a16z Podcast - a16z Podcast: Crypto, Security, CS, Quantum Computing, and More with Our New Professor-in-Residence
Episode Date: September 5, 2015Many of the most successful companies have their foundations in university labs -- from data science to the web browser itself. Yet the process of moving from research project to successful startup is...n't always straightforward. With the goal of smoothing this process and continuing to bridge entrepreneurs across academia and industry, we began the a16z Professor-in-Residence program just last year. And this year's newly anointed Andreessen Horowitz Distinguished Visiting Professor of Computer Science is Dan Boneh, Professor of Computer Science and Electrical Engineering at Stanford University as well as Co-director of the Stanford Computer Security Lab. In this episode of the a16z Podcast, we sit down with Boneh to chat about applied vs. theoretical math and computer science; what's missing and what's next with "usable" security (including various authentication approaches); and current and future trends in cryptography, bitcoin, and more. Boneh also shares his thoughts on MOOCs (massive open online courses) as the "21st century version of the textbook". Oh, and on when quantum computing will finally happen... and why we should (and shouldn't!) freak out about it. Yet. The views expressed here are those of the individual AH Capital Management, L.L.C. (“a16z”) personnel quoted and are not the views of a16z or its affiliates. Certain information contained in here has been obtained from third-party sources, including from portfolio companies of funds managed by a16z. While taken from sources believed to be reliable, a16z has not independently verified such information and makes no representations about the enduring accuracy of the information or its appropriateness for a given situation. This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. You should consult your own advisers as to those matters. References to any securities or digital assets are for illustrative purposes only, and do not constitute an investment recommendation or offer to provide investment advisory services. Furthermore, this content is not directed at nor intended for use by any investors or prospective investors, and may not under any circumstances be relied upon when making a decision to invest in any fund managed by a16z. (An offering to invest in an a16z fund will be made only by the private placement memorandum, subscription agreement, and other relevant documentation of any such fund and should be read in their entirety.) Any investments or portfolio companies mentioned, referred to, or described are not representative of all investments in vehicles managed by a16z, and there can be no assurance that the investments will be profitable or that other investments made in the future will have similar characteristics or results. A list of investments made by funds managed by Andreessen Horowitz (excluding investments and certain publicly traded cryptocurrencies/ digital assets for which the issuer has not provided permission for a16z to disclose publicly) is available at https://a16z.com/investments/. Charts and graphs provided within are for informational purposes solely and should not be relied upon when making any investment decision. Past performance is not indicative of future results. The content speaks only as of the date indicated. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in these materials are subject to change without notice and may differ or be contrary to opinions expressed by others. Please see https://a16z.com/disclosures for additional important information.
Transcript
Discussion (0)
The content here is for informational purposes only, should not be taken as legal business, tax, or investment advice, or be used to evaluate any investment or security and is not directed at any investors or potential investors in any A16Z fund. For more details, please see A16Z.com slash disclosures.
Hi, everyone. Welcome to the A6NZ podcast. I'm Sonal, and Michael and I today are interviewing Dan Bonnet, who is our new professor and residence at Andries & Horowitz.
And for those of you don't know about this, for the first time ever, we had a professor in residence last year.
And it was a new initiative for us as a way of bridging ties between academia, industry, startups,
because the reality is that some of the best and most interesting ideas are coming out of,
and the long-term thinking ideas are coming out of universities.
Welcome, Dan.
Thanks. It's a pleasure to be here.
You're our second professor in residence, but what are you a professor of?
Ah. Yeah, so I'm a professor of computer science at Stanford University. My area of research is computer security and cryptography. I've been at Stanford now for 18 years. I teach mostly computer security and cryptography classes, and it's a fantastic area to be working in. There's lots of interest in this from industry now, from obviously even in the policy circles. It's hard to believe. But even the president came, President Obama, came to campus a few months ago.
and he was talking about computer security.
I couldn't believe it, but the president was talking about things like malware and keyboard
loggers.
You say you couldn't believe that.
Is that because the political environment has changed for obvious reasons with the Snowden
revelations and everything that came down after that?
Or is that just unusual for other reasons?
I think Snowden might be actually a small part of it.
I think the bigger issue is that more and more of our lives are going online.
And as more of our data is available on computers, it's obviously also available to be hacked and stolen.
And so computer security has kind of become part of our daily lives these days.
Every time there's a breach, people lose a lot of personal information.
And so the public focus and public interest in computer security has just exploded over the last couple of years.
And the prediction is that it's only going to get even more interesting and, you know, it's going to get worse before it gets better.
Why will it get more interesting?
Is it because of the devices and computing moving into everything or other?
Yeah, we are more and more reliant on computers.
there are more and more devices that we all possess and own.
We're moving into this environment where we're internet of things
where we're going to be covered with sensors
that measure all sorts of information about us.
And all that information is being sent to the cloud,
as long as the more information about us is being collected
in a central location, the more likely or potentially bigger targets
that repository becomes.
And again, every time there's a data breach,
more and more information is being revealed.
And the public really pays attention.
So that has real impact on the public's perception and the public's privacy.
And so there's just a lot, tremendous amount of interest in computer security, and it's going to grow over time.
You speak of the impact on the public, but what's the impact been on your kind of wheelhouse there at the university?
