Enabling Practical Data Access without Compromising Privacy".

Blog

Green is the author of the blog, "A Few Thoughts on Cryptographic Engineering". In September 2013, a blog post by Green summarizing and speculating on NSA's programs to weaken cryptography, titled "On the NSA", was controversially taken down by Green's academic dean at Johns Hopkins for "contain[ing] a link or links to classified material and also [using] the NSA logo". [5] As Ars Technica notes, this was "a strange request on its face", as this use of the NSA logo by Green was not "reasonably calculated to convey the impression that such use is approved, endorsed, or authorized by the National Security Agency", and linking classified information published by news organizations is legally entirely uncontroversial. The university later apologized to Green, and the blog post was restored (sans NSA logo), with a Johns Hopkins spokesman saying that "I'm not saying that there was a great deal of legal analysis done" as explanation for the legally unmotivated takedown. [6]

In addition to general blog posts about NSA, encryption, and security, Green's blog entries on NSA's backdoor in Dual_EC_DRBG, and RSA Security's usage of the backdoored cryptographically secure pseudorandom number generator (CSPRNG), have been widely cited in the mainstream news media. [7] [8] [9] [10] [11]

Work

Green currently holds the position of Associate Professor at the Johns Hopkins Information Security Institute. He teaches courses pertaining to practical cryptography.

Green is part of the group which developed Zerocoin, an anonymous cryptocurrency protocol. [12] [13] [14] [15] [16] Zerocoin is a proposed extension to the Bitcoin protocol that would add anonymity to Bitcoin transactions. Zerocoin provides anonymity by the introduction of a separate zerocoin cryptocurrency that is stored in the Bitcoin block chain. Though originally proposed for use with the Bitcoin network, zerocoin could be integrated into any cryptocurrency. His research team has exposed flaws in more than one third of SSL/TLS encrypted web sites as well as vulnerabilities in encryption technologies, including RSA BSAFE, Exxon/Mobil Speedpass, E-ZPass, and automotive security systems. In 2015, Green was a member of the research team that identified the Logjam vulnerability in the TLS protocol.

Green started his career in 1999 at AT&T Laboratories in Florham Park, New Jersey. At AT&T Labs he worked on a variety of projects including audio coding/secure content distribution, streaming video and wireless localization services. As a graduate student he co-founded Independent Security Evaluators (ISE) with two fellow students and Avi Rubin in 2005. Green served as CTO of ISE until his departure in 2011. He also co-founded Security Companies: Zeutro and Sealance.

Green is a member of the technical advisory board for the Linux Foundation Core Infrastructure Initiative, formed to address critical Internet security concerns in the wake of the Heartbleed security bug disclosed in April 2014 in the OpenSSL cryptography library. He sits on the technical advisory boards for CipherCloud, Overnest and Mozilla Cybersecurity Delphi. Green co-founded and serves on the Board for Directors of the Open Crypto Audit Project (OCAP), which undertook a security audit of the TrueCrypt software. [17] [18]

See also

Related Research Articles

A cypherpunk is any individual advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since at least the late 1980s and early 1990s.

Articles related to cryptography include:

<span class="mw-page-title-main">David Chaum</span> American computer scientist and cryptographer (born 1955)

David Lee Chaum is an American computer scientist, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of digital cash. His 1982 dissertation "Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups" is the first known proposal for a blockchain protocol. Complete with the code to implement the protocol, Chaum's dissertation proposed all but one element of the blockchain later detailed in the Bitcoin whitepaper. He has been referred to as "the father of online anonymity", and "the godfather of cryptocurrency".

<span class="mw-page-title-main">RSA Security</span> American computer security company

RSA Security LLC, formerly RSA Security, Inc. and trade name RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rivest, Adi Shamir and Leonard Adleman, after whom the RSA public key cryptography algorithm was also named. Among its products is the SecurID authentication token. The BSAFE cryptography libraries were also initially owned by RSA. RSA is known for incorporating backdoors developed by the NSA in its products. It also organizes the annual RSA Conference, an information security conference.

In cryptography, a zero-knowledge proof is a protocol in which one party can convince another party that some given statement is true, without conveying to the verifier any information beyond the mere fact of that statement's truth. The intuition underlying zero-knowledge proofs is that it is trivial to prove possession of the relevant information simply by revealing it; the hard part is to prove this possession without revealing this information.

