Comment by tptacek

I guess I'm not reading it that way. In fact, a FOIA request is going after official records, which I wouldn't expect would contain outright bribery.

Yes, DJB brings up their known bribing of RSA wrt to the whole Dual-EC thing. But my read of that bit of info was the more general 'here's evidence that the NSA actively commits funding towards infecting standards' rather than 'the NSA's playbook just contains outright bribery and that's what we expect to find in the FOIA requests given to NIST'.

The actual claim is that NSA may have already spent a lot of time and effort to analyse PQC algorithm underlying problems without making their findings public.

DJB seems to suspect that they may influence NIST to select algorithms and parameters within the range of what they already know how to break.

> The logical problem with the argument Bernstein makes about NSA picking the least trustworthy scheme is that it applies to literally any scheme NIST picks. It's unfalsifiable.

That may be true in the strict sense, but in practice, I think there would be a material distinction between a NIST process of "we defer our decision to the majority opinion of a set of three researchers with unimpeachable reputations" (a characterization from another comment) and a process of "NSA said we should pick X."

In the strict sense, I can't trust either process, but in practice [edit: as an absolute layperson who has to trust someone], I'd trust the first process infinitely more (as I would absolutely distrust the second process).

> The funny thing here is, I actually do accept his logic, perhaps even more than he does.

That's actually what I got from your other comments to this story. But that confused me, because it was also what I got from the article. The first two thirds of the article are spent entirely on presenting NIST as an untrustworthy body based on decades of history. Apart from the title, PQC isn't even mentioned until the last third, and that part, to me, was basically "NIST's claims of reform are invalidated if it turns out that NSA influenced the decision-making process again".

My vibe was that both of your positions are more or less in agreement, though I have to say I didn't pick up on any accusations of corruption of a PQC researcher in the article (I attribute that to me being a layperson in the matter).

> ...but I can easily imagine NIST committees not understanding something, being tricked, not looking closely, protecting big orgs by default (without maliciousness), and overall being sloppy.

I agree with this. And I think that this is more likely to be the case. But I really think with all that we now know about US governmental organisations the possibility of backdoors or coercion should not be ruled out.

You said:

> the motivation behind those requests is risible.

It is quite hilarious that NIST suckered the industry into actually using Dual-EC, despite being worse than the other possible choices in nearly every respect. And this ignores the fact that the backdoor was publicly known for years. This actually happened; it’s not a joke.

The motivation behind the FOIA requests is to attempt to see whether any funny business is going on with PQ crypto.

If the NSA actually suckers any major commercial player into using a broken PQ scheme without a well-established classical scheme as a backup, that will be risible too.

> I believe the implication that NIST or NSA somehow bribed one of the PQC researchers to weaken a submission is risible.

maybe you don't know what risible means, but it reads like you're saying that the NSA "somehow" coercing someone is unlikely, which i'm sure you can agree is a "very naive and trusting view"

Can I ask that, if you're going to accuse me of shilling in an HN thread, you at least come up with something that I'm shilling? I don't care what it is; you can say that I'm shilling for Infowars Life ProstaGuard Prostate Health Supplement with Saw Palmetto and Anti-Oxidant, for all I care, just identify something.