Hello Objectivists!

[JoshJaffe]

Hello all,

I just discovered this forum a couple of days ago, and I'm excited to

join in the discussion! I have been looking for a forum where people

are actively discussing Objectivism.

I have been a student of Objectivism for just over two years, since

reading Atlas Shrugged and then hearing Dr. Peikoff's lectures on

Induction in Physics and Philosophy. (I have also started studying

Objectivism in the OAC.) Discovering Objectivism has been a

life-changing experience for me.

About 8 years ago I co-founded a company that does research and

consulting in Cryptography. I "co-founded" it in the sense that I

moved out to San Francisco and started working for a long time friend

who is a world expert in the field of Cryptography and who was

expanding his consulting practice into a business. My background is

in radio astronomy and computer science, and our consulting and

research has focused a great deal on analyzing the physical properties

of cryptographic system implementations. Our company has been

successful so far. Go CRI! We have pioneered a very interesting side

of cryptography that has helped to break crypto out of the

mathematical rationalism it had been trending towards. I hope to get

around to posting a description of this work sometime. (I have some

specific philosophical questions relating to a one issue in

particular. But I will post in this later.)

My philosophical background:

I was raised as an evangelical Christian (preacher's kid) with a great

respect for reason. In college I chose to study science and

philosophy, following my two main interests: physics (astrophysics),

and epistemology (reason & faith). I dropped philosophy before my

sophomore year, and switched to computer science. The summer before my

Junior year I discovered that the contradiction between reason and

faith was not simply a result of my failure to understand

Christianity. I figured out that I could resolve the contradictions

in Christianity if I rejected it completely.

Unfortunately I wasn't exposed to Rand / Objectivism for another few

years. I studied Existentialism, parts of which are well-tuned for

post-Christian thought, but it didn't lead to much. For lack of an

alternative ethical system, I temporarily returned to Christian

(liberal/socialist) ethics via a liberal branch of the church that

explicitly embraces Christian ethics as a floating system to which the

question of God's existence is irrelevant. Ouch.

Thankfully, after college I founded this company with a superstar of

cryptography, and his genius attracted an Objectivist like a moth to

the flame.

My interests in philosophy:

I'm primarily interested in epistemology, metaphysics, and the

philosophy of science.

There are a couple of topics that are of particular interest in what I

think is an area of overlap between philosophy and my current projects

at work.

Specific topics related to my work involve: OK, epistemology in

general, but in particular the topics of induction, statistics,

randomness, information theory, (AI), and the philosophy of science.

I am also interested in chewing other topics in Objectivism, though

levels higher than ethics are not a primary focus for me now.

I'm relatively new to this philosophy; on the one hand I feel like I

am starting to know parts of it well. On the other hand, I feel like

there is much that I'm barely starting to grasp.

-- Josh Jaffe

[BurgessLau]

I'm relatively new to this philosophy; on the one hand I feel like I

am starting to know parts of it well.  On the other hand, I feel like

there is much that I'm barely starting to grasp.

-- Josh Jaffe

Welcome, Josh!

The process of integration, at least for me, is like an ascending sine wave: Oh, I see the connection! But, wait, what about this? Oh, now I see a wider connection. But, then again, there is this other thing ... and so forth.

The rate of integration may slow eventually, but the breadth of integrations you will make -- not only as you study Ayn Rand's philosophy, but as you apply it to your life -- will be stunning at times.

For an active mind like yours, the road ahead is very exciting.

P. S. -- Thanks for the lunch!

[jedymastyr]

...I'm excited to

join in the discussion!  I have been looking for a forum where people

are actively discussing Objectivism. 

I have been a student of Objectivism...

There won't ever be too many people like that around.

Welcome!

[stephen_speicher]

Hello all,

Welcome to the forum, Josh. You appear to be a very nice addition.

My background is in radio astronomy and computer science, and our consulting and research has focused a great deal on analyzing the physical properties of cryptographic system implementations.  Our company has been successful so far. Go CRI!  We have pioneered a very interesting side of cryptography that has helped to break crypto out of the mathematical rationalism it had been trending towards.

I would like to hear in what ways cryptography has been beset with mathematical rationalism, and in what way your work reverses the trend. I must note that the ambition of CRI seems quite great, in that, through the discovery of DPA you have, literally, created a market for your own products to counteract. Have those with criminal intent picked up yet on using DPA?

p.s. Do you put special characters at the end of each line? I notice that when quoting your text it does not flow and wrap the way the usual text does from other posts.

[jedymastyr]

Do you put special characters at the end of each line? I notice that when quoting your text it does not flow and wrap the way the usual text does from other posts.

Just a guess before he answers...his text appears to be manually word-wrapped to the size of the text box used to start a new topic. Even in his original post, the text doesn't wrap like normal. The longest line, ending with "my," is slightly less than the text box's size. This would be consistent with hitting return every time the cursor gets close to the right edge, rather than letting it word-wrap by itself. I wondered this same thing myself, when I originally read the post, and that's what I assumed happened. Just my best guess I'm now even more curious to hear what it is...