You know, both in terms of, you know, you mentioned the president coming to visit, but companies, who's coming, who's knocking on your door now, both in terms of, you know, outside Stanford, but all.
also, you know, the students and kind of their areas of interest. Like, how, how is that shifting
as, again, this becomes more and more important? So first of all, the major, the computer
science major at Stanford is exploding in the sense that we are now the largest major on campus
and it's continuing to grow. It's kind of interesting that we're even the largest,
either largest or second largest major for women on campus. So if you literally count number
of women, computer science is now either the first.
the largest or the second largest on campus.
Are people also doing other majors in addition to computer science?
Like, is it sort of becoming where computer science is like the new, like, English
or everyone does English and something else?
Or is it like that?
They're computer science majors.
So they're primarily doing computer science.
But we did just start a new effort called computer science plus X.
So computer science is kind of slowly taking over the world, right?
I mean, software is everywhere these days.
You can't do English without software.
You can't do music without software.
You can't do literature.
Everything is involving software.
these days. So our computer science is kind of expanding. And so we just launched this new effort
called computer science plus X, CS plus X, where students can be computer science majors, but they
would also major in another discipline. So one of my undergrad students, for example, it does
computer science plus Slavic studies. So just to show you that it's kind of an interaction
of computer science with lots and lots of different areas around campus. Interesting. So linguistics,
it could be biology. It could be just anything, really. Absolutely. Absolutely. So computer science
plus, you know, things in them in the, basically almost anything in the humanities.
Right.
So what are some of the other shifts that you've seen besides that?
Yeah.
So within computer science, I can say that computer security is definitely something that a lot of
students are fascinated and interested by.
And just to give one example, Mike, our computer security class, the one that I teach,
is an elective class.
And it's also been growing tremendously.
Just this last time I taught it, it had over 300 students.
So it's a lot of fun.
These are brilliant students, really smart, and there are a lot of fun to teach.
And so you can imagine that having an elective class that that's big is kind of really showing
where the level of interest that students have in the topic.
You are described as an applied cryptographer.
Where does the applied come as opposed to not applying it to anything or just the theory of cryptography?
Yeah, so I work on computer security and cryptography, and cryptography is actually the science of encryption, basically.
How do we communicate securely with one another?
And it's a very, very broad area.
There are parts of cryptography that are being deployed and used every day.
Every time you connect to Google, you're using cryptography to set up a secure connection,
an encrypted connection between you and Google.
So there are parts of cryptography that are extremely applied and used by billions of people every day.
If only they knew they were using actually fairly sophisticated math in setting up those secure connections,
it's actually quite fascinating to me that areas of mathematics that have been completely pure
and study only for intellectual curiosity are now being used by billions of people every day
to set up secure connections across the Internet.
So that would be more of the applied part of crypto.
Cryptography also has a theoretical side of it which asks basic questions like what are the
minimal set of assumptions we need to have in order to set up a secure channel between the two of us.
and typically those kind of
if you want to minimize the set of
the set of assumptions that you use
you might not end up with the most efficient systems
that are possible
and so those are
more proofs of concept
they're not directly deployed
and so as I said
it's a very very broad area
of research spanning all the way
from applications to mathematics
to theory to algorithms
to complexity theory and so on
so it's really quite a
broad space
and as I say, it's a fascinating area to work in.
It's one of the few areas I have to say where you can do deep mathematics
and at the same time it would be extremely applied
and deployed and used by billions of people all over the world.
So the applied part of it.
Well, I think we'd like to pick on that thread a little bit more
because the fact that you're a professor in residence
is interesting in that context
because it's sort of the intersection of like ivory tower.
I mean, not that anyone would probably call Stanford ivory tower
because it's always had this history of people coming in out of the university.
But it is sort of this intersection of university, industry, you know, business, government, funding, all of that stuff.
Like, how do you see the role that you play in that and Stanford as well?
Like, where does that sort of all play out?
So the students to Stanford have always been extremely entrepreneurial.
So it happens a lot that they come and do research projects with us, and those research projects turn into companies.
It's happened to me twice in the past already.
Oh, wow, really?
Indeed.
How can you tell, by the way, if it's at a research project stage?
Like, what can you tell, like, what makes it a promising potential company by looking at a research project?
Are there things that you look for or you notice, like, wow, that's going to be really interesting in the future?
Well, I have to say that a lot of it comes from experience, but, you know, the rule of thumb is if it solves a problem that the world really wants to solve and no one has solved so far, it's probably a research project that's going to turn into a company.
Right.
Are there skills that you think that the students who have really neat research project ideas?
that could make promising startups don't have.
And I don't mean that in a negative way, but it's more like, what are the missing pieces there?
So, for example, like design.
So much of, you know, cryptography touching our lives or any aspect of security touching
our lives is about the usability of it.
Because there's a lot of things we simply don't do because they're hard to do.
Yeah, I think that's a really important point that is very often ignored.
That you could have the best technology, but if it's not wrapped in a nice user interface
that people have fun and, you know, they're comfortable using,
it's never going to get deployed.
Exactly.
It's never going to work.
I mean, let's talk about second factor authentication.
Yeah, so second factor authentication is an area that's close to my heart.
So today, traditionally, when we authenticate to websites, we typically just use passwords.
And as we all know, passwords are incredibly insecure.
A, we generally, we choose humans, generally choose relatively weak passwords that are not that
difficult to guess.
And B, it's actually not that hard to extract someone's password using.
attacks called fishing attacks.
Someone can easily fool you into typing in your password where you're not supposed to,
and in doing that, they will have extracted the password from you.
