Ron Rivest
Rivest in 2012
Born (1947-05-06) May 6, 1947 (age 76)
Alma materStanford University (PhD)
Yale University
Known forPublic-key
RSA, RC2, RC4, RC5, RC6
MD2, MD4, MD5, MD6, Ring signature
Scientific career
InstitutionsMassachusetts Institute of Technology
ThesisAnalysis of associative retrieval algorithms (1974)
Doctoral advisorRobert W. Floyd
Doctoral students

Ronald Linn Rivest (/rɪˈvɛst/;[3][4] born May 6, 1947) is a cryptographer and computer scientist whose work has spanned the fields of algorithms and combinatorics, cryptography, machine learning, and election integrity. He is an Institute Professor at the Massachusetts Institute of Technology (MIT),[5] and a member of MIT's Department of Electrical Engineering and Computer Science and its Computer Science and Artificial Intelligence Laboratory.

Along with Adi Shamir and Len Adleman, Rivest is one of the inventors of the RSA algorithm. He is also the inventor of the symmetric key encryption algorithms RC2, RC4, and RC5, and co-inventor of RC6. (RC stands for "Rivest Cipher".) He also devised the MD2, MD4, MD5 and MD6 cryptographic hash functions.


Rivest earned a Bachelor's degree in mathematics from Yale University in 1969, and a Ph.D. degree in computer science from Stanford University in 1974 for research supervised by Robert W. Floyd.[1]


At MIT, Rivest is a member of the Theory of Computation Group, and founder of MIT CSAIL's Cryptography and Information Security Group.

Rivest was a founder of RSA Data Security (now merged with Security Dynamics to form RSA Security), Verisign, and of Peppercoin.

His former doctoral students include Avrim Blum, Benny Chor, Sally Goldman, Burt Kaliski, Anna Lysyanskaya, Ron Pinter, Robert Schapire, Alan Sherman,[1] and Mona Singh.[2]


Rivest is especially known for his research in cryptography. He has also made significant contributions to algorithm design, to the computational complexity of machine learning, and to election security.


The publication of the RSA cryptosystem by Rivest, Adi Shamir, and Leonard Adleman in 1978[C1] revolutionized modern cryptography by providing the first usable and publicly described method for public-key cryptography. The three authors won the 2002 Turing Award, the top award in computer science, for this work. The award cited "their ingenious contribution to making public-key cryptography useful in practice".[6] The same paper that introduced this cryptosystem also introduced Alice and Bob, the fictional heroes of many subsequent cryptographic protocols.[7] In the same year, Rivest, Adleman, and Michael Dertouzos first formulated homomorphic encryption and its applications in secure cloud computing,[C2] an idea that would not come to fruition until over 40 years later when secure homomorphic encryption algorithms were finally developed.[8]

Rivest was one of the inventors of the GMR public signature scheme, published with Shafi Goldwasser and Silvio Micali in 1988,[C3][9] and of ring signatures, an anonymized form of group signatures invented with Shamir and Yael Tauman Kalai in 2001.[C7] He designed the MD4 and MD5 cryptographic hash functions, published in 1990 and 1992 respectively,[C4][C5] and a sequence of symmetric key block ciphers that include RC2, RC4, RC5, and RC6.[C6][C8]

Other contributions of Rivest to cryptography include chaffing and winnowing, the interlock protocol for authenticating anonymous key-exchange, cryptographic time capsules such as LCS35 based on anticipated improvements to computation speed through Moore's law, key whitening and its application through the xor–encrypt–xor key mode in extending the Data Encryption Standard to DES-X, and the Peppercoin system for cryptographic micropayments.


