The a16z Show - a16z Podcast: Crypto, Security, CS, Quantum Computing, and More with Our New Professor-in-Residence
Episode Date: September 5, 2015Many of the most successful companies have their foundations in university labs -- from data science to the web browser itself. Yet the process of moving from research project to successful startup is...n't always straightforward. With the goal of smoothing this process and continuing to bridge entrepreneurs across academia and industry, we began the a16z Professor-in-Residence program just last year. And this year's newly anointed Andreessen Horowitz Distinguished Visiting Professor of Computer Science is Dan Boneh, Professor of Computer Science and Electrical Engineering at Stanford University as well as Co-director of the Stanford Computer Security Lab. In this episode of the a16z Podcast, we sit down with Boneh to chat about applied vs. theoretical math and computer science; what's missing and what's next with "usable" security (including various authentication approaches); and current and future trends in cryptography, bitcoin, and more. Boneh also shares his thoughts on MOOCs (massive open online courses) as the "21st century version of the textbook". Oh, and on when quantum computing will finally happen... and why we should (and shouldn't!) freak out about it. Yet. The views expressed here are those of the individual AH Capital Management, L.L.C. (“a16z”) personnel quoted and are not the views of a16z or its affiliates. Certain information contained in here has been obtained from third-party sources, including from portfolio companies of funds managed by a16z. While taken from sources believed to be reliable, a16z has not independently verified such information and makes no representations about the enduring accuracy of the information or its appropriateness for a given situation. This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. You should consult your own advisers as to those matters. References to any securities or digital assets are for illustrative purposes only, and do not constitute an investment recommendation or offer to provide investment advisory services. Furthermore, this content is not directed at nor intended for use by any investors or prospective investors, and may not under any circumstances be relied upon when making a decision to invest in any fund managed by a16z. (An offering to invest in an a16z fund will be made only by the private placement memorandum, subscription agreement, and other relevant documentation of any such fund and should be read in their entirety.) Any investments or portfolio companies mentioned, referred to, or described are not representative of all investments in vehicles managed by a16z, and there can be no assurance that the investments will be profitable or that other investments made in the future will have similar characteristics or results. A list of investments made by funds managed by Andreessen Horowitz (excluding investments and certain publicly traded cryptocurrencies/ digital assets for which the issuer has not provided permission for a16z to disclose publicly) is available at https://a16z.com/investments/. Charts and graphs provided within are for informational purposes solely and should not be relied upon when making any investment decision. Past performance is not indicative of future results. The content speaks only as of the date indicated. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in these materials are subject to change without notice and may differ or be contrary to opinions expressed by others. Please see https://a16z.com/disclosures for additional important information. Stay Updated:Find a16z on YouTube: YouTubeFind a16z on XFind a16z on LinkedInListen to the a16z Show on SpotifyListen to the a16z Show on Apple PodcastsFollow our host: https://twitter.com/eriktorenberg Please note that the content here is for informational purposes only; should NOT be taken as legal, business, tax, or investment advice or be used to evaluate any investment or security; and is not directed at any investors or potential investors in any a16z fund. a16z and its affiliates may maintain investments in the companies discussed. For more details please see a16z.com/disclosures. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Transcript
Discussion (0)
The content here is for informational purposes only, should not be taken as legal business, tax, or
investment advice, or be used to evaluate any investment or security and is not directed at any
investors or potential investors in any A16Z fund. For more details, please see A16Z.com slash
disclosures. Hi, everyone. Welcome to the A6NZ podcast. I'm Sonal and Michael and I today are interviewing
Dan Bonnet, who is our new professor and residence at Andries and Horowitz. And,
for those of you don't know about this, for the first time ever, we had a professor in residence
last year, and it was a new initiative for us as a way of bridging ties between academia,
industry, startups, because the reality is that some of the best and most interesting
ideas are coming out of, and the long-term thinking ideas are coming out of universities.
Welcome, Dan.
Thanks. It's a pleasure to be here.
You're our second professor in residence, but what are you a professor of?
Yeah, so I'm a professor of computer science.
at Stanford University. My area of research is computer security and cryptography. I've been at
Stanford now for 18 years. I teach mostly computer security and cryptography classes and it's a
fantastic area to be working in. There's lots of interest in this from industry now, from obviously
even in the policy circles. It's hard to believe. But even the president came, President Obama,
came to campus a few months ago and he was talking about computer security. I could
couldn't believe it, but the president was talking about things like malware and keyboard loggers.
You say you couldn't believe that. Is that because the political environment has changed for obvious
reasons with the Snowden revelations and everything that came down after that? Or is that just
unusual for other reasons? I think Snowden might be actually a small part of it. I think the bigger
issue is that more and more of our lives are going online. And as more of our data is available
on computers, it's obviously also available to be hacked and stolen. And so computer security has kind of
become part of our daily lives these days.
Every time there's a breach, people lose a lot of personal information.
And so the public focus and public interest in computer security has just exploded over the
last couple of years.
And the prediction is that it's only going to get even more interesting and, you know,
it's going to get worse before it gets better.
Why will it get more interesting?
Is it because of the devices and computing moving into everything or other?
Yeah, we are more and more reliant on computers.
There are more and more devices that we all possess and own.
We're moving into this environment where we're in and our things, where we're going to be covered with sensors that measure all sorts of information about us.
And all that information is being sent to the cloud.
As long as the more information about us is being collected in a central location, the more likely or potentially bigger targets that repository becomes.
And again, every time there's a data breach, more and more information is being revealed.