Well, it's actually gotten even more sophisticated, right?
Because we've talked about spearfishing where people actually figure out who you are almost,
like, based on your social network profiles, and then actually cloak and attack,
kind of using the words as if you're someone you know.
Absolutely.
Without any misspellings, because that's how you used to tell if it's an actual fishing attack.
Absolutely.
Fishing attacks, actually, we'll go ahead and kind of draw a wide net and recover
passwords from lots of random people. If you want to target a particular individual that you want to
extract their password, you would use what's called a spearfishing attack where you actually
gather information around them. And typically, you would just send them an email saying, you know,
here's a video of you and the email is coming from your best friend. You know, most people will
click and fairly frequently they'll end up revealing their password. So passwords by themselves,
we know, are quite problematic as the only token for authentication. And so what's proposed is
basically to use what's called second factor authentication. Typically, the way second factor
authentication is implemented today is using a smartphone. The smartphone is the second factor.
So the smartphone will either present a six-digit pin that the user types in. Some companies
will text a message and that will be typed in. More recent startups actually are working on
things like where you just press a button and on your phone and in doing that you confirm a login.
All those are wonderful second factor mechanisms. So,
I'm a big fan of actually making those more usable.
Unfortunately, today, all second-factor authentication schemes
are essentially based on, well, the smartphone.
And what happens if you only interact with a website through your smartphone, right?
So, in fact, we're hearing more and more people that the only way they interact with specific websites,
say with their bank or with their e-commerce site is specifically on their phone.
Well, in that point, the phone is not exactly a second factor.
It's basically, well, it's almost like just another device.
It's the same.
It's the same. Well, actually, it's both the host device
and the device you're inputting on and the device that you're computing on and everything.
That's one problem.
The other problem is often, you know, I want to log in and maybe my phone is not next to me, right?
So maybe I left my phone in one place in one room and I'm trying to log in from another room.
The direction we'd like to go to move to is where the second factor is something that's always on the human body.
So one of the beautiful applications for smartwatches is exactly a second factor, right?
My smart watch, my watch, actually, is always on me.
If that could be used as a second factor, then that's a lot easier to use,
and you're not going to forget that at home.
Well, I could use my wringley then for second factor.
Right, I mean, you could use presumably anything that you carry with you all the time.
What I see missing, for example, is I would love to have a second factor built into my glasses.
Right.
Yeah, I mean, I wear glasses.
My glasses are on me all the time.
In fact, I can't even use my computer without my glasses.
I wear glasses too, and that would work perfectly for me,
because there are times where I don't wear a watch,
there are times where you leave your phone,
but I wouldn't be able to do anything without those.
Well, why are we still embodying the second factor in objects?
Like, why then not biometric authentication?
Like, why wouldn't that be the second or the third factor in that context?
Okay, so that's a really, really good question.
So when you say biometric, you mean something like a fingerprint.
Like a fingerprint, exactly.
So we've actually learned that fingerprints are not a very good way to authenticate people
for a number of reasons.
First of all, they're not very secret.
Every time you hold a glass of water, you're basically leaving your fingerprint on that couple of water.
I think I've seen like 10 movies where there's a scene where someone steals the fingerprints off someone based off the glass of water at a bar.
Well, you don't just have to go to Hollywood, actually.
There are people who are...
Oh, it happens in real life.
Yeah.
There are YouTube videos.
They will teach you how within five minutes you can take a glass of water, pick a fingerprint off of it, and then use that to unlock the iPhone, for example.
Oh, I actually didn't realize it was that ubiquitous.
It's actually fairly easy to do.
That's problem number one.
Problem number two is that if you fingerprint, if you suspected your fingerprint has been somehow compromised,
there's no way for you to revoke your fingerprint.
Maybe you can revoke it 10 times because you have 10 fingers.
But once you're done with your 10 fingers, you know, there's nothing, no other option for you,
I guess you can go to 20 times if you use your toes.
But generally, there's only a limited number of times you can revoke your fingerprint.
Whereas a password or a second factor in the traditional sense, you can revoke as many times as you want.
If you suspect that someone stole your password, you just change your password.
all know, and by we, I mean, both the users and the people who create these and the folks who
ask for us to register them, if we all know they're so insecure, what's keeping them so
alive and well? Is it, again, because there's no other good option? And that's what you and your
students are all working on? Well, the simple answer is inertia, right? We've all, passwords have been
invented, you know, so many, about 50 years ago, and we've all gotten accustomed to using them. At this
point, trying to get people to switch to something else is actually quite difficult.
And so second factor actually is getting some adoption.
Interestingly, there are now studies that try to estimate how many people have adopted
second factor on Gmail.
There was just a paper published last summer that claims something like 6% of Gmail users.
Six?
That's so tiny.
So actually, you say tiny, but to me, this actually sounds like a remarkable success.
Oh, really?
Getting people to adopt technology at a rate of 6% is actually.
actually quite remarkable. Yeah, these are large numbers of people already. And by the way,
these are, I should just emphasize, these are estimates based on an academic paper that did
its best to estimate the number. We don't actually know what the real number is. So our current
estimate is 6%. Some people, you know, the glass half empty folks would say, oh, it's so small
it would be second factory isn't working. The glass half full people would say, wow, six percent
out of however many hundreds of millions of users they have is a remarkable success.
So we're talking about the consumer world, but for example, here we use Octa. Octa is clearly part of our portfolio.
But can't you force people to do second factor or are, in a way that's easy, right.
