Comment by LinuxBender
3 years ago
It's not the first time either and it won't be the last. NIST chose Rijndael over Serpent for the AES standard even though Serpent won. I vaguely recall they gave some smarmy answer. I don't think anyone submitted a FOIA not that it would matter. I've been through that bloated semi-pseudo process and saw how easy it was to stall people not answer a simple question.
Rijndael was selected over Serpent for performance reasons.
I remember them saying that in a follow-on email on one of the mail list servers. That was not their original statement but I can't remember exactly what they said. I just remember it was quite smarmy and did not sit well with me coming from such an organization. Regardless Serpent won the challenge by their criteria but then they moved the goal posts after the fact.
Both Rijndael and Serpent could have equally become more performant in the AES-NI CPU instruction sets and I am also not ok with how that evolved either. Cipher fixation is a security vulnerability. AES-NI CPU instructions should have included a few ciphers for performance. Probably Rijndael, Serpent and Twofish. There are folks in the cryptography community that are very much against using more than one cipher and that makes it clear to me they have been compromised or manipulated by something.
Please cite for me the most credible cryptographic researcher you can find who advocates cascades of ciphers. I'm not certain, but if I had to bet, I'd bet that you can't even find one.
You can believe whatever you want to believe, but the threshold you've just claimed to have for believing someone is compromised suggests that essentially every academic cryptographic researcher in the world is compromised.
This is what I know; wish I knew more.
AES won due to software performance.
https://www.moserware.com/2009/09/stick-figure-guide-to-adva...