[stephen_speicher]

Just a guess before he answers...his text appears to be manually word-wrapped to the size of the text box used to start a new topic. Even in his original post, the text doesn't wrap like normal. The longest line, ending with "my," is slightly less than the text box's size. This would be consistent with hitting return every time the cursor gets close to the right edge, rather than letting it word-wrap by itself. I wondered this same thing myself, when I originally read the post, and that's what I assumed happened. Just my best guess I'm now even more curious to hear what it is...

Sometimes I compose a reply offline, using an editor that I brought along to Windows from Linux. When I use that editor I first set the line length to a small number, a number which makes it easy for me to edit. Then, when I am ready to post, I set the line length to some enormous amount, so when I copy over the words to the forum text box, the words and lines flow and wrap in the normal manner. If I left the line length at the smaller number, then the text would appear restricted to that line length. I guess that editor I sometimes use must place some control character(s) at the end of each line, and that is why it would not wrap on the forum text box. Perhaps Josh uses a similar Linux or Unix editor and he sets the line length to the forum text box size.

[JoshJaffe]

Sometimes I compose a reply offline, using an editor that I brought along to Windows from Linux. When I use that editor I first set the line length to a small number, a number which makes it easy for me to edit. Then, when I am ready to post, I set the line length to some enormous amount, so when I copy over the words to the forum text box, the words and lines flow and wrap in the normal manner. If I left the line length at the smaller number, then the text would appear restricted to that line length. I guess that editor I sometimes use must place some control character(s) at the end of each line, and that is why it would not wrap on the forum text box. Perhaps Josh uses a similar Linux or Unix editor and he sets the line length to the forum text box size.

You guys are good guessers. I did indeed compose my introduction offline. I did use a Windows port of an editor that I learned in the Unix world, and that was set to wrap at 70 characters.

When I don't manually flow the lines, I find that the browser I am using wraps the lines at something like 160 characters, which is harder for me to read. Should I explore the personal configuration options to set this value lower? (I figured that few people would wrap at less than 70 characters. Even if I set my display resolution to 800x600, it still doesn't double-wrap lines on my machine.)

Personally I don't mind having lines wrap shorter than the display width. . . But I really don't like it when lines are slightly too long and manually wrapped. In that case you can end up with the even lines overflowing and the odd lines containing only one or two words. ick!

=)

But I'll switch back to the convention and let the website handle line wraps.

-- Josh

[JoshJaffe]

Welcome to the forum, Josh. You appear to be a very nice addition.

I would like to hear in what ways cryptography has been beset with mathematical rationalism, and in what way your work reverses the trend. I must note that the ambition of CRI seems quite great, in that, through the discovery of DPA you have, literally, created a market for your own products to counteract. Have those with criminal intent picked up yet on using DPA?

Hi Stephen,

Thank you! And I'm glad you asked!

I'll have to answer about mathematical rationalism in cryptography when I have more time. As for your question about criminals picking up on DPA (differential power analysis) . . .

We are aware of two groups that have been using simple power analysis methods to analyze security systems with potential fraudulent intent. These groups are TV hackers and government spooks . I have no reason to believe that the TV hackers are using differential power analysis methods, but I do think they represent a threat that must be respected. These guys have shown a lot of technical creativity and prowess, and some of them have deep pockets.

It is not clear how much various governments knew about DPA before the secret leaked out. Today I'd expect that all the spooks know about it. Whether or not governments have criminal intent depends a lot on the context.

I do believe that the credit card industry has dodged a bullet by by taking DPA seriously. The satellite TV smart-card industry in the 1990s is an example of how badly things can get if a different approach is used. Smartcards are supposed to provide renewable security. If a system gets compromised, the company can just replace all the existing cards with new cards containing improved security. At least that is the plan. But when the hackers figured out how to hack an early version of one particular system, the company responded by doing a swapout that still contained a number of flaws. The attackers were able to break the new system within a number of weeks. Over a few years this process continued: the company would release an incrementally updated system, then the hackers would break it. This incremental update process was bad for a number of reasons: first, it guided the hackers up the "learning curve" by making each product only a little bit stronger than the previous. Second, it allowed hackers to develop a _service_ type business model. Hackers developed networks of clients that would buy unlimited-access cards. Whenever a new security system / updated hack came out, the hackers could then go around to their clients and get an incremental $10-$50 to apply an updated hack. Criminals were able to make millions of dollars here. And those dollars weren't spent buying copies of Atlas Shrugged.

-- Josh

[stephen_speicher]

I'll have to answer about mathematical rationalism in cryptography when I have more time.

I will look forward to it, but to be completely honest I am more than a bit surprised by the assertion (not only the existence of mathematical rationalism in cryptography, but in what manner your approach helps to reverse the "trend."). Over the years I have developed respect for a number of people who work in cryptography. However, I have much, much less knowledge and awareness of the details in that field than in others, so I am certainly open to listening.

