Comment by politelemon
3 years ago
So, question then, isn't one of the differences between this time's selection, compared to previous selections, that some of the algorithms are open source with their code available.
For example, Kyber, one of the finalists, is here: https://github.com/pq-crystals/kyber
And where it's not open source, I believe in the first round submissions, everyone included reference implementations.
Does the code being available make it easy to verify whether there are some shady/shenanigans going on, even without NIST's cooperation?
Not really. For the same reason that "here's your github login" doesn't equate to you suddenly being able to be effective in a new company. You might be able to look things up in the code and understand how things are being done, but you don't know -why- things are being done that way.
A lot of the instances in the post even show the NSA giving a why. It's not a particular convincing why, but it was enough to sow doubt. The reason to make all discussions public is so that there isn't an after the fact "wait, why is that obviously odd choice being done?" but instead a before the fact "I think we should make a change". The burden of evidence is different for that. A "I think we should reduce the key length for performance" is a much harder sell when the spec already prescribes a longer key length, than an after the fact "the spec's key length seems too short" "Nah, it's good enough, and we need it that way for performance". The status quo always has inertia.
Thanks for the response, that's making sense. I've also tried following the PQC Google Groups but a lot of the language is beyond my grasp.
Also... I don't understand why I've been downvoted for asking a question, I'm trying to learn but HN can certainly be unwelcoming to the 'curious' (which is why I thought we are here)
What? :D
Who cares about a particular piece of source code? Cryptanalysis is about the mathematical structure of the ciphers. When we say the NSA backdoored an algorithm, we don't mean that they included hidden printf statements in "the source code". It means that mathematicians at the NSA have knowledge of weaknesses in the construction, that are not known publicly.
Well, that was why I asked the question. I didn't think asking a question deserved downvotes and ridicule.
Worth noting DJB (the article author) was on two competing (losing) teams to Kyber[0] in Round 3. And has an open submission in round 4 (still in progress). That's going to slightly complicate any FOIA until after the fact, or it should. Not that there's no merit in the request.
[0]: https://csrc.nist.gov/Projects/post-quantum-cryptography/pos...
> the Supreme Court has observed that a FOIA requester's identity generally "has no bearing on the merits of his or her FOIA request."
https://www.justice.gov/archives/oip/foia-guide-2004-edition...
It is wrong to imply he is unreasonable here. NIST has been dismissive and unprofessional towards him and others in this process. They look terrible because they’re not doing their jobs.
Several of his student’s proposals won the most recent round. He still has work in the next round. NIST should have answered in a timely manner.
On what basis do you think any of these matters can or may complicate the FOIA process?