Comment by throwaway654329
3 years ago
One says he’s doing it wrong. The other says he hopes that he wins, of course!
Meanwhile they go on to attack Bernstein, mischaracterize his writing, completely dismiss his historical analysis, mock him with memes as a conspiracy theorist, and to top it off they question his internal motivations (which they somehow know) as some kind of a sore loser which is demonstrably false.
The plot twist for the last point: he is still in the running for round four and his former PhD students did win major parts of round three.
Two things can easily be true: that NIST mishandled a FOIA request, and that there isn't especially good reason to accept on faith Bernstein's concerns about the PQC process, which is unrelated to how they handle FOIA.
Meanwhile: you haven't actually added any light to this subthread: the tweets we're talking about do not dismiss the suit. Cryptographic researchers that aren't stans of Daniel Bernstein (there are a lot of those) are also unhappy about NIST clowning up FOIA.
You are in a deeply weird and broken place if you think you can divide the world into "people who take what Daniel Bernstein says on faith" and "people who trust NIST". I don't know if you're in that place! But some people on this thread clearly are.
You wrote a large number of comments on this so I am asking this here since it's fresh.
Can you comment on why you think djb thinks it is worth investigating if the NSA is attempting to destroy cryptography with weak pqc standards? I read through some of the entries NIST just announced and there are indeed attacks, grave attacks, that exist against Kyber and Falcon. I have no reason to believe the authors of those specs work with the NSA. Wouldn't a more reasonable conclusion be that we need to do more work on pqc? Maybe I have it wrong and he is just trying to rule out that possibility but his long rant which was 80% about NIST and their history with the dual EC backdoor really points at djb concluding the NSA is deliberately trying to weaken crypto by colluding with a bunch of people who probably don't care about money or the NSA's goals that much.
You'd have to ask Bernstein. I think it's helpful to take a bit of time (I know this is a big ask) to go see how Bernstein has comported himself in other standards groups; the CFRG curve standardization discussion is a good example. The reason I said there's a lot of eye-rolling about this post among cryptographers is that I think this is pretty normal behavior for Bernstein.
I used to find it inspiring; he got himself crosswise against the IETF DNS working group, which actively ostracized him, and I thought the stance he took there was almost heroic (also, I hate DNSSEC, and so does he). But when you see that same person get in weird random fights with other people, over and over again, well: there's a common thread there.
Is it worth investigating whether NSA is trying weaken PQC? Sure. Nobody should trust NSA. Nobody should trust NIST! There's value in NIST catalyzing all the academic asymmetric cryptography researchers into competing against each other, so the PQC event probably did everybody a service. But no part of that value comes from NIST blessing the result.
It's probably helpful for you to know that I think PQC writ large is just a little bit silly. Quantum computers of unusual size? I don't believe they exist. I think an under-appreciated reason government QC spending happens is because government spending is a goal in and of itself; one of NSA's top 3 missions is to secure more budget for NSA --- it might even be the #1 goal. Meanwhile, PQC is a full-employment program for academic cryptographers working on "Fun" asymmetric schemes that would otherwise be totally ignored in an industry that has more or less standardized on the P-curves and Curve25519.
Be that as it may: whether or not NSA is working to "weaken" CRYSTALS-Kyber is besides the point. NSA didn't invent CRYSTALS. A team of cryptographers, including some huge names in modern public key crypto research, did. Does NSA have secret attacks against popular academic crypto schemes? Probably. You almost hope so, because we pay them a fuckload of a lot of money to develop those attacks. But you can say that about literally every academic cryptosystem.
You probably also don't need me to tell you again how much I think formal cryptographic standards are a force for evil in the industry.
2 replies →
I am definitely not in that place. We clearly disagree on a few points.
The issues raised in the blog post aren’t just about NIST mishandling the FOIA. By reducing it to the lawsuit, this is already a bad faith engagement.
The blog post is primarily about the history of NSA sabotage as well as contemporary efforts, including (NIST’s) failures to stop this sabotage. Finally it finishes the recent history by raising that there are mishandling issues in the pq-crypto competition. The lawsuit is at the end of a long chronological text with the goal of finding more information to extend the facts that we know. This is a noble goal, and it’s hard to accept any argument that the past in this area hasn’t been troubled.