(An afterthought: perhaps you might be referring to the work in quantum cryptography. If so, I can certainly agree with the rationalism prevalent there. However, in my mind, I have always blamed the quantum people for that, not the cryptography field itself.)

We are aware of two groups that have been using simple power analysis methods to analyze security systems with potential fraudulent intent.  These groups are TV hackers and government spooks .  I have no reason to believe that the TV hackers are using differential power analysis methods, but I do think they represent a threat that must be respected. These guys have shown a lot of technical creativity and prowess, and some of them have deep pockets. 

I would guess that having the chipcard in the hands of the user makes TV-hacking quite vulnerable, but until they exhaust much easier means it is hard to see how these hackers could turn to DPA. On the other hand, the spooks ... well, that is a different story.

You are in an interesting and fun field, combining mathematics, physics, and computers, exactly what I have loved for some time. Kocher has gotten recognition for his work, but considering the interest and judging by the papers coming out, you guys really have to stay on your toes to keep ahead of the pack. Have fun, and good luck.

Edit: p.s. Thanks for switching over to "flowing" text. It makes it much easier and more readable in responses.

Edited December 8, 2004 by stephen_speicher

[stephen_speicher]

You guys are good guessers. I did indeed compose my introduction offline.  I did use a Windows port of an editor that I learned in the Unix world, and that was set to wrap at 70 characters.

Ha! And some silly people reject the future as foreseen through paranormal eyes. Where is Art Bell when you need him!

[JoshJaffe]

Welcome, Josh!

The process of integration, at least for me, is like an ascending sine wave: Oh, I see the connection! But, wait, what about this? Oh, now I see a wider connection. But, then again, there is this other thing ... and so forth.

The rate of integration may slow eventually, but the breadth of integrations you will make -- not only as you study Ayn Rand's philosophy, but as you apply it to your life -- will be stunning at times.

For an active mind like yours, the road ahead is very exciting.

P. S. -- Thanks for the lunch!

Hi Burgess,

You're welcome for the lunch! It was really good to meet you. We should "do lunch" again next time I'm in Portland.

I also want to say I've really enjoyed reading your posts on this board. Although in general there can be a lot of variation in the quality of posts here, I have found your posts to be consistently razor sharp and cutting straight to the essential issues and questions relevant to the discussion. Thanks!

-- Josh

[JoshJaffe]

... I would like to hear in what ways cryptography has been beset with mathematical rationalism, and in what way your work reverses the trend. ...

Hi Stephen,

To get back to your question about mathematical rationalism and cryptography, let me begin by clarifying that I wouldn't say that cryptography is beset by mathematical rationalism.

There is a lot of great work being done in crypto. I would not call most of it rationalistic.

I won't name names here, to try to keep this thread from google-biting me.

[note: these comments are made informally and are not intended to be cited.]

I was thinking of two or three main things here.

The first is simply that there is somewhat of a theory / practice divide in crypto, particularly when it comes to getting papers accepted to the main conference in cryptography. Partly due to the recent interest in side-channel cryptanalysis, a new conference was launched in 1999 that focuses on both theory and practice. As a result I have seen a significant increase in the number of papers that discuss theory in the context of real applications, and that actually test designs in implementation.

The other influence that pushes cryptography towards rationalism is more fundamental to the nature of our task. Systems are complex. The human mind is limited. [ref: the Crow] To understand a system, we must find a way to manage this complexity. In epistemology we use concepts to identify and name generalizations about concretes. In science, we use models and layers of abstraction. Cryptography is the science of securing information. Security is not a feature: it is an absense of functionality. The absense of a leak.

Cryptographic systems are designed with a range of threats in mind (the "threat model"). When the threat model does not accurately capture all of the ways that information can leak out of a system, then that system can be vulnerable to cryptanalysis even if the theory behind the cryptosystem is otherwise sound. In other words, security permits no significant difference between model and fact.

Why did I imply that crypto was heading towards mathematical rationalism, and that our work helped break it free of this? Well, the models that cryptographers typically used involved very high level layers of abstraction. Most papers dealt purely with mathematics, and ignored the fact (for example) that multiplication was carried out by multipliers within computer chips. Chips that take a certain amount of time to complete their task. That consume some power and give off some heat. We found that by measuring these attribute of chips during crypto operations we were able to figure out the value of secret data they were processing.

To defend against this class of attack, models must become more detailed-- yes. (Correspondence to reality is the goal.) But that is not the only point: abstractions remain necessary because of "the crow". Designers must be aware that their abstractions rest on assumptions. To validate a design they must "concretize" their models by shifting across each layer of abstraction and checking these assumptions. The goal is to have a system that is objectively secure in the real world, not simply to achieve theoretical security in a floating model.

-- josh

[stephen_speicher]

...

Josh, I'm sorry, but I fail to see how what you wrote is illustrative of a trend towards rationalism in cryptography. I do not doubt that there are rationalists in the field -- and here I would single out some in quantum cryptography -- but I do not think you have here made a case for your assertion.