And the public really pays attention.
So that has real impact on the public's perception and the public's privacy.
And so there's just a lot, tremendous amount of interest in computer security, and it's going to grow over time.
You speak of the impact on the public, but what's the impact been on your kind of wheelhouse there at the university,
both in terms of, you know, you mentioned the president coming to visit, but companies, who's knocking on your door now,
both in terms of, like, you know, outside Stanford, but also, you know, the students and, you know,
kind of their areas of interest.
Like how is that shifting as, again, this becomes more and more important?
So first of all, the major, the computer science major at Stanford is exploding in the sense
that we are now the largest major on campus and it's continuing to grow.
It's kind of interesting that we're even the largest, either largest or second largest
major for women on campus.
So if you literally count number of women, computer science is now either the largest or the
second largest on campus. Are people also doing other majors in addition to computer science? Like,
is it sort of becoming where computer science is like the new, like, English or everyone does English
and something else? Or is it, is it like that? They're computer science majors. So they're primarily
doing computer science. But we did just start a new effort called computer science plus
X. So computer science is kind of slowly taking over the world, right? I mean, software is everywhere
these days. You can't do English without software. You can't do music without software. You can't do
literature, everything is involving software these days. So our computer science is kind of
expanding. And so we just launched this new effort called computer science plus X, CS plus X,
where students can be computer science majors, but they would also major in another
discipline. So one of my undergrad students, for example, it does computer science plus
Slavic studies. So just to show you that it's kind of an interaction of computer science
with lots and lots of different areas around campus. Interesting. So linguistics, it could be
biology, it could be just anything, really. Absolutely, absolutely. So computer science plus
things in them, in the, basically almost anything in the humanities. Right. So what are some of
the other shifts that you've seen besides that? Yeah, so within computer science, I can say that
computer security is definitely something that a lot of students are fascinated and interested by. And just to
give one example, Mike, our computer security class, the one that I teach is an elective class. And it's
also been growing tremendously. Just this last time I taught it, it had had over 300 students. So it's a lot of
fun. These are brilliant students, really smart, and there are a lot of fun to teach. And so you can imagine
that having an elective class that that's big is kind of really showing where the level of interest
that students have in the topic. You are described as an applied cryptographer. Where does the applied come
as opposed to not applying it to anything or just the theory of cryptography? Yeah. So I were
on computer security and cryptography. And cryptography is actually the science of encryption,
basically. How do we communicate securely with one another? And it's a very, very broad area.
There are parts of cryptography that are being deployed and used every day. Every time you connect
to Google, you're using cryptography to set up a secure connection, an encrypted connection
between you and Google. So there are parts of cryptography that are extremely applied and used by
billions of people every day. If only they knew, they were using actually fairly, fairly
sophisticated math in setting up those secure connections. It's actually quite fascinating to me
that areas of mathematics that have been completely pure and study only for intellectual curiosity
are now being used by billions of people every day to set up secure connections across the
internet. So that would be more of the applied part of crypto. Cryptography also has a theoretical
side of it which asks basic questions like what are the minimal set of assumptions we need to have
in order to set up a secure channel between the two of us.
And typically, those kind of, if you want to minimize the set of assumptions that you use,
you might not end up with the most efficient systems that are possible.
And so those are more proofs of concept.
They're not directly deployed.
And so, as I said, it's a very, very broad area of research spanning all the way from applications
to mathematics, to theory, to algorithms, to complexity theory, and so on.
So it's really quite a broad space.
And as I say, it's a fascinating area to work in.
It's one of the few areas, I have to say,
where you can do deep mathematics,
and at the same time it would be extremely applied
and deployed and used by billions of people all over the world.
So the applied part of it.
Well, I think we'd like to pick on that thread a little bit more
because the fact that you're a professor in residence
is interesting in that context,
because it's sort of the intersection of, like, ivory tower.
I mean, not that anyone would probably call Stanford ivory tower,
because it's always had this history of people coming in out of the university.
But it is sort of this intersection of university, industry, you know, business, government, funding, all of that stuff.
Like, how do you see the role that you play in that and Stanford as well?
Like, where does that sort of all play out?
So the students to Stanford have always been extremely entrepreneurial.
So it happens a lot that they come and do research projects with us,
and those research projects turn into companies.
It's happened to me twice in the past already.
Oh, wow, really?
Indeed.
How can you tell, by the way, if it's at a research project stage?
Can you tell what makes it a promising potential company by looking at a research project?
Are there things that you look for or you notice?
Like, wow, that's going to be really interesting in the future?
Well, I have to say that a lot of it comes from experience.
But the rule of thumb is if it solves a problem that the world really wants to solve
and no one has solved so far, it's probably a research project that's going to turn into a company.
Right. Are there skills that you think that the students who have really neat research project ideas that can make promising startups don't have? And I don't mean that in a negative way, but it's more like what are the missing pieces there? So for example, like design. So much of, you know, cryptography touching our lives or any aspect of security touching our lives is about the usability of it. Because there's a lot of things we simply don't do because they're hard to do. Yeah, I think that's a really important point that is very often ignored. That you could have the best technology, but,
if it's not wrapped in a nice user interface that people have fun and, you know, they're
comfortable using, it's never going to get deployed.
Exactly.
It's never, it's never going to work.
I mean, let's talk about second factor authentication.
Yeah, so second factor authentication is an area that's close to my heart.
So today, traditionally, when we authenticate to websites, we typically just use passwords.
