I am enrolled in CS 200 and am writing to fulfill Part 2 of the course 
requirement. A couple of weeks ago, a friend of mine (Janet Chen) and I 
invited Professor Dan Boneh over for dinner. We both took "CS 255: 
Introduction to Cryptography and Computer Security" from this quarter and 
liked the course a lot.

I've always had an interest in general protection -- specifically, 
protection enforced from a technical standpoint as opposed to a social 
perspective. A number of years ago, when I became interested in 
computers, this interest transferred naturally over to computer security, 
and then to crypto in particular. Back then, I had a pretty good 
understanding of the various types of security that computers tend to 
offer -- access control to the entire system, individual file/folder 
protection, encryption, etc. -- but only from 10,000 feet up. I had heard 
of the DES and IDEA ciphers, but had no idea how secure (or insecure) 
they were or how they were used. When I started using PGP, I found the 
idea of public-key crypto intriguing and wanted to learn more. 
Well....eventually I stumbled upon CS 255 and found what I was looking 
for there!

It turns out that CS 255 is a very new course -- much newer than I 
thought. In fact, CS 255 was offered for only the _second_ time this 
winter. I found out from talking to Prof. Boneh that he had joined 
Stanford only a year and a half ago....so he taught it for the first time 
last year! This got me wondering, "well, how does someone just come to 
Stanford and decide that he wants to make up a course and teach it?" He 
said that one of the great things about being here at Stanford was that 
he was basically able to teach whatever he wanted -- he wanted to teach a 
course on crypto, so he figured out all the various topics he wanted to 
discuss, then put together a course....and then wound up teaching it! I 
think that's pretty exciting -- just being able to pull together ideas in 
your own field of interest, then designing a course around it, then 
teaching it yourself. It probably doesn't get any better than that.

It was obvious to us that Prof. Boneh is....well, rather young. When I 
asked him how he got involved in crypto, he said...."well, I've always 
wanted to do crypto. On the first day in grad school (Princeton), there 
were six of us, and the advisor asked each of us, 'what do you want to 
do?'....and the other 5 said, 'well, I don't know' but I said, 'I want to 
do crypto!' And that's the great thing about grad school -- just go off 
and study whatever you want. I wanted to do crypto."  It occurred to me 
that this was a route I might want to explore further, so I asked him 
what he majored in as an undergrad and what courses he had to take. "CS," 
he said bluntly. "CS. Well, the problem was that undergrad CS courses 
don't provide enough theory and math background for crypto, so when I 
went to grad school I didn't have enough background to do crypto yet. But 
that wasn't a problem. For the first six months, I basically read a lot 
of math books and then I was able to do crypto." (Yes, and at that point 
Janet and I looked at each other as if to say, "hmmmmm....sure....as if 
the average person would be able to go reach a bunch of math books and 
then understand it all!"

I'm glad he brought up that point, though. I've been thinking from time 
to time about pursuing crypto, except for my fear that I don't have 
enough background. Now I know that it's actually very doable.

I asked him if he focuses on one particular resarch topic (after all, 
there are many, many areas of research just within crypto and general 
security!), and I was surprised to hear him say no. In fact, he works on 
many many different problems and projects. He works on one, then works on 
another, then another, etc.  I like this idea a lot, since I prefer 
working on several relatively short-term projects than one, huge long 
drawn-out one. This introduces variety -- something I like b/c I don't 
think I would enjoy doing research if I had to keep working on the same 
project year after year for the next XYZ years. I would much prefer to 
work on a single project for a while, then move on to something else. 
Prof. Boneh said he agrees -- that's the way he prefers it, too.

So I asked him how does an undergrad get to learn more about crypto? 
After all, there aren't many more courses offered by Stanford's CS 
department on crypto. He said that if I'm interested, I should start 
reading research papers on the subject -- he thought about putting 
together a reading list. That would be very helpful, I think. He also 
suggested getting involved in research myself -- I know that Mike Kim 
currently does research for Prof. Boneh on developing encryption products 
for the Palm Pilot, and both Janet and I found that extremely cool. I 
asked Mike the other day how he got involved doing research for Boneh, 
and he said, "Well, I basically went up to him and asked if I could do 
research. And he said, 'what do you like to do?', and I said, 'I like to 
build things and I like to break things.', and then he said, 'Great! 
Sure, I have a position for you.'"  !!

It was then Prof. Boneh's turn to realize that Janet and I are pretty 
young. When we told him that we were 18 and 19, respectively, he was 
surprised ("I'm not used to talking to students whose age's leftmost 
digit is different from mine"). He then asked us if we planned to go to 
grad school: "and when I mean grad school, I mean the PhD program." I 
told him I was considering it, but hadn't really made up my mind yet. 
Thus he took the opportunity to tell us why doing the PhD was a Good 
Idea. His basic argument was that it's rewarding -- the kind of things 
you get to study and do during and after the PhD program are more 
"intellectually stimulating" than what you might get to do otherwise. 
Then he surprised us when he told us that only five years ago, he was an 
undergrad himself: "yes, so I got my degree, when to grad school, and 
four years later I had my PhD! And then I came to Stanford."

Impressive indeed.

Eric