In 1973, Rivest and his coauthors published the first selection algorithm that achieved linear time without using randomization.[A1][10] Their algorithm, the median of medians method, is commonly taught in algorithms courses.[11] Rivest is also one of the two namesakes of the Floyd–Rivest algorithm, a randomized selection algorithm that achieves a near-optimal number of comparisons.[A2][12]

Rivest's 1974 doctoral dissertation concerned the use of hash tables to quickly match partial words in documents; he later published this work as a journal paper.[A3] His research from this time on self-organizing lists[A4] became one of the important precursors to the development of competitive analysis for online algorithms.[13] In the early 1980s, he also published well-cited research on two-dimensional bin packing problems,[A5] and on channel routing in VLSI design.[A6]

He is a co-author of Introduction to Algorithms (also known as CLRS), a standard textbook on algorithms, with Thomas H. Cormen, Charles E. Leiserson and Clifford Stein. First published in 1990, it has extended into four editions, the latest in 2022.[A7]


In the problem of decision tree learning, Rivest and Laurent Hyafil proved that it is NP-complete to find a decision tree that identifies each of a collection of objects through binary-valued questions (as in the parlor game of twenty questions) and that minimizes the expected number of questions that will be asked.[L1] With Avrim Blum, Rivest also showed that even for very simple neural networks it can be NP-complete to train the network by finding weights that allow it to solve a given classification task correctly.[L3] Despite these negative results, he also found methods for efficiently inferring decision lists,[L2] decision trees,[L4] and finite automata.[L5]


A significant topic in Rivest's more recent research has been election security, based on the principle of software independence: that the security of elections should be founded on physical records, so that hidden changes to software used in voting systems cannot result in undetectable changes to election outcomes. His research in this area includes improving the robustness of mix networks in this application,[V1] the 2006 invention of the ThreeBallot paper ballot based end-to-end auditable voting system (which he released into public domain in the interest of promoting democracy),[V2][6] and the development of the Scantegrity security system for optical scan voting systems.[V3]

He was a member of the Election Assistance Commission's Technical Guidelines Development Committee.[14]

Honors and awards

Rivest is a member of the National Academy of Engineering, the National Academy of Sciences, and is a Fellow of the Association for Computing Machinery, the International Association for Cryptologic Research, and the American Academy of Arts and Sciences. Together with Adi Shamir and Len Adleman, he has been awarded the 2000 IEEE Koji Kobayashi Computers and Communications Award and the Secure Computing Lifetime Achievement Award. He also shared with them the Turing Award. Rivest has received an honorary degree (the "laurea honoris causa") from the Sapienza University of Rome.[15] In 2005, he received the MITX Lifetime Achievement Award. Rivest was named in 2007 the Marconi Fellow, and on May 29, 2008, he also gave the Chesley lecture at Carleton College. He was named an Institute Professor at MIT in June 2015.[16]

Selected publications

Rivest's publications include:


Blum, Manuel; Floyd, Robert W.; Pratt, Vaughan; Rivest, Ronald L.; Tarjan, Robert E. (1973). "Time bounds for selection" (PDF). Journal of Computer and System Sciences. 7 (4): 448–461. doi:10.1016/S0022-0000(73)80033-9. MR 0329916. Previously announced as "Linear time bounds for median computations", STOC 1972.
Floyd, Robert W.; Rivest, Ronald L. (March 1975). "Expected time bounds for selection". Communications of the ACM. 18 (3): 165–172. doi:10.1145/360680.360691. S2CID 3064709. See also "Algorithm 489: the algorithm SELECT—for finding the th smallest of elements", p. 173, doi:10.1145/360680.360694.
Rivest, Ronald L. (1976). "Partial-match retrieval algorithms". SIAM Journal on Computing. 5 (1): 19–50. doi:10.1137/0205003. MR 0395398. Previously announced at the 15th Annual Symposium on Switching and Automata Theory, 1974.
Rivest, Ronald (1976). "On self-organizing sequential search heuristics". Communications of the ACM. 19 (2): 63–67. doi:10.1145/359997.360000. MR 0408303. S2CID 498886. Previously announced at the 15th Annual Symposium on Switching and Automata Theory, 1974.
Baker, Brenda S.; Coffman, E. G. Jr.; Rivest, Ronald L. (1980). "Orthogonal packings in two dimensions". SIAM Journal on Computing. 9 (4): 846–855. CiteSeerX doi:10.1137/0209064. MR 0592771.
Rivest, Ronald L.; Fiduccia, Charles M. (1982). "A "greedy" channel router". In Crabbe, James S.; Radke, Charles E.; Ofek, Hillel (eds.). Proceedings of the 19th Design Automation Conference, DAC '82, Las Vegas, Nevada, USA, June 14–16, 1982. ACM and IEEE. pp. 418–424. doi:10.1145/800263.809239.
Cormen, Thomas H.; Leiserson, Charles E.; Rivest, Ronald L. (1990). Introduction to Algorithms (1st ed.). MIT Press and McGraw-Hill. ISBN 0-262-03141-8. 2nd edition, with Clifford Stein, 2001. 3rd edition, 2009. 4th edition, 2022.