And as we all know, passwords are incredibly insecure.
A, we generally, we choose humans, generally choose relatively weak passwords that are not that
difficult to guess. And B, it's actually not that hard to extract someone's password using
attacks called fishing attacks. Someone can easily fool you into typing in your password where you're
not supposed to, and in doing that, they will have extracted the password from you. Well, it's actually
gotten even more sophisticated, right? Because we've talked about spearfishing where people actually
figure out who you are almost, like based on your social network profiles and then actually
cloak and attack, kind of using the words as if you're someone you know. Absolutely.
Without any misspellings, because that's how you used to tell if it's an actual fishing attack.
Absolutely. Fishing attacks will go ahead and kind of draw a wide net and recover passwords from lots of random people.
If you want to target a particular individual that you want to extract their password, you would use what's called a spearfishing attack where you actually gather information around them.
And typically you would just send them an email saying, you know, here's a video of you and the email is coming from your best friend.
You know, most people will click and fairly frequently they'll end up revealing their password.
So passwords by themselves, we know, are quite problematic as the only token for authentication.
And so what's proposed is basically to use what's called second factor authentication.
Typically, the way second factor authentication is implemented today is using a smartphone.
The smartphone is the second factor.
So the smartphone will either present a six-digit pin that the user types in.
Some companies will text a message and that will be typed in.
More recent startups actually are working on things like where you just,
press a button and on your phone, and in doing that, you confirm a login.
All those are wonderful second factor mechanisms.
So I'm a big fan of actually making those more usable.
Unfortunately, today, all second factor authentication schemes are essentially based on, well,
the smartphone.
And what happens if you only interact with a website through your smartphone, right?
So in fact, we're hearing more and more of people that the only way they interact with
specific websites, say with their bank or with their,
their e-commerce site is specifically on their phone.
Well, in that point, the phone is not exactly a second factor.
It's basically, well, it's almost like just another device.
It's the same.
It's the same.
Well, actually, it's both the host device and the device you're inputting on
and the device that you're competing on and everything.
That's one problem.
The other problem is often, you know, I want to log in and maybe my phone is not next to me, right?
So maybe I left my phone in one place in one room and I'm trying to log in from another room.
the direction we'd like to go to move to
is where the second factor is something
that's always on the human body.
So one of the beautiful applications
for smart watches is exactly a second factor, right?
My smart watch, my watch actually is always on me.
If that could be used as a second factor,
then that's a lot easier to use
and you're not going to forget that at home.
Well, I could use my wringley then for second factor.
Right, I mean, you could use it presumably
anything that you carry with you all the time.
What I see missing, for example,
is I would love to have a second factor
built into my glasses.
Right.
Yeah, I mean, I wear glasses.
My glasses are on me all the time.
In fact, I can't even use my computer without my glasses.
I wear glasses, too, and that would work perfectly for me.
Because there are times where I don't wear a watch.
There are times where you leave your phone.
But I wouldn't be able to do anything without those.
Well, why are we still embodying the second factor in objects?
Like, why then not biometric authentication?
Like, why wouldn't that be the third factor in that context?
Okay, so that's a really, really good question.
So when you say biometric, you mean something like a fingerprint.
Like a fingerprint.
Exactly.
So we've actually learned that fingerprints are not a very good way to authenticate people for a number of reasons.
First of all, they're not very secret.
Every time you hold a glass of water, you're basically leaving your fingerprint on that couple water.
I think I've seen like 10 movies where there's a scene where someone steals the fingerprints off someone based off the glass of water at a bar.
Well, you don't just have to go to Hollywood, actually.
There are people who are.
Oh, it happens in real life.
Yeah.
There are YouTube videos.
They will teach you how within five minutes you can take a glass of water, pick a fingerprint off of it, and then use that to unlock the iPhone, for example.
I actually didn't realize it was that ubiquitous.
It's actually fairly easy to do.
That's problem number one.
Problem number two is that if you fingerprint,
if you suspected your fingerprint has been somehow compromised,
there's no way for you to revoke your fingerprint.
Maybe you can revoke it 10 times because you have 10 fingers.
But once you're done with your 10 fingers,
you know, there's nothing, no other option for you.
I guess you can go to 20 times if you use your toes.
But generally, there's only a limited number of times you can revoke your fingerprint.
Whereas a password or a second factor in the traditional sense,
you can revoke as many times as you want.
If you suspect that someone stole your password,
you just change your password.
If we all know, and by we, I mean,
both the users and the people who create these
and the folks who ask for us to register them,
if we all know they're so insecure,
what's keeping them so alive and well?
Is it, again, because there's no other good option?
And that's what you and your students are all working on?
Well, the simple answer is inertia, right?
We've all, passwords have been invented, you know,
so many, about 50 years ago, and we've all gotten accustomed to using them.
At this point, trying to get people to switch to something else is actually quite difficult.
And so second factor actually is getting some adoption.
Interestingly, there are now studies that try to estimate how many people have adopted second factor on Gmail.
There was just a paper published last summer that claims something like 6% of Gmail users.
That's so tiny.
Actually, you say tiny, but to me this actually sounds like a remarkable success.
Oh, really?
Getting people to adopt technology at a rate of 6% is actually quite remarkable.
Yeah, these are large numbers of people already.
And by the way, these are, I should just emphasize, these are estimates based on an academic
paper that did its best to estimate the number.
We don't actually know what the real number is.
So our current estimate is 6%.
Some people, you know, the glass half empty folks would say, oh, it's so small, it would
mean second factory isn't working.
