Cryptography Guru Paul Kocher Speaks Out

Cryptography Research Inc. President Paul Kocher talks about how the copy-protection debate is missing the point.

SAN FRANCISCO—As the wave of acquisitions in the security industry continues to mold innovation and original thought into a gray mass of sameness and me-too product offerings, successful, independent security companies are fast becoming a dying breed. One of the few holdouts in this arena is Cryptography Research Inc., a small San Francisco-based company that tackles difficult cryptographic issues for a variety of high-end clients. The company is currently working on a new copy-protection scheme for digital content that enables content owners to control how the content is used. Paul Kocher, the companys president, is considered one of the rising stars in the world of cryptography, thanks to his design for the SSL v3.0 protocol and development of a timing attack on the RSA algorithm. Senior Editor Dennis Fisher sat down with Kocher and Benjamin Jun, the companys vice president, at the RSA Conference last week to discuss the new technology and why the current argument over mandated copy protection is moot.

eWEEK: Can you tell me a bit about how your company is different from most security companies?

Kocher: Our focus is to solve the hardest security problems that people have. We do a lot of work with Hollywood studios. There have been a lot of technologically poor proposals [regarding digital piracy] that are in a lot of ways the worst of all worlds. They not only dont solve the problem, they make it worse. We dont build products or write huge pieces of software, but we can tackle the really hard problems. We only have eight people, but its a small shop of really bright people.

eWEEK: Well, there probably arent that many people who have the kind of knowledge that you need.

Kocher: Yeah, we do see cryptography as a people problem and a technical problem. Almost all of the technical problems in a cryptosystem are the result of two people who designed different blocks and didnt communicate with each other and then tried to put them together.

Jun: Some of the people who weve hired, we hired for one reason and then it turns out that they have a lot of knowledge in another very specialized area that we werent that excited about until we found an application for it.

eWEEK: Do you see yourselves as having any direct competitors?

Kocher: I dont know. Theres so much work to be done. The size of the problem out there divided by the number of people working on it means that theres a lot of work out there. There could be 50 times as many people working on it and our focus still wouldnt be competitive.

Jun: Research is about failure. You try to get through all of the wrong answers as quickly as possible so you can get to the right one. We try to fail as quickly as possible, if that makes sense.

eWEEK: What would be the next big problem for you guys to tackle? Is quantum cryptography something that youre interested in? I know theres already been some successful work on quantum key generation.