Because that's easy.
Like I just authenticate once and then I have all my applications.
So like, again, that's a wonderful question.
So I can tell you that at Stanford, Stanford actually hired a fantastic CSIOs, just chief security officer.
And one of the things that he did is he mandated second factor.
access on the Stanford campus.
Now, that's a lot of people.
That's like tens of thousands of people across the Stanford campus.
And they now, when they want to log in to the university systems, they have to log in
using Second Factor.
And guess what?
I mean, there was some resistance initially, and we're still all alive.
Yeah, we're still all of the world did not stop.
You're getting all your things, right?
Everybody's using their second factor, and they're still able to do their job, and it just
works.
So definitely in a more controlled environment, it's much easier to mandate second factor.
I just wish there was a world where you don't even have to make an effort to have security.
Like, it should be effortless in my mind.
Because even though it's great that people learn technology, isn't it possible that, like, you know, I was thinking if we were talking earlier about some of the people we know in common through the park and Stanford research security research world, but I was thinking of like some of like, you know, implicit authentication or other ways of finding out, like, based on patterns of behavior that this person is really who they say they are.
Like, are there other things that we can do that we don't have to work at?
Like, I feel like I'm, I have second factor enabled, but I'm lazy.
I don't want to have to work at this.
Absolutely.
So the best security technology that has had the most impact in the world is security
technology that is invisible, that people don't even know that it's there.
I think actually encryption is a really good example of that, right?
When you connect to Google, that entire communication channel is encrypted, and you don't even
know that it's happening.
You did nothing to make it happen, and yet it's all encrypted.
Exactly.
I want more of that.
of that.
So unfortunately, well, on the one hand, there is actually a lot more that we can do,
and actually things are being done.
For example, like you mentioned implicit authentication.
The false positive rates on that are still a little too high for it to be massively
and widely used, but that is definitely a very interesting direction.
Unfortunately, though, there's only so much you can do using implicit without any explicit
user interaction.
And the reason is, again, I can always try to do as an attacker, someone.
might always try to do a social engineering attack on you by spear fishing or fishing
and if you just expect if the user just expects the system to just work and do the right thing
that can't possibly work because the attacker can make you think that what you're about to do
is secure is safe where in fact it's not so the more the attacker knows about you the easier
it is for the attacker to fool you and so users you know users we always preach this users have to be
vigilant and make sure they don't just type in their passwords or enter their second factor
whenever they're asked, they always have to think. Is that safe for me to enter my credential
here or not? And I wish there was a way to make this completely ubiquitous, so that's
completely transparent to users. But because attackers can become more and more sophisticated
over time, there will always be a need for the user to somehow think about what they do before they
do it. Right. I think ultimately this is where every security system fails. Because technology doesn't
live in a vacuum. It's in a social context.
Although I have to say the role of technology is to make it so that the only attack
that's possible on you is a social engineering attack.
But I think that's also why the CSX approach is a great one. So if it's computer scientists
who are also trained as you name, designers, you know, designers, psychologists, etc.
There's hope for us to sort of come at things in different ways.
There's a lot of room for education, for sure, for improving security. A, developers need
to become more aware of, you know, when they introduce a security vulnerability, a bug in their
code, that's going to impact a lot of people. So developers need to be aware of the need to write
secure code. That's what we try to do in our classes. But also the end user needs to be aware
that, you know, they shouldn't just trust their computer or the company or the website they're
interacting with to make them secure. Users have to be vigilant themselves. Yeah, and users have
a responsibility. Okay, so you've scared me a little bit already about second factor and how
not that many people are using it and how we're not as secure as we might like to believe we are.
Scammy with encryption.
What are you working on that, well, that are either sort of help or that I should be worried about?
You know, we kept talking about second factor authentication, but there is like a big elephant in the room,
which is that the current techniques that are used for second factor authentication make it so that
stealing the user's password does not let the attacker log in as the user.
but all these credentials, all these user credentials
are still stored in the cloud.
They're still stored in one way or another
at a central repository
at websites that the user is trying to log into.
Well, in recent years, as you know,
again and again and again, hackers don't attack
the end users or not as much
and instead they go, or in addition to,
they go and attack these central repositories.
So we've all seen the attacks on Target
where they got a whole bunch of user information,
Office of Personnel Management.
They got a whole bunch of information.
Sony attacks.
There have been many, many, many of these publicized attacks.
And many are not publicized for that.
And many not publicized, indeed.
Where the attackers actually go after central repositories
rather than going after the end users themselves.
Well, so second factor authentication helps protect the user from losing their passwords.
But it does not quite help protect the central repository
where all these credentials are stored to begin with.
So what we've been working on is actually a way to kind of get the best of both worlds
where you could have an authentication scheme that is based on second factor,
but the central repository only has sort of public information.
So even if the attacker breaks in and is able to steal this information at the central repository,
that will not help them later on log in as that user.
That's fascinating.
Interesting. Well, that makes me feel better, I have to say.
And let's actually segue a little bit to a theme you've been talking about, which is this power of math in everyone's hands.
And, you know, one of the things that people talk about when they describe technologies like Bitcoin and the blockchain is about putting your trust in math versus another intermediary and actually letting that become a form of trust.
So we'd love to hear some of your thoughts and work in the area of Bitcoin and blockchain.
Absolutely. Bitcoin is, I think, one of the exciting developments in the last couple of years.
