Comment by jeffparsons
3 years ago
I think this is a sloppy take. If you read the full back-and-forth on the FOI request between D.J. Bernstein and NIST, it becomes readily apparent that there is _something_ rotten in the state of NIST.
Now of course that doesn't necessarily mean that NIST's work is completely compromised by the NSA (even though it has been in the past), but there are other problems that are similarly serious. For example, if NIST is unable to explain how certain key decisions were made along the way to standardisation, and those decisions appear to go against what would be considered by prominent experts in the field as "good practice", then NIST has a serious process problem. This is important work. It affects everyone in the world. And certain key parts of NIST's decision making process seem to be explained with not much more than a shrug. That's a problem.
All you're saying here is that NIST failed to comply with FOIA. That's not unusual. No public body does a reliably good job of complying with FOIA, and many public bodies seem to have a bad habit of pre-judging the "merits" of FOIA requests, when no merit threshold exists for their open records requirements.
NIST failing to comply with FOIA makes them an intransigent public body, like all the rest of them, from your local water reclamation board to the Department of Energy.
It emphatically does not lend support to any of this litigants concerns about the PQC process. I don't know enough (really, anything) about the PQC "contest" to judge claims about its validity, but I do know enough --- like, the small amount of background information needed --- to say that it's risible to suggest that any of the participating teams were compromised by intelligence agencies; that claim having been made in this post saps its credibility.
So, two things I think a reasonable person would want to establish here: first, that NIST's behavior with respect to the FOIA request is hardly any kind of smoking gun, and second that the narrative being presented in this post about the PQC contest seems somewhere between "hand-wavy" and "embarrassing".
> It emphatically does not lend support to any of this litigants concerns about the PQC process.
I agree with most of what you're saying except for this. In my view, unlike some of the other organisations you mentioned, the _only value_ of NIST is in the quality and transparency of its processes. My reading of the DJB/NIST FOI dialogue is that there is reason to believe NIST has serious process problems that go far beyond simply handling an FOI well. From their own responses, it reads as if they aren't able to articulate themselves why they would choose one contestant's algorithm over another's. That kind of undermines the entire point of having an open contest.
The peer review NIST is refereeing happened in the open. Thus far, Bernstein is the only person making these claims. For all the words he burns on NIST's sordid history, he chose to participate in this NIST-run process, and imploded publicly only after the results were announced. There are dozens of cryptographers with reputations in the field comparable to Bernstein's who also participated. Bernstein is the only one suggesting that NSA bribed the contest winners.
From what I can tell, nobody who actually works in this field is taking any of this seriously; what I see is a whole lot of eye rolling and "there he goes again". But you don't get any of that on HN, because HN isn't a forum for cryptography researchers. All you get is Bernstein's cheering section.
I was part of Bernstein's cheering section! I understand the feeling. And, like, I'm still using ChaPoly and 25519 in preference to any of the alternatives! He's done hugely important work. But he has, not to put too fine a point on it, a fucked up reputation among his peers in cryptography research, and he's counting on you not to know that, and to confuse a routine, workaday FOIA lawsuit with some monumental new bit of litigation.
It's a deeply cynical thing for him to be doing.
He could have just announced, in his lovably Bernsteinian† way, that NIST had failed in its FOIA obligations, and he was holding them to account. I'd be cheering too. But he wrote a screed that culminated in an allegation that NSA had bribed members of PQC teams to weaken their submissions. Simply risible; it's embarrassing to be part of a community that dignifies that argument, even if I absolutely get why it's happening. I have contempt for him for exploiting all of you.
None of this is to take anything away from his FOIA suit. I stan his FOIA attorneys. The suit, boring as it is, is a good thing. He should win, and he almost certainly will; L&L wouldn't have taken the case if he wasn't going to. Just keep in mind, people sue and win over FOIA mistakes all the time. In Illinois, you even get fee recovery when you win. This isn't Bernstein v United States!
† I'm not being snarky; I was a multiple-decades-long admirer of that style.
8 replies →