The glass half full people would say, wow, six.
percent out of however many hundreds of millions of users they have is a remarkable success.
So we're talking about the consumer world, but for example, here we use OCTA. Octa is clearly
part of our portfolio, but can't you force people to do second factor or are in a way that's easy,
right?
Yeah.
Because that's easy.
Like I just authenticate once and I have all my applications.
So like, again, that's a wonderful question.
So I can tell you that at Stanford, Stanford actually hired a fantastic CSIOs.
the chief security officer.
And one of the things that he did is he mandated second factor access on the Stanford campus.
Now, that's a lot of people.
That's like tens of thousands of people across the Stanford campus.
And they now, when they want to log in to the university systems, they have to log in using
second factor.
And guess what?
I mean, there was some resistance initially.
And we're still all alive.
Yeah, we're still all of the world does not stop.
You're getting all your things.
Everybody's using their second factor and they're still able to do their job.
And it just works.
So definitely in a more controlled environment, it's much easier to mandate second factor.
Right. I just wish there was a world where you don't even have to make an effort to have security.
Like, it should be effortless in my mind because even though it's great that people learn technology,
isn't it possible that, like, you know, I was thinking if we were talking earlier about some of the people we know in common through the park and Stanford research,
security research world, but I was thinking of like some of like, you know, implicit authentication or other ways of finding out, like, based on patterns of behavior that this person is really who they,
say they are. Are there other things that we can do that we don't have to work at? I feel like
I have second factor enabled, but I'm lazy. I don't want to have to work at this.
Absolutely. So the best security technology that has had the most impact in the world is security
technology that is invisible, that people don't even know that it's there. I think actually
encryption is a really good example of that. When you connect to Google, that entire communication channel
is encrypted and you don't even know that it's happening. You did nothing.
to make it happen, and yet it's all encrypted.
Exactly. I want more of that.
More of that.
So unfortunately, well, on the one hand, there is actually a lot more that we can do,
and actually things are being done.
For example, like you mentioned implicit authentication.
The false positive rates on that are still a little too high for it to be massively
and widely used, but that is definitely a very interesting direction.
Unfortunately, though, there's only so much you can do using implicit without any explicit
user interaction.
And the reason is, again, I can always try to do, as an attacker, someone might always try
to do a social engineering attack on you by spearfishing or fishing.
And if you just expect, if the user just expects the system to just work and do the right
thing, that can't possibly work because the attacker can make you think that what you're
about to do is secure, is safe where in fact it's not.
So the more the attacker knows about you, the easier it is for the attacker to fool you.
And so users, we always preach this.
Users have to be vigilant and make sure they don't just type in their passwords or enter their second factor whenever they're asked.
They always have to think.
Is that safe for me to enter my credential here or not?
And I wish there was a way to make this completely ubiquitous.
So that's completely transparent to users.
But because attackers can become more and more sophisticated over time, there will always be a need for the user to somehow think about what they do before they do it.
Right.
I think ultimately this is where every security.
security system fails. Because technology doesn't live in a vacuum. It's in a social context.
Although I have to say the role of technology is to make it so that the only attack that's possible on you is a social engineering attack.
But I think that's also why the CSX approach is a great one. So if it's computer scientists who are also trained as you name.
Designers, you know, designers, psychologists, etc. There's hope for us to sort of come at things in different ways.
There's a lot of room for education, for sure, for improving security.
developers need to become more aware of, you know, when they introduce a security vulnerability,
a bug in their code, that's going to impact a lot of people.
So developers need to be aware of the need to write secure code.
That's what we try to do in our classes.
But also the end user needs to be aware that, you know, they shouldn't just trust their
computer or the company or the website they're interacting with to make them secure.
Users have to be vigilant themselves.
Yeah, and users have a responsibility.
Okay, so you've scared me a little bit already about second factor and how not that many
people are using it and how we're not as secure as we might like to believe we are.
Scare me with encryption.
What are you working on that, well, that are either sort of help or that I should be worried about?
You know, we kept talking about second factor authentication, but there is like a big elephant
in the room, which is that the current techniques that are used for second factor authentication
make it so that stealing the user's password does not let the attacker log in as the user.
but all these credentials, all these user credentials
are still stored in the cloud.
They're still stored in one way or another
at a central repository
at websites that the user is trying to log into.
Well, in recent years, as you know,
again and again and again, hackers don't attack the end users
or not as much, and instead they go,
or in addition to, they go and attack these central repositories.
So we've all seen the attacks on Target
where they got a whole bunch of user information,
Office of Personnel Management.
They got a whole bunch of information.
Sony attacks.
There have been many, many, many of these publicized attacks.
And many are not publicized for that.
And many not publicized, indeed,
where the attackers actually go after central repositories
rather than going after the end users themselves.
Well, so second factor authentication helps protect the user
from losing their passwords,
but it does not quite help protect the central repository
where all these credentials are stored to begin with.
So what we've been working on is actually a way to kind of get the best of both worlds
where you could have an authentication scheme that is based on second factor,
but the central repository only has sort of public information.
So even if the attacker breaks in and is able to steal this information at the central repository,
that will not help them later on log in as that user.
That's fascinating.
Interesting.
Well, that makes me feel better, I have to say.
Let's actually segue a little bit to a theme you've been talking about, which is this power of math in everyone's hands.
And, you know, one of the things that people talk about when they describe technologies like Bitcoin and the blockchain is about putting your trust in math versus another intermediary and actually letting that become a form of trust.
