Teaching crypto to newbies

Tue Dec 2 02:20:29 CET 2008

On Mon, 1 Dec 2008, Robert J. Hansen wrote:

> reynt0 wrote:
>> So newbies may be due some slack when they don't do well with
>> learning "trust" as logic, because it isn't logic.
>
> On the contrary, it _is_ logic.  It's an exercise in theorem proving.
> "Given: I trust Alice to sign keys; Alice has signed Bob's key.  Prove:
> I trust the correctness of Bob's key."
>
> The fact we so rarely think of trust in terms of math does not diminish
> the fact that in order to accurately talk about trust we need math.
> It's kind of like catching a baseball.  Anyone can do it, but if you
> want to accurately talk about trajectories and velocities you're going
> to need either some really advanced algebra or some elementary
> differential calculus.
>
> Most people decide trust issues by intuition.  What I would very much
> like to see is for people to take the next step, and determine trust on
> the basis of deductive logic.

(First, understand I'm not claiming what I have to say about
this is any kind of perfect analysis, etc, rather it's like
trying to get hold of a bag of wriggling snakes and I'm
looking for the top of the bag so it can be twisted together
and grabbed hold of.  So FWIW:)

To a newbie that exercise may sound like (in quasi-logic terms,
and conflating all concepts which are like trust to "T"):
- I T Alice to T keys.
- I T that Alice has T'd Bob's key.
- How can I T that the key being presented to me as Bob's is T?

Compare something like, off the top of my head:
- I understand there's this key signing technique.
- There's always risk that someone will sign a bad person's
key, but Alice is pretty reliable (ie low risk).
- Via the key signing technique, I have info that Alice has
signed Bob's key (where experts have figured the risk is
really low that the key signing technique will produce bad
signs).
- How can I calculate the risk that this isn't really Bob's
key?

The former seems to ask for logical certainty, with "T"
referring to people, processes, and things, and seemingly
concatenated to boot.  Perhaps very confusing to a newbie: 
"I mean, who is really certain of anything?; and who can
you really trust these days, anyhow?".

The latter reduces everything to an evaluation which a lot
of people have experience with. There are studies about
how poorly people may estimate actual risks, but they do
make such estimates.  So some of the problem might be
reducible to the general one of improving estimates of risk.
And for crypto, that can be at least partly stuff like FAQ
and rules of thumb and reports of experiences, etc, the
usual stories people go by when there is not science.  And
there is math of risk, though not at a level where most
likely newbies can do the math.  And risk is an idea that's
involved anyhow in the discussion of crypto techniques,
as mentioned above re bad signing.