<span class="mw-page-title-main">Adam Back</span> British cryptographer and cypherpunk (born 1970)

Adam Back is a British cryptographer and cypherpunk. He is the CEO of Blockstream, which he co-founded in 2014. He invented Hashcash, which is used in the Bitcoin mining process.

Dual_EC_DRBG is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public criticism, including the public identification of the possibility that the National Security Agency put a backdoor into a recommended implementation, it was, for seven years, one of four CSPRNGs standardized in NIST SP 800-90A as originally published circa June 2006, until it was withdrawn in 2014.

<span class="mw-page-title-main">Moti Yung</span> Israeli computer scientist

Mordechai M. "Moti" Yung is a cryptographer and computer scientist known for his work on cryptovirology and kleptography.

Zerocoin is a privacy protocol proposed in 2013 by Johns Hopkins University professor Matthew D. Green and his graduate students, Ian Miers and Christina Garman. It was designed as an extension to the Bitcoin protocol that would improve Bitcoin transactions' anonymity by having coin-mixing capabilities natively built into the protocol. Zerocoin is not currently compatible with Bitcoin.

<span class="mw-page-title-main">Bullrun (decryption program)</span> Code name of a decryption program run by the NSA

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

Dell BSAFE, formerly known as RSA BSAFE, is a FIPS 140-2 validated cryptography library, available in both C and Java. BSAFE was initially created by RSA Security, which was purchased by EMC and then, in turn, by Dell. When Dell sold the RSA business to Symphony Technology Group in 2020, Dell elected to retain the BSAFE product line. BSAFE was one of the most common encryption toolkits before the RSA patent expired in September 2000. It also contained implementations of the RCx ciphers, with the most common one being RC4. From 2004 to 2013 the default random number generator in the library was a NIST-approved RNG standard, widely known to be insecure from at least 2006, containing a kleptographic backdoor from the American National Security Agency (NSA), as part of its secret Bullrun program. In 2013 Reuters revealed that RSA had received a payment of $10 million to set the compromised algorithm as the default option. The RNG standard was subsequently withdrawn in 2014, and the RNG removed from BSAFE beginning in 2015.

The tables below compare cryptography libraries that deal with cryptography algorithms and have application programming interface (API) function calls to each of the supported features.

<span class="mw-page-title-main">Crypto Wars</span> Attempts to limit access to strong cryptography

Attempts, unofficially dubbed the "Crypto Wars", have been made by the United States (US) and allied governments to limit the public's and foreign nations' access to cryptography strong enough to thwart decryption by national intelligence agencies, especially the National Security Agency (NSA).

FREAK is a security exploit of a cryptographic weakness in the SSL/TLS protocols introduced decades earlier for compliance with U.S. cryptography export regulations. These involved limiting exportable software to use only public key pairs with RSA moduli of 512 bits or fewer, with the intention of allowing them to be broken easily by the National Security Agency (NSA), but not by other organizations with lesser computing resources. However, by the early 2010s, increases in computing power meant that they could be broken by anyone with access to relatively modest computing resources using the well-known Number Field Sieve algorithm, using as little as $100 of cloud computing services. Combined with the ability of a man-in-the-middle attack to manipulate the initial cipher suite negotiation between the endpoints in the connection and the fact that the finished hash only depended on the master secret, this meant that a man-in-the-middle attack with only a modest amount of computation could break the security of any website that allowed the use of 512-bit export-grade keys. While the exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s.

Monero is a cryptocurrency which uses a blockchain with privacy-enhancing technologies to obfuscate transactions to achieve anonymity and fungibility. Observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.

Wei Dai is a computer engineer known for contributions to cryptography and cryptocurrencies. He developed the Crypto++ cryptographic library, created the b-money cryptocurrency system, and co-proposed the VMAC message authentication algorithm.

<span class="mw-page-title-main">Zcash</span> Cryptocurrency aimed at privacy

Zcash is a privacy-focused cryptocurrency which is based on Bitcoin's codebase. It shares many similarities, such as a fixed total supply of 21 million units.

