Everyday choices: Russell Lai, what do swordsmanship and cryptography have in common?

How would you explain cryptography to a five-year-old?

Cryptography is about building systems that are useful to people who do good, but not useful to people who do bad. These systems can be used for things like communicating in a secure way, so that others can’t read or tamper with the messages. 

We try to make things secure through mathematics. As scientists, we make sure that if someone wants to break our cryptosystems, they must first solve some very difficult mathematical problems, which we believe to be unsolvable.

How does cryptography touch our everyday lives?

The best kind of security measures are those that you don’t even realise are there. For example, the HTTPS protocol — which you’ll notice in website addresses — is used for encrypting and authenticating web requests. It protects us every time we visit a webpage. The percentage of HTTPS-protected traffic rose from around 25% in 2016 to around 95% in 2022. 

Popular instant messaging apps also use some form of secure messaging protocol, which protects the privacy and integrity of our daily messages, albeit to varying degrees.

What are some common misconceptions about everyday digital security?

One common misconception is to assume that whatever is encrypted is secure. Whenever there is encryption, we should ask who has the decryption key? If you use services like Google Drive or Dropbox, your data is stored in encrypted form but often the service provider has the decryption key. That means that the encryption still allows the service provider to see your data.

In brief, whenever someone is trying to sell us something that is advertised as secure — such as VPN (virtual private network), which many of us use to connect to shared networks when we work remotely — we should question whether the advertised kind of security is the kind that we actually want. 

What do you do outside of work?

When I’m not battling with symbols, I’m fighting with swords. I first developed my swordsmanship in the form of iaidō — a Japanese sword-based martial art — in Hong Kong. After moving to Germany, I picked up the art of German longsword, which is nowadays a part of historical European martial arts (HEMA). Recently, I joined the Espoo Association for Historical Fencing, which gives training in German longsword as well as other weapons in HEMA. 

Apart from being a fun sport, swordsmanship is also a way of life, associated with traits such as righteousness, bravery, and determination.

What does swordsmanship share with cryptography?

As is common to all forms of martial arts, swordsmanship is about defence first, and offence second. Similarly, in cryptography, security is by design and never an afterthought. Defence at its best is elegant and effortless in both.

This article has been published in the Aalto University Magazine issue 32, April 2023.