The future of research: decline or transformation? Andrew Odlyzko AT&T Labs - Research Murray Hill, New Jersey, 07974 amo@research.att.com Researchers increasingly feel unappreciated. The funding for their work is often being reduced, and even when it is maintained, they are being asked for immediate practical payoffs and directed to work on specific projects. The lack of the old unfettered atmosphere, in which researchers were given considerable freedom to choose their projects, is frequently commented on. The atmosphere is dramatically different from that of the 1950s and 1960s, when senior managers were heard saying, as C. E. K. Mees of Eastman Kodak did (quoted in [1]) that The best person to decide what research work shall be done is the man who is doing the research. The next best is the head of the department. After that you leave the field of best persons and meet increasingly worse groups. The first of these is the research director, who is probably wrong more than half the time. Then comes a committee, which is wrong most of the time. Finally there is a committee of company vice-presidents which is wrong all the time. Today it would surely be impossible to find anyone in a position similar to that of Mees who would make a similar statement. Committees of vice presidents routinely make detailed decisions about research directions. Researchers have much less freedom than they used to. However, this does not mean that science and technology are not appreciated. We are in the midst of the digital revolution, a profound transformation of our world that is driven by technical developments. The fevered Wall Street initial offering scene is driven by the promise of technology. The aim of this note is to explain the paradox of increasing reliance on the fruits of research which goes hand in hand with restrictions on researchers' freedom. Any attempted explanation is inherently subjective, unfortunately. In spite of extensive studies, there is no convincing argument as to how much research society should have, nor how that research should be conducted. It is possible to argue that support for unfettered research should be increased. However, most indications are that this will not happen. While I do feel that there is need for some unfettered research, I think that there are sound reasons why it has been cut back and why it is not likely to rebound any time soon. It is important to understand these reasons to plan for the future. Research as a whole is not likely to be cut, but the pressure to justify projects as direct contributors towards solving major economic and social problems are likely to increase. This note is based in large part on more extensive presentations in [4, 5]. Additional discussions of the changing role of research are contained in the references listed there, such as [8]. I am not attempting to present a complete, balanced view of research. Instead, I am playing Devil's advocate, showing why the painful transformations that science is going through are unlikely to be reversed. My hope is that this will help researchers understand what is happening, and adjust their plans. Research has expanded tremendously in the last half century. In most fields, there has been about a 10-fold increase in the number of publications since 1950. This increase has led to (a) steady and rapid progress in all areas of technology and (b) unprecedented opportunities in applying existing knowledge. These factors have led to a situation where much of research can be foreseen and planned. While nature does have secrets, and the most important discoveries continue to come as surprises, it may be that explicit unfettered research is not as essential for human progress as used to be thought. As a participant at the Nashville meeting aptly put it, it could be that the large amount of current fettered research will provide all the crucial new insights that are needed as byproducts of the main work. Personally I do not think this is completely true, and that there is still need for unfettered research, but it has to be recognized that the arguments for it are not as simple as many think. It is easy to prove that we do need what I call "creative inefficiency," namely the ability of researchers to veer away from planned paths, or even to occasionally "bootleg" a project. On the other hand, the case for unfettered research is harder to make, and we should recognize there are valid reasons why that is so. To illustrate the evolving nature of research, I will cite a concrete example, that of cryptography. While this subject is several thousand years old, until recently it was of use primarily to soldiers and diplomats. However, the digital era depends on keeping information and communication secure and confidential. This has made cryptography one of the key enabling technologies for our society, and has stimulated a remarkable upsurge in unclassified research, with hundreds of papers published each year. (For general information about this area, see [6, 7], for example.) One of the most important developments in security has been the discovery of public key cryptography by Diffie, Hellman, and Merkle in the mid-1970s. (For a nice historical account of this work, see the paper by Diffie in [6].) Public key cryptosystems solve some of the thorniest problems in digital transactions, especially those of key management and digital signatures. As an example, when I sign an ordinary paper document, the validity of my signature rests on the difficulty of reproducing the exact finger movements that I make. These movements are ones I tend to make in the same way each time I write down my name, but they are not easy to describe. When a document is just a string of bits, though, what is a signature? If it were simply something appended to the document, what would prevent anyone from copying those final bits and attaching them to a document that I had not seen? Fortunately, public key cryptography provides a way to generate a different set of bits for each document that are associated with me, and me alone. The Diffie-Hellman-Merkle invention was the fruit of unfettered research, supported by an NSF grant to Hellman that was based on a proposal in a different area (at least in the