The Book

Once I had an advisor, the next steps were to choose classes, complete the move, and start adjusting to my new life. Since I had done an undergraduate degree in computer science, I was able to waive a bunch of required courses. That gave me more flexibility to pick what I wanted to take. My focus ended up being much more on networks and distributed systems than on the other areas offered.

At the same time, I was working with my advisor, Professor Dahab, to define a thesis topic and to start studying more specific topics in cryptography. A curious thing is that, even though both my master’s and PhD were in cryptography, and I was being advised by a professor from the cryptography group, I never had the chance to take a formal course in the field. During my master’s, no cryptography courses were offered. And the same happened during my PhD. Even so, I studied plenty: I read articles and books, took part in group seminars, and did the assignments my advisor gave me.

In our first conversations, Dahab and I started talking about my experience and knowledge in cryptography. I mentioned Schneier’s book and he immediately wrinkled his nose. As I’ve already mentioned, that book wasn’t very well received in the academic world. It really does fall short in terms of mathematical rigor, but I still think it made sense for the audience it was aimed at. Dahab then introduced me to Alfred Menezes and coauthors’ book, the Handbook of Applied Cryptography, which was much more mathematically rigorous and, even better, had been made available for free on the internet by the authors. All you had to do was download the PDF, print it out, and start reading. It became my reference book during my master’s and PhD studies.

Menezes had collaborated with the Unicamp cryptography group and had visited the institute a few times. I was told that during one talk, he filled the board with formulas about elliptic curve cryptography, which was the hot topic of the moment. Someone asked: “professor, but how do you implement that?” He replied: “you just implement this equation right here.” For me, that always symbolized the fact that cryptography is applied math: at the end of the day, it’s about implementing the formulas as code. Obviously, implementing cryptography is more than naively translating formulas into code. Efficient and secure cryptographic implementation is a whole area of research in itself: how to write code that is fast, practical, and resistant to side-channel attacks, such as timing or power analysis attacks.

As for the courses, it quickly became clear that Unicamp had much more depth in theoretical computer science and applied math (like graph theory). I studied the CORBA architecture, a way of building distributed systems that is no longer in widespread use. And I also remember Professor Buzato’s course, in which we studied protocols for distributed systems. In one of the classes, he explained a protocol and commented that a group from UFMG had shown that it was incorrect. That illustrated that published correctness proofs sometimes miss edge cases. By coincidence, while still at UFMG, I had seen my friend Kêmio give a presentation about that exact discovery. He was building a simulator for distributed protocols and, when testing that protocol, the system entered a deadlock (even though the article claimed that was impossible). They thought the error was in the simulator; after a lot of work, they managed to reproduce the case and conclude that the protocol failed in a very specific scenario. When Buzato mentioned the paper, I asked if he wanted to see it, and we ended up studying that work in class after I got a copy from Kêmio.

Outside class, I had moved into República Falcão and was trying to get used to a new city, a new house, new colleagues… Adjusting at the república was easy: the people were cool, they welcomed me warmly, and it even came with a good social life, because they loved throwing parties at the house. In the master’s program, most students had been there since the start of the year, so groups were already formed, including groups of people coming from the same university. But little by little I found my place. I ended up joining a group of friends from Brazil’s Nordeste region (a region known for its beaches and food). Each of us came from a different corner of the country, so everyone was looking to make friends. It was that bunch that founded MST-4, the April 4th Thesis-less Movement (or maybe some other month — my memory may be slipping, but it was the founding date of the movement). The name was a joke on the name of MR-8, an armed group that had fought against the dictatorship and was getting a lot of attention in popular culture at the time — on TV, in movies, and so on.