I'm a big fan.
in fact we're just starting this fall we'll be teaching a class on bitcoin at
Stanford just an entire class devoted just to Bitcoin blockchain technologies and other
cryptocurrencies this is myself and Jobano one of my postdocs we're going to be teaching
this class together so Bitcoin is really exciting as you say the security of Bitcoin is
based on math it's based on what's called digital signatures and the mathematics that goes
into digital signatures the reason it's so exciting is first of all well it's for me
it's yet another application of crypto.
But beyond that, it's actually, A, there are lots of people in this world
who do not have access to a banking and financial system.
And Bitcoin is a fantastic way for them to continue to use currencies
without having to rely on a centralized banking system.
So the power of Bitcoin in the developing world is enormous.
And we're going to be seeing a lot of growth and factors.
there are a lot of startups going after that space.
So we're going to see growth of the use of Bitcoin in the developing world.
And that's really quite fascinating.
It really does, it really will improve the lives of the people involved.
Do you think then from your vantage point that Bitcoin adoption happens first in the
developing world because of that, because of the lack of, you know, like you say,
first world banking infrastructure, et cetera?
Well, there are many reasons why Bitcoin is being used today.
Obviously, it's used in the developed world as well, not just in the developing world.
But yeah, the reason why its appeal in the developing world is so high is exactly because it gives you a way to use money without having to rely on the required banking infrastructure, which just doesn't exist.
And like I said, there are many startups going after that space and we'll see big movements there.
So what we've been interested in in the area of Bitcoin is basically how can we help scale it up?
How can we help improve security and so on?
So I'll just maybe mention one thing that we just did recently.
Again, this is joint work with Joe Bono and some of my students.
So we have these Bitcoin exchanges, and many of them actually keep money on behalf of their customers.
So companies like Coinbase and others that actually, you know, they function as Bitcoin banks in a sense.
Well, we've had examples where these Bitcoin banks didn't do so well.
You might have heard of Mount Gox that held people's money.
and in the end, it turned out not so well.
So what we'd like to do is we'd like to kind of help Bitcoin exchanges become more transparent
and increase trust in their holdings.
So ideally what you'd like to do is basically every day an exchange could prove that the
amount of assets that it holds is more than the amount of obligations that it has.
So obligations are basically the bitcoins that it collects from its customers.
And assets are the bitcoins that it owns itself.
And you'd like it to prove that the number of Bitcoins it owns is more than a number of
Bitcoins that it holds on behalf of its customers.
That would mean that the exchange is solvent.
Right.
Yes?
Well, proving that your solvent is easy if everything was transparent.
You could just say how many Bitcoins you owe and how many Bitcoins you have.
But most companies would be reluctant to reveal that information just because that's too
that's too revealing too much information about your business.
So what we designed is basically a mechanism that allows you to prove solvency,
but do it in a way that's called zero knowledge.
So you can prove that your solvent, so an exchange, can prove that an amount of
bitcoins it has is more than the obligations that it has, but do it in a way that it reveals
nothing at all beyond the fact that it's solvent.
So by enabling that, essentially we enable these exchanges.
to every day run through this proof that they're a solvent.
Anyone who cares can then look at the proof and convince themselves that the exchange is
solvent, but there is nothing revealed, nothing personal or private is revealed in the process
of doing this proof.
That's fascinating because it feels like it would have so many applications if you could take
that mindset to other problems for how to engage in trust, have trusted interactions with
stranger parties where you don't want to have transparency as a proxy for trust.
Absolutely. I think that's a really, really good point.
So there are lots of other areas in the Bitcoin world where these zero knowledge mechanisms are being used.
There are things like smart contracts where you want to prove that you're following the contract correctly,
but you want to do it in a zero knowledge manner so it's not to reveal what exactly it is that you're doing,
just that you're following the contract properly.
So this sounds a little bit like FDI and FDIC insurance for Bitcoin that people have this comfort that, you know,
they're going to get their money back if push comes to shove.
But how do I trust in that other mechanism?
So FDICI trust because I trust in some sense in the U.S. government
and that it has the money to pay me back.
Where does my trust lie then with this mechanism that says you're solvent?
Like how do I know that you're telling me the truth?
Right.
So basically when I say that, so it's a really, really good question.
And the answer is, like many other things with Bitcoin, that the answer is in the mathematics.
Yeah, it's secure.
I mean, it's the reason you have faith in it is because, well,
It's based on hard problems for mathematics.
If the exchange was able to produce a false proof,
that necessarily means that they were able to break some problem
that we believe is unbreakable.
Right.
Or at least difficult to break.
Right.
And so, but again, much of Bitcoin depends on these hard problems
of mathematics, right?
So the security of Bitcoin depends on the security of digital signatures.
Since we have faith in the digital signatures that we have,
we have faith in the currency.
I see.
So I'm going to ask something that's probably very blasphemous here, given who I'm speaking to and where I'm sitting when I'm asking this.
Is it naive of us to put our trust in math as well, though?
Because on one hand, we're saying we don't trust other human beings with certain things because human beings are faulty mechanisms.
But it's not like math is this closed loop perfect system.
I mean, we think about, even I'm just thinking concretely about the fact that the NSA must have like the world's best mathematicians employed, working on cracking all kinds of things.
Not to mention all the failed hedge funds that have great mathematicians employed.
Right.
I think these are really, I mean, you guys are bringing up a really, really great point that a lot of the security that underlies, not just Bitcoin, but really all of cryptography.