early stages). It is an excellent example of a few individuals seeing much further ahead than their contemporaries, envisaging some of the serious problems of the digital era, and inventing a solution. Can we use it as an argument for defending unfettered research? We can, but the case for it is not as clear as one might like. As with many other examples of research, one can draw conflicting conclusions from this story. Public key cryptography was recognized right away by the scientific community both as a solution to a serious practical problem and as a great intellectual achievement. However, it did not come into widespread use until a few years ago, about 15 years after its discovery. It was only after computer and communication networks had become widespread that the problems foreseen by Diffie, Hellman, and Merkle became serious. Moreover, there have long been rumors, supported by circumstantial evidence, that public key cryptography had been invented a few years before the work of Diffie et al., but inside the classified cryptographic community. Thus it can be argued that even if Diffie, Hellman, and Merkle had not solved the problem in the 1970s, it would have been solved within a decade by somebody else, as soon as the problem became acute, in plenty of time for the serious applications that we see today. While there is merit to this argument, I do feel that the invention of public key cryptography in the 1970s was of great value. Without it, large efforts would surely have been devoted to building unnecessarily clumsy systems that would have provided some of the functionality of public key cryptography. However, the case for unfettered research that one could try to build on the basis of the Diffie et al. work is not as strong as one might think at first. Not only do we have the doubts whether it was really important to solve the problem as early as it was solved, but there is also the "opportunity cost," which represents the discoveries of more practical benefit that Diffie et al. might have made had they not worked on cryptography. Cryptography also provides lessons on why traditional unfettered research may not be optimal for society. Especially in universities, unfettered research is typically channeled into narrow areas defined by academic subjects. This promotes depth at the expense of breadth, and leads to inadequate exploitation of areas that do not fit easily into traditional fields. This is not to say that the research that is done is not worthwhile, but rather that it is not directed optimally. For example, our understanding of the strength of cryptographic algorithms has advanced substantially in the last two decades. However, one can argue that at least in public key cryptography, advances have been incremental [3]. There have been major theoretical breakthroughs, but when one considers what impact they have had on estimates of sizes of keys that have to be used to assure safe operation, there have been no big surprises. There has been a steady increase in the estimates of the largest integers that can be factored into primes (which is what is at the heart of the best known public key cryptosystems). About half of the increase is attributable to improvements in hardware (faster individual processors, and availability of more machines), and half to mathematical ideas. The result of having a large community working on well-defined problems is that our knowledge has been expanding at a steady pace. Nobody has lost sleep because of sudden surprising discoveries on how to factor integers. On the other hand, at the end of 1995, many people did lose sleep because of a surprising discovery by Paul Kocher, an independent security consultant who had just obtained an undergraduate degree in biology. Kocher found [2] that some implementations of both public and conventional cryptosystems are vulnerable to attacks that use information about the length of time it takes a legitimate recipient of a message to decrypt it. His attack did require a good understanding of cryptography, probability theory, and computer operations, and drew its strength from the novel perspective he brought to the problem. Instead of working on a narrow, well-defined problem such as integer factorization, he looked for more general vulnerabilities of the whole system. His attack is not anywhere as deep as much of the work on integer factorization, but it is extremely significant. The problem is how to encourage more of this type of work, in preference to conventional academic research. The conclusion that I draw from the arguments and examples above is that there are indeed valid reasons for the cutbacks in unfettered research. I do believe that research as a whole will continue to grow and flourish, and that researchers will need to be given extensive freedom in their work, since "creative inefficiency" seems indispensable to deal with the surprises that nature throws at us. However, some changes in science policy do seem justified, and unfortunately they are likely to mean some curtailment of our freedom of action. References: 1. J. Jewkes, D. Sawers, and R. Stillerman, "The Sources of Invention," MacMillan, 1958. 2. P. C. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, pp. 104-113 in "Advances in Cryptology - CRYPTO '96," N. Koblitz, ed., Lecture Notes in Computer Science # 1109, Springer, 1996. 3. A. M. Odlyzko, The future of integer factorization, CryptoBytes, vol. 1, no. 2, 1995, pp. 5-12. Can be obtained by sending the message "send future.of.factoring.ps from att/math/odlyzko" to netlib@research.att.com. 4. A. M. Odlyzko, The decline of unfettered research, to be published. Can be obtained by sending the message "send research.decline.txt from att/math/odlyzko" to netlib@research.att.com. 5. A. M. Odlyzko, We still need unfettered research, Research*Technology Management, vol. 39, Jan.-Feb. 1996, pp. 9-11. Can be obtained by sending the message "send research.future.txt from att/math/odlyzko" to netlib@research.att.com. 6. G. J. Simmons, ed., "Contemporary Cryptology," IEEE Press, 1991. 7. D. R. Stinson, "Cryptography: Theory and Practice," CRC Press, 1995. 8. J. Ziman, "Prometheus Bound: Science in a Dynamic Steady State," Cambridge University Press, 1994.