So we'd love to hear some of your thoughts and work in the area of Bitcoin and blockchain.
Absolutely. Bitcoin is, I think, one of the exciting developments in the last couple of years.
I'm a big fan.
In fact, we're just starting this fall.
We'll be teaching a class on Bitcoin at Stanford,
just an entire class devoted just to Bitcoin,
blockchain technologies and other cryptocurrencies.
This is myself and Joe Bono,
one of my postdocs, we're going to be teaching this class together.
So Bitcoin is really exciting.
As you say, the security of Bitcoin is based on math.
It's based on what's called the digital signatures
and the mathematics that goes into digital signatures.
The reason it's so exciting is, first of all,
well, for me, it's yet another application of crypto.
But beyond that, it's actually, A, there are lots of people in this world who do not have access to a banking and financial system.
And Bitcoin is a fantastic way for them to continue to use currencies without having to rely on a centralized banking system.
So the power of Bitcoin in the developing world is enormous.
And we're going to be seeing a lot of growth.
In fact, there are a lot of startups going after that space.
So we're going to see growth of the use of Bitcoin in the developing world.
And that's really quite fascinating.
It really will improve the lives of the people involved.
Do you think then from your vantage point that Bitcoin adoption happens first in the developing world because of that,
because of the lack of, you know, like you say, first world banking infrastructure, et cetera?
Well, there are many reasons why Bitcoin is being used today.
Obviously, it's used in the developed world.
as well, not just in the developing world.
But yeah, the reason why its appeal in the developing world is so high is exactly because
it gives you a way to use money without having to rely on the required banking infrastructure,
which just doesn't exist.
And like I said, there are many startups going after that space and we'll see big movements
there.
So what we've been interested in in the area of Bitcoin is basically how can we help scale it
up, how can we help improve security, and so on. So I'll just maybe mention one thing that we just
did recently. Again, this is joint work with Joe Bono and some of my students. So we have these
Bitcoin exchanges, and many of them actually keep money on behalf of their customers. So
companies like Coinbase and others that actually, you know, they function as Bitcoin banks in
the sense. Well, we've had examples where these Bitcoin banks didn't do so well. You might have heard of Mount
gocks that held people's money and in the end it turned out not so well.
So what we'd like to do is we'd like to kind of help Bitcoin exchanges become more
transparent and increase trust in their holdings.
So ideally what you'd like to do is basically every day an exchange could prove that the
amount of assets that it holds is more than the amount of obligations that it has.
So obligations are basically the Bitcoin.
that it collects from its customers
and assets are the Bitcoins that it owns itself.
And you'd like it to prove that the number of Bitcoins it owns
is more than a number of Bitcoins that it holds on behalf of its customers.
That would mean that the exchange is solvent.
Right.
Yes?
Well, proving that your solvent is easy if everything was transparent.
You could just say how many Bitcoins you owe
and how many Bitcoins you have.
But most companies would be reluctant to reveal that information
just because that's too personal,
that's revealing too much.
information about your business. So what we designed is basically a mechanism that allows you to
prove solvency, but do it in a way that's called zero knowledge. So you can prove that your
solvent, so an exchange can prove that the amount of bitcoins it has is more than the obligations
that it has, but do it in a way that reveals nothing at all beyond the fact that it's solvent.
So by enabling that, essentially we enable these exchanges to every day run through this proof
that they're a solvent.
Anyone who cares can then look at the proof and convince themselves that the exchange is
solvent, but there is nothing revealed, nothing personal or private is revealed in the process
of doing this proof.
That's fascinating because it feels like it would have so many applications if you could
take that mindset to other problems for how to engage in trust, have trusted interactions
with stranger parties where you don't want to have transparency as a proxy for trust.
Absolutely.
I think that's a really.
really good point. So there are lots of other
areas in the Bitcoin world
where these zero knowledge mechanisms are being used.
There are things like smart contracts
where you want to prove that you're following the
contract correctly, but you want to do it in a
zero knowledge manner so it is not to reveal
what exactly it is that you're doing
just that you're following the contract properly.
So this sounds a little bit like
FDI and FDIC insurance
for Bitcoin that people have this
comfort that they're going to get their money
back if push comes to shove.
But how do I trust in that
mechanism. So FDICI trust because I trust in some sense in the U.S. government and that it has the
money to pay me back. Where does my trust lie then with this mechanism that says you're solvent?
Like how do I know that you're telling me the truth? Right. So basically when I say that,
so that's a really, really good question. And the answer is like many other things with Bitcoin,
that the answer is in the mathematics. Yeah, it's secure. I mean, it's the reason you have faith
in it is because, well, it's based on hard,
problems for mathematics, if the exchange was able to produce a false proof, that necessarily means
that they were able to break some problem that we believe is unbreakable, or at least difficult
to break.
But again, much of Bitcoin depends on these hard problems of mathematics, right?
So the security of Bitcoin depends on the security of digital signatures.
Since we have faith in the digital signatures that we have, we have faith in the currency.
I see.
So I'm going to ask something that's probably very very.
blasphemous here, given who I'm speaking to and where I'm sitting when I'm asking this.
Is it naive of us to put our trust in math as well, though?
Because on one hand, we're saying we don't trust other human beings with certain things
because human beings are faulty mechanisms.
But it's not like math is this closed-loop-perfect system.
I mean, we think about, even I'm just thinking concretely about the fact that the NSA
must have like the world's best mathematicians employed, working on cracking all kinds of
things.