Rivest, R.; Adleman, L.; Dertouzos, M. (1978). "On data banks and privacy homomorphisms". In DeMillo, Richard A. (ed.). Foundations of Secure Computation. Academic Press. pp. 169–177.
Goldwasser, Shafi; Micali, Silvio; Rivest, Ronald L. (1988). "A digital signature scheme secure against adaptive chosen-message attacks". SIAM Journal on Computing. 17 (2): 281–308. doi:10.1137/0217017. MR 0935341. S2CID 1715998. Previously announced as "A 'paradoxical' solution to the signature problem", FOCS 1984 and CRYPTO 1984.
Rivest, Ronald L. (October 1990). The MD4 Message Digest Algorithm. Network Working Group. doi:10.17487/RFC1186. RFC 1186.
Rivest, Ronald L. (April 1992). The MD5 Message-Digest Algorithm. Network Working Group. doi:10.17487/RFC1321. RFC 1321.
Rivest, Ronald L. (March 1998). A Description of the RC2(r) Encryption Algorithm. Network Working Group. doi:10.17487/RFC2268. RFC 2268.
Rivest, Ronald L.; Shamir, Adi; Tauman, Yael (2001). "How to Leak a Secret". In Boyd, Colin (ed.). Advances in Cryptology – ASIACRYPT 2001, 7th International Conference on the Theory and Application of Cryptology and Information Security, Gold Coast, Australia, December 9–13, 2001, Proceedings. Lecture Notes in Computer Science. Vol. 2248. Springer. pp. 552–565. doi:10.1007/3-540-45682-1_32.
Rivest, Ronald L. (1994). "The RC5 encryption algorithm". In Preneel, Bart (ed.). Fast Software Encryption: Second International Workshop. Leuven, Belgium, 14–16 December 1994, Proceedings. Lecture Notes in Computer Science. Vol. 1008. Springer. pp. 86–96. doi:10.1007/3-540-60590-8_7.


Hyafil, Laurent; Rivest, Ronald L. (May 1976). "Constructing optimal binary decision trees is NP-complete". Information Processing Letters. 5 (1): 15–17. doi:10.1016/0020-0190(76)90095-8. MR 0413598.
Rivest, Ronald L. (1987). "Learning decision lists". Machine Learning. 2 (3): 229–246. doi:10.1007/BF00058680. S2CID 2840541.
Blum, Avrim; Rivest, Ronald L. (1992). "Training a 3-node neural network is NP-complete". Neural Networks. 5 (1): 117–127. doi:10.1016/S0893-6080(05)80010-3. S2CID 8567973. Previously in NIPS 1988.
Quinlan, J. Ross; Rivest, Ronald L. (1989). "Inferring decision trees using the minimum description length principle". Information and Computation. 80 (3): 227–248. doi:10.1016/0890-5401(89)90010-2. MR 0984483.
Rivest, Ronald L.; Schapire, Robert E. (1993). "Inference of finite automata using homing sequences". Information and Computation. 103 (2): 299–347. doi:10.1006/inco.1993.1021. MR 1216458. Previously announced at STOC 1989.

Elections and voting

Jakobsson, Markus; Juels, Ari; Rivest, Ronald L. (2002). "Making mix nets robust for electronic voting by randomized partial checking". In Boneh, Dan (ed.). Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, USA, August 5-9, 2002. Boston, Massachusetts: USENIX Association. pp. 339–353.
Rivest, Ronald L.; Smith, Warren D. (August 2007). "Three voting protocols: ThreeBallot, VAV, and Twin" (PDF). 2007 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT 07). Boston, Massachusetts: USENIX Association.
Chaum, David; Carback, Richard; Clark, Jeremy; Essex, Aleksander; Popoveniuc, Stefan; Rivest, Ronald L.; Ryan, Peter Y. A.; Shen, Emily; Sherman, Alan T. (2008). "Scantegrity II: end-to-end verifiability for optical scan election systems using invisible ink confirmation codes" (PDF). In Dill, David L.; Kohno, Tadayoshi (eds.). 2008 USENIX/ACCURATE Electronic Voting Workshop, EVT 2008, July 28-29, 2008, San Jose, CA, USA, Proceedings. Boston, Massachusetts: USENIX Association.

