Interview“I haven’t decided whether Bitcoin is something to be proud of”: Prof. Naor talks proof of work, anonymity, and cryptographic impact
Interview
“I haven’t decided whether Bitcoin is something to be proud of”: Prof. Naor talks proof of work, anonymity, and cryptographic impact
Prof. Moni Naor from the Weizmann Institute, recent winner of the Rothschild Prize for his research in the field of computer science, is responsible for the theoretical foundation of Bitcoin mining.
"I have yet to conclude whether Bitcoin is positive or negative, and accordingly, whether I should be proud of this application of my work," said Prof. Moni Naor of the Weizmann Institute of Science, who has been researching the fundamentals of cryptography for 30 years and recently won the Rothschild Prize for his research in computer science. The Rothschild Prize has been awarded by Yad Hanadiv, the foundation of the Rothschild family, since 1959, in ten academic fields.
"I don't know where Bitcoin is heading. As for what people will do with it, I can't say," Prof. Naor shared in his first media interview. He was notably involved in the fight against spam, and his work ultimately served as the theoretical foundation for Bitcoin mining.
Did you ever imagine that your work would become the foundation for Bitcoin and the birth of the cryptocurrency market as we know it today?
"I would say I contributed in two key areas. The first was the concept of a token-based market where a coin or token could be transacted offline and remain fully anonymous, preventing what is known as 'double spending'—ensuring a coin isn't redeemed twice. But that wasn't the direction cryptocurrencies eventually took. The second idea, which I developed with Cynthia Dwork, is called 'Proof of Work.' This involves making payment through work, such as performing a computationally heavy task, or a calculation that demands significant memory access. This concept is widely used in cryptocurrencies, with Bitcoin being the most prominent example."
One of Naor's notable achievements is his work on "homomorphic encryption," a method that allows encrypted content to be understood without decrypting the original message. This breakthrough has led to the development of unique tools that have significantly advanced online consumerism and information security. A practical example of this is how credit card companies can monitor transactions to detect fraud, even though they don't know the specific details of the transaction itself.
When you work in cryptography, do you ever anticipate that your theoretical work might one day underpin a currency with immense market value or enable secure online transactions?
"I'm always amazed when I see my theoretical work applied in real-world contexts. While every piece of theoretical research is conducted with the hope that it will lead to practical applications, it's still exciting when it happens. For instance, with homomorphic encryption, we discussed it extensively, but in the early 2000s, we weren't sure if it was feasible. The fact that it became a reality was a complete surprise."
What drew you to the field of cryptography, which has a reputation for being somewhat anarchic?
"It's true that when I started, there was an element of anarchism. But encryption itself is an ancient field. Even in the Bible, Jeremiah used encryption as a rhetorical tool, which indicates the concept was known long ago. However, it only became a scientific discipline in the 1970s. Before then, the work was classified, but as computer communications advanced and government monopolies on cryptography weakened, the field opened up. Social developments like the Vietnam War and Watergate also played a role, as public trust in governments declined. These were the roots of the academic cryptography community, though they no longer define it today.
"What led me to the field was computational theory—the idea that cryptography turns bad news into good news. For example, the fact that some problems are computationally difficult to solve can be a positive thing. We discovered that it’s computationally hard to determine the prime factors of a large number, which is very useful for encryption."
Where have you been most pleased to see your work applied?
"There hasn't yet been an application that I'd say, 'Wow, this can cure cancer,' though there may be one day, as there are some similarities between the immune system and cryptography. For example, regarding Bitcoin, am I happy with that application? I’m not sure yet. I haven’t decided whether Bitcoin is something to be proud of. However, I'm quite satisfied with a concept we developed around non-malleable cryptography, which prevents modification of encrypted data without detection.
"It sounds counterintuitive: how can you create another encryption related to the original without understanding it? But, similar to a one-time pad, you can attach something to the original message to create a related encryption without needing to understand the original. This concept ultimately led to digital signatures, which verify the authenticity and integrity of electronic messages—an encryption method now commonly used behind emails and read receipts."
Recently, Telegram announced it would cooperate with law enforcement and share user data from the app. What are your thoughts on the tension between privacy and law enforcement's access to data?
"My natural inclination is to support end-to-end encryption, even though it poses challenges for law enforcement if they want to spy on someone. It definitely creates tension, but I don’t see a logical solution that avoids end-to-end encryption. My stance is to support what's best for reasonable people and avoid weakening encryption."
One way to maintain online security is through "Captcha," which ensures that a user is human. But it seems that today, robots can overcome this barrier.
"In 1996, I wrote an article proposing various ideas for these tests, and today, AI can solve all the problems I raised. Artificial intelligence has advanced significantly."
Does that mean your field is in a constant arms race?
"The goal is for it not to be an arms race. If we do things correctly, the solutions should be long-lasting. Someone once described cryptography as an arms race to me, and I was quite offended at the time, but I've grown more accepting since then."
