Fadil Santosa: You were trained as a number theorist and you are a successful academic. What made you decide to work on something applied?
Jeff Hoffstein, an outsider to the cryptography community, describes the rocky path of the company he and two Brown University colleagues built around the public-key cryptosystem.
Jeff Hoffstein: I started out as the purest of the pure mathematicians. If there was an application, I wasn’t interested. About 1992, though, I had a child, and I realized that applications that led to a lot of money could have their point. I looked around for problems to solve. In 1994, I heard a talk by Dorian Goldfeld that connected a previous result of ours to cryptography. I realized that if these ideas could be used to create a public-key cryptosystem, the resulting system would be far more efficient and lightweight than public-key cryptosystems based on factoring large integers or the discrete log problem.
FS: The cryptosystem you created, NTRU, based on lattices in high dimensions, is very original. As an “outsider” to the crypto community, was it difficult to convince people that you had something new?
JH: It wasn’t hard to convince people that it was new. It was hard to convince them that it was secure. NTRU is a collaboration with two Brown colleagues: Jill Pipher (now director of ICERM) and Joe Silverman. We were all pure mathematicians with little connection to the crypto community. When we tried to introduce NTRU, all we got was pushback and outright hostility. In fact, I would say it wasn’t until a few years ago that the crypto community finally began to accept the fact that NTRU might be secure.
FS: What were the steps you took to get NTRU off the ground?
JH: The main idea for NTRU was in place around 1995. Joe Silverman and I went to Bell Labs in 1996 and presented it to Andrew Odlyzko. The next step was to present a talk in the “rump session” (2- to 6-minute talks) at Crypto 1996. The response was rather hostile. There were several reasons for this. One is that we were outside the crypto network and were viewed with suspicion. The key misunderstanding is that the community thought that there was an easy solution to the hard problem the system was based on.
What we did next was to incorporate. We had already filed a provisional patent on the technology. An early investor was Sony. Shortly afterward, we hired a CEO and raised investor capital. We grew the company. In 2000 we had 2 key employees, by 2001 we had over 20. Unfortunately, it turned out to be harder to sell lightweight public-key cryptography than we had expected.
FS: During the start-up phase, how much of your effort was devoted to NTRU?
JH: Joe, Jill, and I were on leave from Brown for a good part of the first few years. Speaking of which, I would advise anyone starting a company: “Don’t quit your day job.”
FS: What were the hiccups during this period?
JH: First, we contracted the software development to a company that was not able to deliver. We had to recover from that. More seriously, business pressures pushed us to develop a digital signature scheme. We did this, but we sent it out the door too soon, and major flaws were quickly discovered by the crypto community. While we did fix these, our credibility (already iffy) was seriously impacted. In 2003, investors pulled out and we had to lay off 70% of our employees. But we adapted, diversified our business, developed new products, and we survived. Then in 2005 we discovered that our books were not quite right. We just did not pay enough attention to our records and finances, and a sufficient system of checks and balances was not in place. This was a near-death experience, but we found money to keep things going and employees took pay cuts. We were doing well until the Great Recession of 2008. We started to head downward and needed to do something.
FS: So what did you do?
JH: I didn’t like the idea of letting people go. So we sought an exit. We got ourselves acquired by Security Innovation in 2009. This turned out to be a great marriage. SI is doing well, and the future looks bright.
FS: Your journey was quite a roller coaster ride. What kept you going?
JH: I seriously believed that there was a need for the efficient public-key cryptography that NTRU provided, and that it would be accepted someday. I also don’t like losing.
FS: What wisdom can you impart to a mathematical scientist who wants to start a company?
JH: I do have a few messages: (1) Find the right problem to attack with what you already know. (2) Scale your financial expectations. (3) Trust your gut instincts; know when to take professional advice (and when not to). (4) Be alert for business pressures that drive “solutions” that are not ready. (5) Networks are vital. (6) Find the “killer app” if possible.
FS: The title of your talk at the IMA workshop was “Math for ‘fun’ and ‘profit.’” Was the whole experience fun and profitable?
JH: Well, the experience was in many ways surreal. I would say that it was fun and it was profitable, but you have to stretch the standard definitions of the words “fun” and “profitable.”