I guess I'm not reading it that way. In fact, a FOIA request is going after official records, which I wouldn't expect would contain outright bribery.
Yes, DJB brings up their known bribing of RSA wrt to the whole Dual-EC thing. But my read of that bit of info was the more general 'here's evidence that the NSA actively commits funding towards infecting standards' rather than 'the NSA's playbook just contains outright bribery and that's what we expect to find in the FOIA requests given to NIST'.
You don’t get it clearly. They’re playing dirty. At best the FOIA will receive a document made on the fly with nothing of value. The rules don’t apply to the NSA. You can do exactly nothing. But NIST, you can do something about - reject any standard they approve. It’s your choice what algorithm you use, and we know NIST will select a broken algorithm for the NSA, so just ignore their ‘standard’.
The best solution is using layers of crypto, trusting no single algorithm.
The actual claim is that NSA may have already spent a lot of time and effort to analyse PQC algorithm underlying problems without making their findings public.
DJB seems to suspect that they may influence NIST to select algorithms and parameters within the range of what they already know how to break.
Huh? Of course NSA spent a lot of time and effort analyzing algorithms without making their findings public. That is their literal job. The peer review NIST is refereeing happened in the open. When people broke SIDH, they didn't whisper it anyone's ear: they published a paper. That's how this stuff works. Bernstein doesn't have a paper to show you; all he has is innuendo. How you know his argument is as limp as a cooked spaghetti noodle is that he actually stoops to suggesting that NSA might have bribed one of the members of the PQC teams.
If he had something real to say, he wouldn't have embarrassed himself like that. How I think I know that is, I think any reasonable person would go way out of their way to avoid such an embarrassing claim, absent extraordinary evidence, of which he's presented none.
> he actually stoops to suggesting that NSA might have bribed one of the members of the PQC teams
I don't know anyone in the teams to judge their moral fiber, but I'm 100% sure the NSA is not above what is suggested and your weird outrage at the suggestion seems surprising knowing what is public knowledge about how the NSA operates.
There are arguments here about NSA pressure on NIST. You miss the point because apparently you're offended that someone suggested your friends can be bribed. I mean, maybe they can't, but this is about the NSA being corrupt, not the researchers.
I guess I'm not reading it that way. In fact, a FOIA request is going after official records, which I wouldn't expect would contain outright bribery.
Yes, DJB brings up their known bribing of RSA wrt to the whole Dual-EC thing. But my read of that bit of info was the more general 'here's evidence that the NSA actively commits funding towards infecting standards' rather than 'the NSA's playbook just contains outright bribery and that's what we expect to find in the FOIA requests given to NIST'.
The FOIA issue is 100% legitimate. NIST is required to comply with FOIA.
You don’t get it clearly. They’re playing dirty. At best the FOIA will receive a document made on the fly with nothing of value. The rules don’t apply to the NSA. You can do exactly nothing. But NIST, you can do something about - reject any standard they approve. It’s your choice what algorithm you use, and we know NIST will select a broken algorithm for the NSA, so just ignore their ‘standard’. The best solution is using layers of crypto, trusting no single algorithm.
4 replies →
The actual claim is that NSA may have already spent a lot of time and effort to analyse PQC algorithm underlying problems without making their findings public.
DJB seems to suspect that they may influence NIST to select algorithms and parameters within the range of what they already know how to break.
Huh? Of course NSA spent a lot of time and effort analyzing algorithms without making their findings public. That is their literal job. The peer review NIST is refereeing happened in the open. When people broke SIDH, they didn't whisper it anyone's ear: they published a paper. That's how this stuff works. Bernstein doesn't have a paper to show you; all he has is innuendo. How you know his argument is as limp as a cooked spaghetti noodle is that he actually stoops to suggesting that NSA might have bribed one of the members of the PQC teams.
If he had something real to say, he wouldn't have embarrassed himself like that. How I think I know that is, I think any reasonable person would go way out of their way to avoid such an embarrassing claim, absent extraordinary evidence, of which he's presented none.
[flagged]
> he actually stoops to suggesting that NSA might have bribed one of the members of the PQC teams
I don't know anyone in the teams to judge their moral fiber, but I'm 100% sure the NSA is not above what is suggested and your weird outrage at the suggestion seems surprising knowing what is public knowledge about how the NSA operates.
There are arguments here about NSA pressure on NIST. You miss the point because apparently you're offended that someone suggested your friends can be bribed. I mean, maybe they can't, but this is about the NSA being corrupt, not the researchers.
4 replies →
1 reply →