The Guru of Cyber-Cryptography

Summer 2014

Matt Green aims to fundamentally change the way we interact with the electronic world—to ensure complete privacy “so that nobody else can see what you’re doing.”


On the third floor of Shaffer Hall, on a frozen, sunny Monday, there is music. To be precise, it is a piece of music coded early in the 19th century in flats and sharps and semiquavers by an immortal German genius.

But while Beethoven’s Symphony No. 5 in C Minor wafts down the hallway from Course AS.376.215—Western Classical Music—a different kind of air is being played at the opposite end of the corridor. It goes like this:

/bool ObfuscatedSuperSecretPasswordProtectedStuff(string passwd)
    static string HARDCODED_SALT = 0x......; // this is a salt value
    static string HARDCODED_PASSWORD_ HASH = 0x......; // this value is H(salt + target password)

    // First, hash the input password with the salt
    hashedPass = H(HARDCODED_SALT + passwd);
    if (hashedPass == HARDCODED_PASSWORD_HASH) {
        return true;
    } else {
        return false;

This is the 21st-century sonata of spaghetti code and random oracles, rainbow tables, and obfuscating hash. To most smartphone, tablet, and computer users, it is invisible—the background Muzak of ones and zeroes that enables our digital age. But to cyber-criminals, colliding governments, colluding hackers, and the hard-wired cryptographers who are working to deter them, it is a temptation to invade our deepest secrets.

At the front of the room is Matthew Green, MS ’07 , PhD ’09, assistant research professor in the Department of Computer Science, bearded, glib, self-assured, personable, and energetic, racing through material as if there is not a millisecond to lose. He is talking, this day, about Internet privacy—and the “man in the middle attacks” that plague it.

The course is named Practical Cryptographic Systems, and the room is packed.

“With a shared secret, you can do lots of stuff,” Green declaims, launching into a rapid-fire chalk-on-blackboard discussion of the privacy signatures, extended Euclidean algorithms, and randomly generated large primes that currently are used to individualize our emails, texts, and online business dealings.

“How do the privacy signatures work?” a student asks.

“Magic,” Green replies.

And then, a moment later: “Magic is not an answer.”