Not to mention all the failed hedge funds that have great.
mathematicians employed, you know. Right. I think these are really, I mean, you guys are bringing up a really,
really great point that a lot of the security that underlies, not just Bitcoin, but really all
of cryptography. Right. Exactly. We talked about these secure channels that you set up with Google and all
that. All those channels, the reason they're secure is because we believe in the underlying
cryptographic primitives that are used to secure them. Now, why do we believe those primitives? Well,
to tell you the truth, the answer is because lots of smart people have looked at the underlying
mathematical problems and no one has been able to show that no one is able to show that they're not
hard. So just to be concrete, for example, a lot of the securities based on, say, just to give
one example, the difficulty of factoring large numbers. Right. Right. Well, how do we know that
factoring large numbers is hard? Well, the truth is we don't know that it's hard. Well, especially
in an age while our computing power is increasing exponentially. I mean, yeah. It could not be
solved before. Right. It was hard 100 years ago. Right. It's so hard right now. Well, actually, you know,
surprisingly, the growth and computing power is actually helping us secure these problems.
Oh, interesting.
So that's actually not a problem.
So that's counterintuitive.
And the reason is because as computers get faster, we can, you know, end user machines
can actually handle larger and larger numbers.
But if you just make the number like twice as big, factoring it is not twice as hard.
Factoring it becomes exponentially hard.
So that the fact that we, that end user machines can handle twice, numbers that are twice as big
means that attackers now have to work incredibly hard.
But the risk that I was referring to is,
how do we know that there isn't a better way to factor numbers?
Or how do we know that there isn't a better way
to break the encryption or the digital signatures
that underlies Bitcoin or Google channels?
Actually, the whole world of crypto in some sense
was invented in the public key, the modern,
what we call modern cryptography,
was started back in 1976 here at Stanford.
And the problem that, by Diffy and Helmut,
and the problem that they set out,
that they basically based their system on still hasn't been solved.
Yeah, still it's a hard problem.
Lots of people have tried to break it, but it has not been broken so far.
Now, I should say, and probably some of the listeners are now thinking,
there is actually a looming threat, which is really quite why,
which, again, shows why this field is so much fun.
Yeah, there is a looming threat.
It turns out there's a whole other class of computers
that we have not been able to build yet.
Quantum computers.
Yes, exactly.
I'm so glad you brought this up because I find them fascinating.
They're not based on classical computers.
physics. They're based on the fact that our world is a quantum world. And if I can explain it in one
sentence is basically the one way we're thinking about it is, as you know, and quantum theory says
that an electron is actually in multiple places at once. And it turns out if something is in multiple
places at once, at a very vague level, you can say that each place that it's at can be used to
compute. And that allows you to do many computations at once, which we couldn't do on a classical
computer. Technically, that's not quite accurate, but there is a way to make this precise and
accurate. When the bottom line here is quantum computers can solve certain problems that classical
computers can't. And in fact, all the world of crypto that we use on the internet today, and for
Bitcoin as well, would be broken if someone was able to build a quantum computer. Now, you don't
have to lose too much sleep over this today because no one has been able to build a quantum computer,
and it's not on the horizon even.
So let's actually probe on this a little bit more, though,
because we've been hearing about quantum cryptography
and quantum computing as this potential holy grail for years.
Why is it really far away?
Are the enabling conditions at all changing that can make it possible?
I feel like we're seeing a resurgence again of interest in advances
that show that they might be more possible to build than they have before.
Absolutely.
So before I answered that, actually,
let me just make a quick comment here,
which is to say that even if tomorrow we found someone,
you know,
New York Times and it says, you know, first quantum computer built, don't panic.
Yeah, there's no reason to panic. It's not the end of the world.
Do not panic. Do not panic. Yeah, do not panic. Not the end of the world. It turns out the
crypto community is not sitting on its, on its hands. We've actually been hard at work and building
backup cryptographic primitives such that even if somebody built a quantum computer tomorrow,
all we would have to do is switch out the primitives that we have today, move to these new
primitives, and we're back on the horse. Yeah, we're back in business. And as far as we know,
quantum computers will not be able to break those new primitives.
Right.
So how likely is that New York Times headline, though?
Well, the answer is the building a quantum computer is actually quite challenging.
And the reason is, I mentioned electrons before.
Well, you can imagine each quantum computer, it's called a qubit,
needs to kind of do its operation, but it can't do its operation on its own.
It's got to interact with other qubits.
Well, the difficulty in building these quantum computers is you need to have
cubits interacting with one another, but not interacting with one another.
but not interacting with the environment.
And so building many, many bits that interact with one another
but not with anything else has turned out to be quite an engineering challenge.
But I do have to say that there's been really quite remarkable progress
in the last couple of years in making that happen.
It's not clear how fast those things can actually be realized,
but it looks like there is actually a path now towards building quantum computers.
So at some point, I would speculate, I don't know,
I wouldn't bet anyone on it, but I would speculate that in my lifetime we'll probably see some sort of operating quantum computer.
What are some of those enabling conditions? Is it like material science advances? Like what are the things that make quantum computers possible?
Yeah, it's actually mostly physicists and material scientists folks that are working on this. Absolutely. This is a, you know, I would say that the computer scientists have done their job here in that, you know, we have shown very compelling applications for quantum computers. The ball now is in the physicist's court. Just build the thing.
So you mentioned earlier, Dan, that a lot of this is that cryptographers and computer scientists and, you know, security research has been working for years.