Weirdly there is an assumption made immediately by Filippo, made without basis in fact: he supposes Bernstein somehow lost the contest and that this is his motivation for action. Bernstein hasn’t lost, though some structured lattices have won. He still has submitted material in the running as far as I understand things. None the less we see that Filippo tells us the deepest internal motivations of Bernstein, though we don’t learn how he learned these personal secrets. This is simply not reasonable. Maybe it could be phrased as a question but then the rhetorical tool of denying questions as a valid form of engagement would start to fade away.
Back to the core of the tweets: One of the two says he hopes he wins the suit, the other says he’s doing it wrong. We could read that as they’re both hoping he wins, and yet… it’s hard to believe when the rhetoric centers around Bernstein’s supposedly harmful rhetoric in the blog post and lawsuit as being harmful to the community at large.
Bernstein isn’t attacking a singular person as Filippo is attacking Bernstein. Filippo even includes a meme to drive home the personal nature of the attacks.
For me personally, I used to find this meme funny until I learned the history of the meme. This strikes me as blind spot, my very own once. The context and history of that meme and that scene is dark.
So then, here is some light for you: This meme is a parody from a comedy. In turn it is a parody of a famous scene from a film portraying John Nash. It’s about a very famous mentally ill mathematician. Nash in this scene is the iconic, quintessential conspiracy theorist insane person once considered a genius. Nash is drawing connections that aren’t there and that aren’t reasonable. He was deeply mentally ill at that point in his life. That is a brutal thing to say in itself about anyone, but… it gets worse.
Nash was also famously a virulent antisemitic in some of his psychological breaks and outbursts. I don’t hold him responsible for his ravings as he was a paranoid schizophrenic, but wow I would not throw up that specific meme at a (Jewish) mathematician while implying he’s a crazy conspiracy theorist. It’s some really gross mental health hate mixed with ambiguity about the rest. It could be funny in some contexts, I suppose, but not this one.
So in summary: that is a gross meme to post in a series of ad-hominem tweet attacks calling (obviously Jewish family name) Bernstein a conspiracy theorist, saying he is making obviously crazy, baseless connections. The root of his concern is not insane and ignoring the history of sabotage in this area by NSA is unreasonable.
I assume this meme subtext is a mistake and it wasn’t intended as antisemitic. Still after processing the mental health punching down part of the meme, I had trouble assuming good faith about any of it. Talk about harmful rhetoric in the community.
I also note that they attack him in a number of other bad faith ways which make me lose my assumption of good faith generally about their well wishing on his lawsuit being successfully.
Meanwhile, I don’t take Bernstein on faith. I find his arguments and points in the blog post convincing. I find his history of work in the public interest convincing. I don’t care about popularity contests or personal competition. Meanwhile you say you’re not following the contest.
Corruption of NIST and other related parties isn’t just possible, we know it has happened. We should be extra vigilant that it doesn’t repeat. FOIA is a weak mechanism but it’s something. Has any corruption or sabotage happened here? We don’t know yet, and more important NIST have promised transparency that they haven’t delivered. A promise is a good start but it’s not sufficient.
NIST have slipped their own deadlines, they have been silent in concerning ways, and they’re still failing to provide critical details about the last round of NSA sabotage that directly involved NIST standardization.
I just want to jump back here for a second, because when I responded to this comment last night, I hadn't really read it (for I think obvious reasons, but also I was watching Sandman). So I wrote some replies last night that I'm not super proud of --- not because I said anything wrong, but because I didn't acknowledge the majesty of the argument I had been confronted with.
This right here is a comment that makes the following argument, which I will helpfully outline:
* Filippo Valsorda wrote a tweet that included a meme from "It's Always Sunny In Philadelphia"
* That meme is a parody of "A Beautiful Mind"
* "A Beautiful Mind" is about John Nash --- hold on to that fact, because the argument is about to bifurcate
* John Nash was mentally ill
* John Nash was virulently anti-semitic (hold on to your butts...)
* Ergo, Filippo Valsorda is both bigoted against the mentally ill, and also an anti-semite.
Can we do other memes like this? I'd like your exegesis of the "Homer Simpson dissolves backwards into the hedges" meme next!
3 replies →
There's nothing "bad faith" about it. The tweet is supportive of the lawsuit, and not supportive of Bernstein's weird, heavily-telegraphed, long-predicted claims that a NIST contest he opted to participate in was corrupted by dint of not prioritizing his own designs.
Your bit about the "obviously Jewish family name" thing is itself risible, and you should be embarrassed for trying to make it a thing.
5 replies →