Comment by daneel_w

3 years ago

> "I may believe almost all of this is overblown and silly, as like a matter of cryptographic research ..."

Am I misunderstanding you, or are you saying that you believe almost all of DJB's statements claiming that NIST/NSA is doctoring cryptography is overblown and silly? If that's the case, would you mind elaborating?

97 comments

daneel_w

tptacek 3 years ago

I believe the implication that NIST or NSA somehow bribed one of the PQC researchers to weaken a submission is risible.

I believe that NIST is obligated to be responsive to FOIA requests, even if the motivation behind those requests is risible.

jeffparsons 3 years ago
> I believe the implication that NIST or NSA somehow bribed one of the PQC researchers to weaken a submission is risible.
Is that even a claim here? I'm on mobile right now so it's a bit hard for me to trawl through the DJB/NIST dialogue, but I thought his main complaint is that NIST didn't appear to have a proper and clear process for choosing the algorithms they did, when arguably better algorithms were available.
So the suggestion wouldn't necessarily be that one of the respected contestants was bribed or otherwise compromised, but rather that NIST may have been tapped on the shoulder by NSA (again) with the suggestion that they should pick a specific algorithm, and that NSA would make the suggestion they have because their own cryptographers ("true believers" on NSA payroll) have discovered flaws in those suggested algorithms that they believe NSA can exploit but hopefully not adversaries can exploit.
There's no need for any novel conspiracies or corruption; merely an exact repeat of previous NSA/NIST behaviour consistent with NSA policy positions.
It's simultaneously about as banal as it gets, and deeply troubling because of that.
- tptacek 3 years ago
  
  It is indeed a claim here; in fact, it's probably the principle claim.
  
  18 replies →
ckastner 3 years ago
> I believe the implication that NIST or NSA somehow bribed one of the PQC researchers to weaken a submission is risible.
Could you elaborate on this? I didn't get this from the article at all. There's no researcher(s) being implicated as far as I can tell.
What I read is the accusation of NIST's decision-making process possibly being influenced by the NSA, something that we know has happened before.
Say N teams of stellar researchers submit proposals, and they review their peers. For the sake of argument, let's say that no flaw is found in any proposal; every single one is considered perfect.
NIST then picks algorithm X.
It is critical to understand the decision making process behind the picking of X, crucially so when the decision-making body has a history of collusion.
Because even if all N proposals are considered perfect by all possible researchers, if the NSA did influence NIST in the process, history would suggest that X would be the least trustable of all proposals.
And that's the main argument I got from the article.
Yes, stone-walling a FOIA request may be common, but in the case of NIST, there is ample precedent for malfeasance.
- tptacek 3 years ago
  
  Nobody should trust NIST.
  I don't even support NIST's mission; even if you assembled a trustworthy NIST, I would oppose it.
  The logical problem with the argument Bernstein makes about NSA picking the least trustworthy scheme is that it applies to literally any scheme NIST picks. It's unfalsifiable. If he believes it, his FOIA effort is a waste of time (he cannot FOIA NSA's secret PQC attack knowledge).
  The funny thing here is, I actually do accept his logic, perhaps even more than he does. I don't think there's any reason to place more trust in NIST's PQC selections than other well-reviewed competing proposals. I trust the peer review of the competitors, but not NIST's process at all.
  
  1 reply →
jmprspret 3 years ago
I believe you have a very naive and trusting view of these US governmental bodies. I don't intend that to be an insult, but by now I think the jury is out that these agencies cannot be trusted (the NSA less so, than NIST).
- lmeyerov 3 years ago
  
  I'm not sure about corrupting NIST nor corrupting individual officials of NIST, but I can easily imagine NIST committees not understanding something, being tricked, not looking closely, protecting big orgs by default (without maliciousness), and overall being sloppy.
  Running standards without full transparency, in my experiences of web security standards + web GPU standards is almost always due to hiding weaknesses, incompetence, security gaps of big players, & internal politics of these powerful incumbents. Think some hardware vendor not playing ball without guarantee of privacy, some Google/Apple committee member dragging their feet because of internal politics & monopoly plays. Seperately, mistakes may come from standards committee member glossing over stuff in emails because they're busy: senior folks are the most technically qualified yet also most busy. Generally not because some NSA/CIA employee is telling them to do something sneaky or lying. Still FOIA-worthy (and why I rather public lists for standards), but for much lamer reasons.
  
  24 replies →
- tptacek 3 years ago
  
  I think you need to re-read my comment, because you have not comprehended what I just wrote.
  
  37 replies →
- daneel_w 3 years ago
  
  I think it's naive and trusting only on the surface, but with some clear intent and goal underneath. In the past he has held a different stance, but it suddenly changed some time after Matasano.
  
  5 replies →
Semaphor 3 years ago

> risible
just in case someone else never heard this word before:
> arousing or provoking laughter
Jotra7 3 years ago