Cipher Issue 147, January 25, 2019, Editor's Letter

Dear Readers,

The flagship conference of the IEEE Computer Society's Technical Committee on Security and Privacy is the Security and Privacy Symposium, which has been held in May in the San Francisco Bay Area since 1980. The program committee is now making the final selections for the program, and now is the time to plan to attend the event. All the details are at

I would like to take a moment to muse on the churn of ideas in the field of security and privacy. Blockchain technology, in particular, has a remarkable use of old ideas in new contexts. As an example, using Merkle trees for verifying the contents of data sets dates back to 1979, and the notion of a verifiable distributed log file dates back to 1990. Combine those ideas with digital signatures (1978) and Proof-of-Work (1993), and suddenly a new form of currency emerges (BitCoin). Was BitCoin a foreseeable possibility in 1980, or is it simply the case that some ideas are fundamental building blocks, waiting to be used by a new invention?

Perhaps it is difficult to distinguish between a fundamental concept and a dead-end novelty when a field is young, or perhaps it is the case that fundamental ideas in a young field are lying about like stones in a New England pasture. In any case, I have gained an appreciation for the utility of re-examining previous research in the light of new contexts. Sometimes a conference paper seems to be a slight enhancement to an older idea, but it might just be on the cusp of a new discovery. On the other hand, there is a distressing tendency to ignore older work when developing new ideas. Some conferences have "Test of Time" awards to highlight particularly important "classic" papers, but there are probably more neglected gems than anyone has time to document.

At the time of this writing the US Federal government was locked in a shutdown that prevented many of its employees from receiving paychecks for the time being. Although the situation has been alleviated by a 3-week funding agreement, the situation has affected normal functioning, and at best it will take some time for a recovery. Two affected agencies are of particular importance to the US research community: DHS and NSF. Each day of shutdown builds up time pressure on contractual processes to fund security research (and many other kinds of research). We hope for a favorable and speedy end to the impasse.

For all the US security researchers employed by or funded by DHS:

Down doobie doo, down down,
They say that shutting down is hard to do,
Now I know, I know it's half true,
The Prez just says this is the end,
Instead of shutting down I wish that we were getting paid again.

Wall, woobie woo, wall, wall,
Our government has come to a crawl,
Nancy said, just plant a hedge.
Come on Donnie, let's start anew,
Cuz shutting down is hard to do.

(with apologies to Neil Sedaka and anyone who cried over a romance when this parodied song was new)
      Hilarie Orman