Like with these backup ideas, you know, qubit idea, I mean, these backup ideas for quantum cryptography and all these other things.
Clearly a lot of security research is about anticipating attacks and not even just anticipating attacks, but what types of attacks are going to happen because the world is continually evolving.
So how does that play out in your work and what you do with your students?
Yeah, I have to say that kind of anticipating what attackers are going to do is actually quite an important area of research and computer security in general.
One of the things we try to do with my group is, again, anticipate kind of what attacks are going to come that we haven't seen yet.
And of course, once we do identify an attack that we haven't seen yet, we do a lot, we work hard to try and make sure that it doesn't happen and we propose ways to fix it.
I'll give you maybe a couple of examples.
So one thing that we did a few months ago was look at the security of password managers.
So speaking of user authentication, we were kind of curious about how secure our password managers that are embedded in browsers.
Well, so again, in the vein of anticipating attacks, it turned out, well, there are actually quite generic attacks that could be applied to these password managers and extract passwords without the user's knowledge or consent.
So that was kind of troubling.
And again, it's in the vein of not putting your head in the sand.
The goal is to kind of understand how vulnerable are our systems, how secure are there, are there places, are there parts of our systems that can be improved?
And so looking at password managers, basically, we identified places where password managers could be strengthened.
We wrote a paper explaining what our attacks are.
We explained exactly how they could be strengthened and how to defend against these.
attacks. And I'm thrilled to say that actually many of the big companies adopted our proposals.
And in fact, they've pushed patches to exactly address the issues that we brought up.
So it's an area that's actually quite a lot of fun to work in. Our students, you know, obviously
they get to identify new attacks before they come out. And then our focus basically is, again,
fixing and making sure those things are not exploited. When you say identify, though, you're not
just meaning like they're seeing them out and seeking them out in the wild and then identifying
and labeling them. You're actually meaning that you guys are actually
creating those attacks.
Well, I wouldn't, well, basically, we look at the security of systems and we try to identify
ways in which, you know, perhaps they're not as secure as one would think.
And it's very important to do this kind of research because, again, if you think that
something is secure, you, the end user, think that something is secure when in fact it's
not, that's doing a lot of harm overall.
Security didn't used to be the sort of the first thing or even the third thing
that people had in mind when they were building systems.
Are we getting better?
You know, the simple answer is, yes, things really are getting better,
but a lot of it has to do with process.
So you see that within companies, the large companies, for sure,
there's actually a much stronger emphasis on security now.
And the particular point is that the security teams have a lot more power
than they did in the past.
So in big companies like Microsoft, Apple, Google,
security teams, in fact, are involved in the process
from the design phase, which is really important.
And then if a product is about to ship out
and the security team discovers a big vulnerability,
they actually have the power to delay shipping.
Yeah, so putting those kind of policies in place
really helps companies ensure that products that they ship out
at least satisfy some criteria to make them more secure.
So that tension between like, we got to get this thing out here,
we got to get, you know, we've got to go, go, go,
that versus security.
it's not as much of a battle anymore?
No, no, I didn't say that.
I said that in the large companies,
security teams have much more power than they used to.
When you look at products coming out of smaller companies,
especially startups,
often there really is a rush to market.
And you can understand that completely, right?
There's no point in securing a product
that's never going to get used.
So you'd first like to build a user base
and then worry about securing it.
You can kind of see where that mentality,
how that mentality might evolve.
And what we're trying to get across is that's actually quite problematic.
Because once your product is out there, once you build a user base,
your users are used to using the product in a particular way.
If it turns out that you have to make changes in the user interface
because of security concerns,
that actually would make it harder to later on make those changes
to make the product more secure.
So my hope is that startups can also pay attention to security
before they ship products.
So, you know, always, if you're building a startup, if you're even a small group of developers who are putting a product together, always have some folks who are in charge of looking at attacks.
This is often called threat modeling.
So even as a group of developers, you should have meetings and engage in this activity called threat modeling.
Try to write down explicitly what are the attacks that are possible on your product and then try to design ways to prevent those attacks.
And that should be done from day one.
It shouldn't be just left to the big companies to do.
Everybody in the software world needs to be doing this.
It's actually interesting because one of our partners, Frank Chen,
always talks also about our startups and their security hygiene even.
Well, at least in terms of securing the backend systems,
these days there's a lot of outsourcing going on in terms of backend systems.
You outsource a lot of operations to the cloud.
So at least basic security issues of making sure your network doesn't fall under a DOS attack
is something that the cloud takes care for you.
And so at least kind of even small companies can do quite a lot by relying on the cloud.
They can do quite a lot in securing their own infrastructure and the backend system for their own products.
So that is definitely one aspect in which things are getting better.
We're at a point now where it sounds to me like I shouldn't assume anything.
I can assume in some sense that like, well, big company A, they'll probably be doing
in a pretty good job, but that doesn't mean I should also assume that this other thing that I'm
looking at, you know, from a big company or from a small company, has the same degree of security
or control or protection. Well, it's basically, you know, software is complex. Software is hard to
write. Software that just works is, you know, reliably works is hard to write. Software that
works reliably and is resistant to attack is even harder to write.
And so, no, you can't assume that anything is secure, but that's okay.
Yeah, I mean, we don't live in the world where we expect perfect security ever, right?
Our houses are not perfectly secure, and yet we seem to cope with it quite well.
So we shouldn't expect our software artifacts to be perfectly secure, and there's no system.
That's actually a good point.
Whenever you, whenever an attacker invest enough energy in trying to break and penetrate into a system,
by expanding enough energy, they'll be able to do it.
