New Series: Business Ideas for Cryptographers

As you know I like startups. I like doing startups. I like the culture of startups and I like to see startups disrupt and overtake the world. But now I'm doing a PhD. And I love what I'm doing. So no startups for me. At least until I finish my PhD.

So why don't you take my business ideas and build your start-ups. While you do so, put me into your advisory board. Hence I'm starting this series of blogposts. Each of them will have a cool crypto primitive in it and an idea how to make money out of it. I did not do any market validation for those ideas, that's your job, but I think they are all pretty cool and worth investigating. This first article is more about why doing a startup in cryptography.

For quite some time I was quite enthusiastic about bringing something of the really beautiful advances that modern cryptography has to offer to the people. The crypto that people are using today is old, boring, and usually broken. It's like people were still using floppy drives today. I don't know why, but there is a huge gap between what crypto research has to offer and what is used in the real world.

When you talk to startup people, they often say that ordinary people do not care about security. And I bet you had the same impression when you went home for christmas and had to fix your family member's computers which were full of malware, suspicious toolbars and used ancient Java, Flash, Adobe Reader, and IE versions. We all know it. The normal people don't install updates, can't judge the degree of security they are giving away with installing a shiny new toolbar and probably will never be able to detect a well crafted phishing email. And they seem to be doing great regardless.

On the other hand, Psychology tells us that security is a core human need. Even bigger than the demand for friendship. Facebook has put the friendship thing online and made big $$$. So it seems like online security has the potential to be exactly the right area for the next unicorn.

To get a feeling for the current market for crypto, here are two slides from Bart Preneel. I think there are so many areas left where nothing has been done yet.

chart1 chart2

What we see is that most of the time, crypto is used in commercial applications and (maybe with the exception of bitcoin) under the hood. No real user had successfully been exposed to cryptography on scale, yet. But also nobody ever successfully tried to teach users some basic crypto like "what is a symmetric key?", "what is a public key?". Or maybe educating users about this stuff is inherently a bad idea, I don't know.

When I think about what is actually being sold to consumers, I can only come up with the following:

    • Password managers
    • Antivirus (mostly snakeoil, probably won't exist in 10 years anymore)
    • Firewall
    • App reputation software
    • Backup software
    • VPNs, mostly to circumvent geo-blocking
    • Disk Encryption (Now standard in all major OS)
    • Bitcoin (very limited)

But modern crypto has so much more to offer. You will see more in the coming blogposts. Stay tuned!