Right, exactly.
We talked about these secure channels that you set up with Google and all that.
All those channels, the reason they're secure is because we believe in the underlying cryptographic primitives that are used to secure them.
Now, why do we believe those primitives?
Well, to tell the truth, the answer is because lots of smart people have looked at the underlying mathematical problems and no one has been able to show that no one is able to show that they're not hard.
So just to be concrete, for example, a lot of the securities based on, say, just to give one example, the difficulty of factoring large numbers.
Right.
Well, how do we know that factoring large numbers is hard?
Well, the truth is, we don't know that it's hard.
Well, especially in an age while our computing power is increasing exponentially.
that cannot be solved before.
It was hard 100 years ago.
Right.
So hard right now.
Well, actually, you know, surprisingly, the growth in computing power is actually helping
us secure these problems.
Oh, interesting.
So that's actually not a problem.
So that's counterintuitive.
And the reason is because, because as computers get faster, we can, you know, end-user
machines can actually handle larger and larger numbers.
But if you just make the number, like, twice as big, factoring it is not twice as hard.
Factoring it becomes exponentially hard.
so that the fact that end-user machines can handle
twice numbers that are twice as big
means that attackers now have to work incredibly hard.
But the risk that I was referring to is
how do we know that there isn't a better way to factor numbers?
Or how do we know that there isn't a better way
to break the encryption or the digital signatures
that underlies Bitcoin or Google channels?
Actually, the whole world of crypto in some sense
was invented in the public key, the modern,
what we call modern cryptography,
was started back in 1976 here at Stanford.
and the problem that, by Diefi and Helmand,
and the problem that they set out
that they basically based their system on
still hasn't been solved.
Yeah, it's still, it's a hard problem.
Lots of people have tried to break it,
but it has not been broken so far.
Now, I should say,
and probably some of the listeners are now thinking,
there is actually a looming threat,
which is really quite why,
which, again, shows why this field is so much fun.
Yeah, there is a looming threat.
It turns out there's a whole other class of computers
that we have not been able to build yet.
Quantum computers.
Quantum computers.
Yes, exactly.
Exactly. I'm so glad you brought this up because I find them fascinating.
They're not based on classical physics. They're based on the fact that our world is a quantum world.
And if I can explain it in one sentence is basically the one way we're thinking about it is, as you know, and quantum theory says that an electron is actually in multiple places at once.
And it turns out if something is in multiple places at once, at a very vague level, you can say that each place that it's at can be used to compute.
and that allows you to do many computations at once,
which we couldn't do on a classical computer.
Technically, that's not quite accurate,
but there is a way to make this precise and accurate.
When the bottom line here is that quantum computers
can solve certain problems that classical computers can't.
And in fact, all the world of crypto that we use on the Internet today
and for Bitcoin as well would be broken
if someone was able to build a quantum computer.
Now, you don't have to lose too much sleep over this today,
because no one has been able to build a quantum computer,
and it's not on the horizon even.
So let's actually probe on this a little bit more, though,
because we've been hearing about quantum cryptography
and quantum computing as this potential holy grail for years.
Why is it really far away?
Are the enabling conditions at all changing that can make it possible?
I feel like we're seeing a resurgence again of interest in advances
that show that they might be more possible to build than they have before.
Absolutely. Absolutely.
So before I answered that, actually,
let me just make a quick comment here,
which is to say that even if tomorrow we found someone, you know, open up the New York Times
and it says, you know, first quantum computer built, don't panic.
Yeah, there's no reason to count.
It's not the end of the world.
Do not panic.
Do not panic.
Do not panic.
Not the end of the world.
It turns out the crypto community is not sitting on its hands.
We've actually been hard at work in building backup cryptographic primitives such that even if somebody
built a quantum computer tomorrow, all we would have to do is switch out the primitives that
we have today, move to these new primitives.
we're back on the horse. Yeah, we're back in business. And as far as we know, quantum
computers will not be able to break those new primitives. So how likely is that New York Times
headline, though? Well, the answer is that building a quantum computer is actually quite
challenging. And the reason is, I mentioned electrons before. Well, you can imagine each quantum
computer, it's called a qubit, needs to kind of do its operation, but it can't do its operation
on its own. It's got to interact with other qubits. Well, the difficulty in building these quantum
computers is you need to have qubits interacting with one with one another, but not interacting
with the environment. And so building many, many bits that interact with one another, but not
with anything else, has turned out to be quite an engineering challenge. But I do have to say
that there's been really quite remarkable progress in the last couple of years in making that
happen. It's not clear how fast those things can actually be realized, but it looks like there
is actually a path now towards building quantum computers. So at some point, I would
speculate, I don't know, I wouldn't bet anyone on it, but I would speculate that in my
lifetime we'll probably see some sort of operating quantum computer. What are some of those
enabling conditions? Is it like material science advances? Like, what are the things that make
quantum computers possible? Yeah, it's actually mostly physicists and material sciences folks
that are working on this. Absolutely. This is a, you know, I would say that the computer
scientists have done their job here in that, you know, we have shown very compelling applications
for quantum computers. The ball now is in the physicist's courts, you know, just build the thing.
So you mentioned earlier, Dan, that, you know, that a lot of this is that cryptographers and
computer scientists and, you know, security research has been working for years, like with these
backup, you know, cubit idea, I mean, these backup ideas for quantum cryptography and all
these other things. Clearly a lot of security research is about anticipating attacks. And,
not even just anticipating attacks, but what types of attacks are going to happen?
