Skip to Content
MIT Technology Review

Shafi Goldwasser

The number theory expert who helped revolutionize cryptography
Shafi GoldwasserShafi Goldwasser
Shafi GoldwasserWinni Wintermeyer

When Shafi Goldwasser chose to focus on cryptography and algorithmic number theory as a new graduate student in computer science at the University of California, Berkeley, in 1979, her timing was perfect.

In 1977, MIT professors Ronald Rivest, Adi Shamir, and Len Adleman had published the breakthrough RSA public-key encryption algorithm that let people exchange secret information without first meeting in person to set up a shared encryption key. In 1979, they used the ideas in their encryption algorithm to propose a way to play poker over the phone without relaying information through a trusted third party. Their method involved dealing from an encrypted deck, but Berkeley professor Richard Lipton pointed out that partial information about encrypted cards could leak and allow a player to cheat.

So Goldwasser and fellow Berkeley grad student Silvio Micali took up the challenge of how to encrypt in such a way that all partial information would be provably hidden. They introduced the idea of “probabilistic,” or randomized, encryption: every single plaintext message must have many possible encryptions, all equally probable, and the person encrypting the message would choose one. They then showed that it would be impossible to distinguish between two messages encrypted in this way—providing a strong level of security they called “semantic security.” 

The work highlighted a vulnerability in any encryption system—including early versions of RSA—that allowed the same message to always be encrypted the same way, leading to cryptography standards that call for using probabilistic encryption methods to prevent that.

Shaffi Goldwasser

Goldwasser and Micali’s framework has since been widely adopted for evaluating cryptographic systems and creating new ones. And public-key cryptography with randomization eventually became the key to commercializing the internet—it was the only way to send credit card numbers over the internet securely.

Goldwasser and Micali both received faculty appointments at MIT in 1983 and continued their collaboration. Working with Charles Rackoff at the University of Toronto, they developed a new kind of mathematical proof called an interactive proof system, in which a mathematical fact is demonstrated by an interactive dialogue of questions and answers between a prover and a verifier—a mathematical analogue to the game of 20 questions. One such system, called a zero-knowledge proof, has the remarkable property of revealing no information beyond the correctness of the proof itself. Zero-knowledge proofs have been combined with blockchain technologies to create cryptocurrencies that allow transactions to be verified as valid while the details are kept private and anonymity is maintained.

For their work extending the theory of computing and applying it to practical problems in cryptography, Goldwasser and Micali shared the Turing Award, considered the Nobel Prize of computing.

Since 1993, Goldwasser has balanced her MIT faculty appointment (she’s now the RSA Professor of Electrical Engineering and Computer Science) with a second professorship at Israel’s Weizmann Institute of Science. In 2018, she was named director of the interdisciplinary Simons Institute for the Theory of Computing at UC Berkeley as well. Goldwasser is also the cofounder and chief scientist of Duality Technologies, a startup that is commercializing homomorphic cryptography. This new mathematical technology makes it possible to perform machine learning on encrypted data without first decrypting it, which is expected to transform research in medicine, economics, and other privacy-sensitive areas in the coming years.