<span class="mw-page-title-main">Firo (cryptocurrency)</span> Cryptocurrency

Firo, formerly known as Zcoin, is a cryptocurrency aimed at using cryptography to provide better privacy for its users compared to other cryptocurrencies such as Bitcoin.

A cryptocurrency wallet is a device, physical medium, program or an online service which stores the public and/or private keys for cryptocurrency transactions. In addition to this basic function of storing the keys, a cryptocurrency wallet more often offers the functionality of encrypting and/or signing information. Signing can for example result in executing a smart contract, a cryptocurrency transaction, identification, or legally signing a 'document'.

<span class="mw-page-title-main">George Danezis</span> Computer scientist

George Danezis, FBCS is a computer scientist and Professor of Security and Privacy Engineering at the Department of Computer Science, University College London where he is part of the Information Security Research Group, and a fellow at the Alan Turing Institute. He co-founded Chainspace, a sharded smart contract platform, and was Head of Research before it was acquired by Facebook. After leaving Facebook he co-founded MystenLabs and is one of the designers of the Sui Blockchain. He currently works part-time as a Professor at University College London and as Chief Scientist at MystenLabs.

References

  1. Miers, I.; Garman, C.; Green, M.; Rubin, A. D. (May 2013). "Zerocoin: Anonymous Distributed E-Cash from Bitcoin". 2013 IEEE Symposium on Security and Privacy (PDF). IEEE Computer Society Conference Publishing Services. pp. 397–411. doi:10.1109/SP.2013.34. ISBN   978-0-7695-4977-4. ISSN   1081-6011. S2CID   9194314.
  2. "Zerocash: Decentralized Anonymous Payments from Bitcoin" (PDF). Zerocash-project.org. Retrieved 2016-05-13.
  3. "On the Practical Exploitability of Dual EC in TLS Implementations" (PDF). Dualec.org. Retrieved 2016-05-13.
  4. Schwartz, John (29 January 2005). "Graduate Cryptographers Unlock Code of 'Thiefproof' Car Key". The New York Times . Retrieved 2016-05-13.
  5. Nate Anderson (2013-09-09). "Crypto prof asked to remove NSA-related blog post". Ars Technica. Retrieved 2016-05-13.
  6. Nate Anderson (2013-09-10). "University apologizes for censoring crypto prof over anti-NSA post". Ars Technica. Retrieved 2016-05-13.
  7. Fink, Erica (2013-06-07). "Prism: What the NSA could know about you - Video - Technology". Money.cnn.com. Retrieved 2016-05-13.
  8. Perlroth, Nicole; Larson, Jeff; Shane, Scott (5 September 2013). ".S.A. Able to Foil Basic Safeguards of Privacy on Web". The New York Times . Retrieved 2016-05-13.
  9. "How the N.S.A. Cracked the Web". The New Yorker . 2013-09-06. Retrieved 2016-05-13.
  10. "Behind iPhone's Critical Security Bug, a Single Bad 'Goto'". WIRED. 2014-02-22. Retrieved 2016-05-13.
  11. Joshua Brustein (2014-04-09). "Why Heartbleed, the Latest Cybersecurity Scare, Matters - Bloomberg". Businessweek.com. Archived from the original on April 9, 2014. Retrieved 2016-05-13.
  12. "Hopkins researchers are creating an alternative to Bitcoin - tribunedigital-baltimoresun". Articles.baltimoresun.com. 2014-02-01. Retrieved 2016-05-13.
  13. "Bitcoin Anonymity Upgrade Zerocoin To Become An Independent Cryptocurrency". Forbes.com. Retrieved 2016-05-13.
  14. "Researchers Work to Add More Anonymity to Bitcoin". The New York Times . 19 November 2013. Retrieved 2016-05-13.
  15. Peck, Morgen E. (2013-10-24). "Who's Who in Bitcoin: Zerocoin Hero Matthew Green - IEEE Spectrum". IEEE . Retrieved 2016-05-13.
  16. "'Zerocoin' Add-on For Bitcoin Could Make It Truly Anonymous And Untraceable". Forbes.com. Retrieved 2016-05-13.
  17. "Technical Advisory Board". Open Crypto Audit Project. Retrieved 30 May 2014.
  18. White, Kenneth; Green, Matthew. "Is TrueCrypt Audited Yet?". Istruecryptaudiedyet.com. Retrieved 30 May 2014.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.