Because the world is continually evolving.
So how does that play out in your work and what you do with your students?
Yeah, I have to say that kind of anticipating what attackers are going to do
is actually quite an important area of research and computer security in general.
One of the things we try to do with my group is, again, anticipate kind of what attacks
are going to come that we haven't seen yet.
And of course, once we do identify an attack that we haven't seen yet, we do all.
a lot. We work hard to try and make sure that it doesn't happen and we propose ways to fix it.
I'll give you maybe a couple of examples. So one thing that we did a few months ago was look at the
security of password managers. So speaking of user authentication, we were kind of curious about
how secure our password managers that are embedded in browsers. Well, so again, in the vein of
anticipating attacks, it turned out, well, there are actually quite generic attacks that could be
applied to these password managers and extract passwords without the user's knowledge or consent.
So that was kind of troubling. And again, it's in the vein of not putting your head in the sand.
The goal is to kind of understand how vulnerable are our systems, how secure are there, are they, are
places, are there parts of our systems that can be improved? And so looking at password managers,
basically we identified places where password managers could be strengthened.
We wrote a paper explaining what our attacks are.
We explained exactly how they could be strengthened and how to defend against these attacks.
And I'm thrilled to say that actually many of the big companies adopted our proposals.
And in fact, they've pushed patches to exactly address the issues that we brought up.
So it's an area that's actually quite a lot of fun to work in.
Our students, you know, obviously they get to identify new attacks before they come out.
And then our focus basically is, again, fixing and making sure those things are not exploits.
When you say identify, though, you're not just meaning like they're seeing them out and seeking them out in the wild and then identifying and labeling them. You're actually meaning that you guys are actually creating those attacks.
Well, I wouldn't. Well, basically, we look at the security of systems and we try to identify ways in which, you know, perhaps they're not as secure as one would think. And it's very important to do this kind of research because, again, if you think that something is secure, you, the end user, think that something is secure when in fact it's not.
that's doing a lot of harm overall.
Security didn't used to be the sort of the first thing
or even the third thing maybe that people had in mind
when they were building systems.
Are we getting better?
You know, the simple answer is, yes,
things really are getting better,
but a lot of it has to do with process.
So you see that within companies, the large companies, for sure,
there's actually a much stronger emphasis on security now.
And the particular point is that the security teams
have a lot more power than they did in the past.
So in big companies like Microsoft, Apple, Google, security teams, in fact, are involved in the process from the design phase, which is really important.
And then if a product is about to ship out and the security team discovers a big vulnerability, they actually have the power to delay shipping.
Yeah, so putting those kind of policies in place really helps companies ensure that products that they ship out at least satisfy some criteria to make them more secure.
So that tension between, like, we've got to get this thing out here, we've got to go, go, go, that versus security, it's not as much of a battle anymore?
No, no, I didn't say that.
I said that in the large companies, security teams have much more power than they used to.
When you look at products coming out of smaller companies, especially startups, you know, often there's a, there really is a rush to market.
And you can understand that completely, right?
There's no point in securing a product that's never going to get used.
So you'd first like to build a user base and then worry about securing it.
You can kind of see where that mentality, how that mentality might evolve.
And what we're trying to get across is that's actually quite problematic.
Because once your product is out there, once you build a user base,
your users are used to using the product in a particular way.
If it turns out that you have to make changes in the user interface because of security concerns,
that actually would make it harder to later on make those changes to make the product more secure.
So my hope is that startups can also pay attention to security before they ship products.
So, you know, always, if you're building a startup, if you're even a small group of developers who are putting a product together,
always have some folks who are in charge of looking at attacks.
This is often called threat modeling.
So even as a group of developers, you should have meetings and engage in this activity called threat modeling.
Try to write down explicitly what are the attacks that are.
possible on your product, and then try to design ways to prevent those attacks. And that should
be done from day one. It shouldn't be just left to the big companies to do. Everybody in the
software world needs to be doing this. It's actually interesting because one of our partners,
Frank Chen, always talks also about our startups and their security hygiene even. Well, at least
in terms of securing the backend systems, these days there's a lot of outsourcing going on in terms
of backend systems. You know, you outsource a lot of operations to the cloud. So at least basic
security issues of making sure your network doesn't fall under a DOS attack.
It's something that the cloud takes care for you.
And so at least kind of even small companies can do quite a lot by relying on the cloud.
They can do quite a lot in securing their own infrastructure and the backend system
for their own products.
So that is definitely one aspect in which things are getting better.
We're at a point now where it sounds to me like I shouldn't assume anything.
I can assume in some sense that, like, well, big company A, they'll probably be doing a pretty good job.
But that doesn't mean I should also assume that this other thing that I'm looking at, you know, from a big company or from a small company, has the same degree of security or control or protection.
Well, it's basically, you know, software is complex.
Software is hard to write.
Software that just works is, you know, reliably works is hard to write.
software that works reliably and is resistant to attack is even harder to write.
And so, no, you can't assume that anything is secure, but that's okay.
Yeah, I mean, we don't live in the world where we expect perfect security ever, right?
Our houses are not perfectly secure, and yet we seem to cope with it quite well.
So we shouldn't expect our software artifacts to be perfectly secure, and there's no system.
That's actually a good point.
