Ralph C. Merkle
Life is good. More is better.
I am interested in molecular manufacturing (also called molecular nanotechnology, see my video introduction). The central objective of molecular manufacturing is the design, modeling, and manufacture of systems that can inexpensively fabricate most products that can be specified in molecular detail. This would include, for example, molecular logic elements connected in complex patterns to form molecular computers, molecular robotic arms or Stewart platforms (e.g., positional devices) able to position individual atoms or clusters of atoms under programmatic control (useful if we wish to make molecular computers and other molecular manufacturing systems), and a wide range of other molecular devices. A central concept for achieving low cost in molecular manufacturing is that of massive parallelism, either by self replicating manufacturing systems or convergent assembly. Such systems are today theoretical, but should revolutionize 21st century manufacturing. The marginal manufacturing costs for such systems should be quite small, although initial R&D costs might be quite high. I served for several years as an executive editor of the journal Nanotechnology. I chaired both the Fourth and Fifth Foresight Conferences on Molecular Nanotechnology; and won the 1998 Feynman Prize in Nanotechnology for theory. Robert Freitas and I have formed the Nanofactory Collaboration.
I also have a broad interest in computer security and a particular interest in cryptography, having co-invented public key cryptography (for which I received the ACM Kanellakis Award, the IEEE Kobayashi Award, the RSA Award in Mathematics, the IEEE Hamming Medal (see Stanford's article), was inducted into the National Inventors Hall of Fame, was named an IACR Fellow and a Fellow of the Computer History Museum). I also invented the Merkle signature, based on the Merkle tree. A C program that implements Merkle signatures is available. See Handbook of Applied Cryptography for an excellent technical treatment of cryptographic methods, and Crypto for a great read about the people involved. My first paper (and, in fact, the first paper) on public key cryptography was submitted in 1974 and initially rejected by an unknown "cryptography expert" because it was "...not in the main stream of present cryptography thinking...."
The likely development of quantum computers (QCs) in the next one or two decades would compromise all widely used public-key cryptosystems (PKCSs). This includes RSA, ECC, DHM, DSA, and various implementations thereof, and any other system based on the difficulty of factoring or discrete logarithms. The development of quantum computers might occur rapidly (less than ten years). Such rapid development could occur in secret, with little or no warning to the public or other interested parties.
As a consequence of the foregoing, NIST should begin a competition as soon as practicable to establish a QC-resistant PKCS standard. A Google search shows a great deal of activity in this area.
As NIST has not started a competition to establish a QC-resistant PKCS standard, and as the time required to complete such a competition is long, and as the time to adopt such a standard worldwide is long, and as the time to deploy such a standard, even after it has been adopted, is long; it may already be too late to deploy a QC-resistant PKCS standard throughout the world before quantum computers become available.
Because we might not finalize and deploy an acceptable QC-resistant PKCS standard in time, NIST should begin immediate development of a suite of conventional cryptographic protocols that do not use PKCSs to replace today's widely used public-key based protocols. AES and SHA-3 could be used. Conventional key distribution protocols using key distribution centers are well known. NIST might serve as a national key distribution center. A digital signature believed to be QC-resistant, and which could be based solely on SHA-2 or SHA-3, is already known; work on implementations is ongoing. This standardization effort should therefore be relatively straightforward and could proceed relatively rapidly (though any standardization effort will require significant effort). Should a QC-resistant PKCS not be adopted in time, widespread deployment of the conventional cryptographic protocols could proceed.
These conventional cryptographic protocols should be deployed by organizations with high security needs as soon as practicable, as (a) the time-frame in which quantum computers will actually be implemented is uncertain and might be more rapid than widely thought, and (b) existing users with high security needs are already at risk because attackers who record user traffic will be able to cryptanalyze it when quantum computers become available. Systems that protect long-lived secrets should already be QC-resistant. Similarly, long-lived digital signatures should already be QC-resistant as such signatures will become invalid unless they are time-stamped by QC-resistant systems prior to the development of quantum computers. The developers of a quantum computer are likely to keep its existence secret for some time, during which time they could freely forge signatures for any system that was not QC-resistant: signatures that most would find hard to dispute.
Researchers in molecular nanotechnology are more aware than most of the truly remarkable medical advances we can expect in the next few decades. The ability to arrange and rearrange atoms and molecules in most of the patterns and structures permitted by natural law will enable truly remarkable capabilities, including the full power of a mature nanomedicine, which should make good health the birthright of all humanity. Disease, disability, and the infirmities of old age will become rarities; joining polio, the plague and smallpox as ancient pestilences finally laid to rest by the inexorable advance of technology. While some of us might have the good fortune to stay alive and healthy until these medical marvels are available, cryonics offers a bridge to the future in case we wouldn't otherwise make it. Should our health fail we can be cryopreserved and cooled to the temperature of liquid nitrogen. At that temperature, tissue remains essentially unchanged for centuries. We can preserve ourselves for the few remaining decades until the day when nanomedicine can heal our injuries and restore our health: as good or better than the health we enjoyed in our 20's or 30's. For further information, see my web page on cryonics or my video introduction to cryonics.
My wife and I joined Alcor (the world's leading cryonics organization) in 1989. We recommend that anyone interested in a long and healthy life do likewise. For further information, see the Alcor FAQ.
I have been an Alcor Director since May 21, 1998. I chaired the fourth and fifth Alcor conferences.
I'm also interest in medical applications of nanotechnology, computational chemistry, reversible computing, extropians, and other areas. My wife is Carol Shaw. My sister, Judith Merkle Riley, wrote historical novels (1, 2, 3, 4). My father, Theodore Charles Merkle, ran Project Pluto. My great uncle was Fred Merkle, of baseball fame. My great grandfather emigrated from Switzerland in the 1860's. Some incorrect negative forecasts of future technology.