It's true in the physical world, and it's true in the software world.
You mentioned that you're teaching this new course.
I've noticed that you've taught a couple of MOOCs on applied crypto or computer science MOOCs.
Can you tell us, share some of your thoughts on A, why you did that, and then B, your thoughts
in the evolution of education?
Oh, I have to say the MOOCs are a big deal at Stanford, and they've actually played an important part in my life.
So I really enjoy teaching.
This is why I'm a professor.
I really, really like teaching.
Especially teaching at Stanford is a lot of fun.
Lots of smart students.
So obviously it's a pleasure to teach them.
What I've done, though, is I've taken my on-campus applied crypto class,
and I've actually made it into, I sat down, recorded it,
and I made it available to the public.
So anyone who wants to can sign up for the class.
It's available off of my homepage.
You can easily find it and sign up.
The class repeats every three months, and you can just sign up and take it.
It's free.
You get a statement of accomplishment once you're done with it.
And in fact, lots of people have taken it.
So there's something like 600,000 people have signed up for this class.
And it's been really rewarding for me.
First of all, I would have to teach at Stanford for about 2,000 years to reach 600,000 people.
I have to say, I kind of think of this class as a MOOC.
It's not a replacement.
It's definitely not a replacement for on-campus classes.
I now have come to realize this MOOC is basically like a 21st century textbook.
That's a neat way of thinking about it.
Yeah.
So if you take the MOOC online, it's almost the same as actually reading a textbook on crypto.
Yeah, it's a textbook that may be a little easier to read because it's videos and exercises
and it's a little bit more interactive.
It's not a passive experience like a textbook.
But really it is just a 21st century textbook.
And actually it's improved my on-campus teaching as well because now,
Now when I teach a class on campus, if there's like a topic that I think is kind of boring
and maybe we should move on to something more interesting and spend more time on the more
interesting stuff, all I do is I kind of give an overview of the maybe the easier topic.
And then I just say, you know, go see the MOOC to kind of get a more in-depth coverage
of that topic.
And then we move on to the deeper and more interesting topics that might take longer and
require more class time.
So it really has improved my on-campus teaching as well because I think.
can rely on it and direct students to watch it, just like in the old days you might direct
students to read chapters in a textbook, except students wouldn't read the chapters in the
textbook. Whereas here, all they have to do is just watch some videos. They seem to be much more
attuned and used to that, I guess, in the age of YouTube.
So we need to sign up for the MOOC right away. Go for it. I feel like we're going to get quiz
next time we see Dan. So just the MOOC, I mean, how geographically, how does it distribute?
And have you noticed any, like, cryptography is hot in, you know, I don't know.
The new cryptographic clusters.
Oh, yeah.
No, it's actually all over the world.
It's fairly, fairly, there's obviously a strong center in the U.S., but, no, it's from all over the world.
India, China, all the places you would imagine.
And it's fairly uniform.
You said that the CS department at Stanford has a highest number of women as a major.
Are you seeing any kind of distribution across your MOOC, male, female, that tells you anything?
Or even geographically, yeah.
That's a great question.
But to be honest, I looked at the geographic distribution.
I haven't quite looked at the gender distribution.
Okay.
So I don't know the answer to that.
Well, we'll find that out next, I guess.
Yeah.
Are they all watching the MOOC on their phones?
Because not everyone has computers in foreign countries.
Yeah, they can watch it however they want.
They can watch it on their laptop.
If they have a slow internet connection, they can download the videos overnight
and then watch them the following day.
They can watch them on their tablets.
They can watch them on their phone.
They can watch however they want.
So the platform is actually very general.
And I should say that it's not like sitting in a movie theater and watching a movie passively.
These MOOCs basically, at least my lectures, they pause every minute or two and ask the students' questions.
It's more of the Socratic way of learning where, you know, let's develop this material.
And by the way, what do you think about this topic?
And then the student has to answer.
And then we continue based on the student's answer.
So that kind of the – it really is kind of an interactive experience as the – as the –
course evolves. And are the questions that you're saying you answer all these emails, are the questions
that you get in any way different from the questions you get from your students at Stanford? I mean,
in terms of type and kind of what they're going after? Well, they're all over the place. Some of the MOOC students
are extremely bright. Yeah, they ask really, really good questions. And in fact, they answer each other's
questions. There's like an online forum as part of the MOOC and they answer each other's questions.
And I read the answers and they're extremely insightful. So, well, you know, there are lots of smart people.
out there, and I'm happy that they're taking these MOOCs.
It's great that Stanford is encouraging it, too, because, you know, one could argue, like,
wait, you're paying this tuition, and this is our best asset, these professors, and then to
give your knowledge away for free, I mean, some universities actually have a complete opposite
attitude about that.
Right.
So, as we said, I mean, this is not going to replace on-campus education.
It's more to supplement it.
And the goal is to basically have our way of looking at the material be made available to
the world.
It's a 21st century textbook.
Exactly.
It's exactly like a textbook.
Love it.
We love that.
Dan, we're really excited to have you as our new professor in residence.
We can't wait to keep the conversation going about all of these exciting topics and more.
For me, I can tell you that a lot of my research is being driven by ideas that come out of startups.
So working with the startups that come through Andreessen Horowitz is going to be a lot of fun for me, looking at ideas, looking at pitches, expressing opinions, obviously.
All of this, I'm really excited and I'm looking forward to doing all of it.
Thank you.
Thanks.
Thank you.