PREFACE BY JON Like many others, I am very upset by a recent article by Neal Koblitz that appeared in the Notices of the AMS. I find the content and tone of his essay completely objectionable, but that is not what interests me here. Rather, I am amazed and irritated at how susceptible the scientific and mathematical communities have been with regard to Koblitz's criticisms. I see Koblitz invited to give talks at many venues, but never see anyone invited to present a counter-argument. Are people really that gullible? For this reason and others, I thought publication of Koblitz's article in the Notices of the AMS was inexcusable and irresponsible. Below is a letter I sent to the editors of the Notices. This letter is scheduled be published, in abridged and edited form, in the December issue. THE LETTER ITSELF ----------------- I was shocked and dismayed that the AMS published Neal Koblitz's article [``The Uneasy Relationship Between Mathematics and Cryptography'', September 2007] without, apparently, any editorial oversight. As one who works in the field of `provable security', I vehemently disagree with most of Koblitz's points --- more on this below --- but this is not my primary complaint. Instead, what I found most abhorrent about the article is that it crosses the line from reasoned academic argument to personal screed, from constructive criticism to belligerent name-calling. I cannot imagine the Notices publishing a similarly disparaging article about any other academic discipline, let alone one so closely allied with mathematics. By yet another fault of the editors, readers were not given the opportunity to read a companion article containing a countervailing point of view. Without dissecting Koblitz's arguments point-by-point, let me assure readers that proofs in modern cryptography are as meaningful as proofs in any other area of mathematics. Can a scheme that has been proven secure still succumb to a real-world attack? Yes, but this does not invalidate the proof. (A proof of security is always given with respect to a particular definition; a single definition cannot be appropriate for all possible environments in which a scheme may be deployed.) Are most (but not all!) results in cryptography conditional? Yes, but this has also been shown to be inherent at least until the ``P vs. NP question'' (one of the seven ``Millennium Problems'' of the Clay Mathematics Institute) is settled. Do mistakes happen? Occasionally, and with more frequency then we might like. But this surely does not diminish the importance of proofs in the first place. Frankly, I cannot understand why any mathematician would discourage the use of precise definitions, rigorous proofs, and formal reasoning in any field. (Indeed, precisely these elements have been instrumental in helping cryptography progress from an art to a science, and they have also played a large role in the real-world success that cryptography has enjoyed.) Koblitz's article clarifies his motivation: sheer elitism. According to Koblitz, cryptographers publish papers of ``little originality'' and containing ``tiny improvements''; when we do publish something of potential interest, it is just as likely to be wrong. According to Koblitz, apparently, cryptographers are simply incapable of writing correct proofs, hence his admonition that cryptographers simply give up on the goal rather than focus on better quality control. This is snobbery at its purest. Publication of Koblitz's article has the real potential to cause serious damage: not to the field of cryptography --- which will do just fine with or without Koblitz's support --- but to the future involvement of mathematicians in the field. In the future, the editors should more carefully weight the pros and cons of publishing `contributions' of this nature.