Personal life

His son is Chris Rivest, entrepreneur and company co-founder.[17]


  1. ^ a b c d e f g h i j k Ron Rivest at the Mathematics Genealogy Project
  2. ^ a b Singh, Mona (1996). Learning algorithms with applications to robot navigation and protein folding (PhD thesis). Massachusetts Institute of Technology. hdl:1721.1/40579. OCLC 680493381. Free access icon
  3. ^ Archived at Ghostarchive and the Wayback Machine: RSA Conference (February 25, 2014). "The Cryptographers' Panel" – via YouTube.
  4. ^ Archived at Ghostarchive and the Wayback Machine: "Faculty Forum Online: Ron Rivest". YouTube.
  5. ^ Dizikes, Peter (June 29, 2015). "Chisholm, Rivest, and Thompson appointed as new Institute Professors: Biologist, computer scientist, and musician awarded MIT's highest faculty honor". MIT News. Massachusetts Institute of Technology.
  6. ^ a b "Ronald (Ron) Linn Rivest". ACM Turing Award laureates. Association for Computing Machinery. Retrieved April 15, 2023.
  7. ^ Hayes, Brian (September–October 2012). "Alice and Bob in cipherspace". Computing science. American Scientist. 100 (5). Sigma Xi: 362. doi:10.1511/2012.98.362. JSTOR 43707638.
  8. ^ Yi, Xun; Paulet, Russell; Bertino, Elisa (2014). Homomorphic Encryption and Applications. Springer Briefs in Computer Science. Springer International Publishing. doi:10.1007/978-3-319-12229-8. ISBN 978-3-319-12228-1. S2CID 11182158. See especially p. 47: "The concept of FHE was introduced by Rivest under the name privacy homomorphisms. The problem of constructing a scheme with these properties remained unsolved until 2009, when Gentry presented his breakthrough result."
  9. ^ Menezes, Alfred J.; van Oorschot, Paul C.; Vanstone, Scott A. (1996). "11.6.4 The GMR one-time signature scheme" (PDF). Handbook of Applied Cryptography. CRC Press. pp. 468–471. ISBN 0-8493-8523-7.
  10. ^ Paterson, Mike (1996). "Progress in selection". In Karlsson, Rolf G.; Lingas, Andrzej (eds.). Algorithm Theory – SWAT '96, 5th Scandinavian Workshop on Algorithm Theory, Reykjavík, Iceland, July 3–5, 1996, Proceedings. Lecture Notes in Computer Science. Vol. 1097. Springer. pp. 368–379. doi:10.1007/3-540-61422-2_146.
  11. ^ Gurwitz, Chaya (1992). "On teaching median-finding algorithms". IEEE Transactions on Education. 35 (3): 230–232. Bibcode:1992ITEdu..35..230G. doi:10.1109/13.144650.
  12. ^ Cunto, Walter; Munro, J. Ian (1989). "Average case selection". Journal of the ACM. 36 (2): 270–279. doi:10.1145/62044.62047. MR 1072421. S2CID 10947879.
  13. ^ Sleator, Daniel D.; Tarjan, Robert E. (1985). "Amortized efficiency of list update and paging rules". Communications of the ACM. 28 (2): 202–208. doi:10.1145/2786.2793. MR 0777385. S2CID 2494305.
  14. ^ "TGDC members". National Institute of Standards and Technology. May 6, 2009. Archived from the original on June 8, 2007.
  15. ^ Biography. Archived from the original on 2011-12-06.
  16. ^ "Chisholm, Rivest, and Thompson appointed as new Institute Professors". MIT News | Massachusetts Institute of Technology. June 29, 2015.
  17. ^ Cf. Acknowledgements, p.xxi, in Cormen, Rivest, et al., Introduction to Algorithms, MIT Press