Whenever you, whenever an attacker invest enough energy in trying to break and pin it,
penetrate into a system. By expanding enough energy, they'll be able to do it. It's true in the
physical world and it's true in the software world. You mentioned that you're teaching this new
course. I've noticed that you've taught a couple of MOOCs on applied crypto or computer science
MOOCs. Can you tell us, share some of your thoughts on A, why you did that and then B, like your
thoughts on the evolution of education? Oh, I have to say the MOOCs are a big deal at Stanford and
And they've actually played an important part in my life.
So I really enjoy teaching.
This is why I'm a professor.
I really, really like teaching.
Especially teaching at Stanford is a lot of fun.
Lots of smart students.
So obviously, it's a pleasure to teach them.
What I've done, though, is I've taken my on-campus applied crypto class, and I've
actually made it into, I sat down, recorded it, and I made it available to the public.
So anyone who wants to can sign up for the class.
It's available off of my homepage.
You can easily find it and sign up.
The class repeats every three months, and you can just sign up and take it.
It's free.
You get a statement of accomplishment once you're done with it.
And in fact, lots of people have taken it.
So there's something like 600,000 people have signed up for this class.
And it's been really rewarding for me.
First of all, I would have to teach at Stanford for about 2,000 years to reach 600,000 people.
I have to say, I kind of think of this class as a MOOC.
not a replacement, it's definitely not a replacement for on-campus classes. I now, I've come to
realize this MOOC is basically like a 21st century textbook. So if you take, yeah, so if you take
the MOOC online, you should, it's almost the same as actually reading a textbook on crypto.
Yeah, it's a textbook that's maybe a little easier to read because it's videos and exercises and
it's a little bit more interactive. It's not a passive experience like a textbook. But really it is
just a 21st century textbook. And actually it's improved my on-campus teaching as well because
now when I teach a class on campus, if there's like a topic that I think is kind of boring and,
you know, maybe we should move on to something more interesting and spend more time on the more
interesting stuff, all I do is I kind of give an overview of the kind of the, maybe the easier
topic. And then I just say, you know, go see the MOOC to kind of get a more in-depth
coverage of that topic. And then we move on to the deeper and more interesting topics that
might take longer and require more class time.
So it really has improved my on campus teaching as well
because I can rely on it and direct students to watch it.
Just like in the old days, you might direct students to read chapters in a textbook,
except students wouldn't read the chapters in the textbook.
Whereas here, all they have to do is just watch some videos.
They seem to be much more attuned and used to that, I guess, in the age of YouTube.
Some will be, we need to sign up for the MOOC right away.
Go for it.
I feel like we're going to get quiz next time we see Dan.
So, does the MOOC, I mean, how geographically, how does it distribute?
And have you noticed any, like, cryptography is hot in, you know, I don't know.
The new cryptographic clusters.
Oh, yeah.
No, it's actually all over the world.
It's fairly, fairly, there's obviously a strong center in the U.S.
But, no, it's from all over the world, India, China, just all the places you would imagine.
And it's fairly uniform.
You said that the CS department at Stanford has a highest number of women as a major.
Are you seeing any kind of distribution across your MOOC, male, female, that tells you anything?
Actually, that's a great question.
Yeah, that's a great question.
But to be honest, I looked at the geographic distribution.
I haven't quite looked at the gender distribution.
So I don't know the answer to that.
Well, we'll find that out next, I guess.
Yeah.
Are they all watching the MOOC on their phones?
Because not everyone has computers in foreign countries.
Yeah, they can watch it however they want.
They can watch it on their laptop.
If they have a slow internet connection, they can download the video.
over night and then watch them the following day.
They can watch them on their tablets.
They can watch them on their phone.
They can watch however they want.
So the platform is actually very general.
And I should say that it's not like sitting in a movie theater and watching a movie passively.
These MOOCs basically, at least my lectures, they pause every minute or two and ask the
students questions.
It's more of the Socratic way of learning where, you know, let's develop this material.
And by the way, what do you think about this topic?
And then the student has to answer.
And then we continue based on the student's answer.
So that really is kind of an interactive experience as the course evolves.
And are the questions that you're saying you answer all these emails,
are the questions that you get in any way different from the questions you get from your students at Stanford?
I mean, in terms of type and kind of what they're going after?
Well, they're all over the place.
Some of the MOOC students are extremely bright.
Yeah, they ask really, really good questions.
And in fact, they answer each other's questions.
There's like an online forum as part of the MOOC,
and they answer each other's questions.
read the answers, and they're extremely insightful. So, well, you know, there are lots of smart
people out there, and I'm happy that they're taking these MOOCs. It's great that Stanford is
encouraging it, too, because, you know, one could argue, like, wait, you're paying this tuition,
and this is our best asset, these professors, and then to give your knowledge away for free,
I mean, some universities actually have a complete opposite attitude about that. Right. So as we said,
I mean, this is not going to replace on-campus education. It's more to supplement it.
And the goal is to basically have our way of looking at the material be made available to the world.
It's a 21st century textbook.
Exactly. It's exactly like a textbook.
Love it. We love that.
Dan, we're really excited to have you as our new professor in residence.
We can't wait to keep the conversation going about all of these exciting topics and more.
For me, I can tell you that a lot of my research is being driven by ideas that come out of startups.
So working with the startups that come through Andreessen Horowitz is going to be a lot of fun for me,
looking at ideas, looking at pitches, expressing opinions, obviously, all of this.
I'm really excited and I'm looking forward to doing all of it.
Thank you.
Thanks.