← Back to context

Comment by mort96

2 years ago

It's true that nothing is 100% safe. And to some degree, that makes the argument problematic; regardless of what happened, one could construct a way for US government to mess with things. If you had competition of the world's leading academic cryptographers with a winner selected by popular vote among peers, how do you know that the US hasn't just influenced enough cryptographers to push a subtly broken algorithm?

But we must also recognize a difference in degree. In a competition where the US has no official influence over the result, there has to be a huge conspiracy to affect which algorithm is chosen. But in the competition which actually happened, they may potentially just need a single plant on one of the strong teams, and if that plant is successful in introducing subtle brokenness into the algorithm without anyone noticing, the NIST can just declare that team's algorithm as the winner.

I think it's perfectly reasonable to dismiss this possibility. I also think it's reasonable to recognize the extreme untrustworthiness of the NIST and decide to not trust them if there's even a conceivable way that they might've messed with the outcome of their competition. I really can't know what the right choice is.

6 comments

mort96

Reply
tptacek  2 years ago

That's an argument that would prove too much. If you believe NSA can corrupt academic cryptographers, then you might as well give up on all of cryptography; whatever construction you settle on as trustworthy, they could have sabotaged through the authors. Who's to say they didn't do that to Bernstein directly? If I'd been suborned by NSA, I'd be writing posts like this too!

  • mort96  2 years ago

    You're still not recognizing the difference between corrupting a single academic cryptographer and corrupting a whole bunch of academic cryptographers. This isn't so black and white.

    For what it's worth, I do think the US government could corrupt academic cryptographers. If I was an academic cryptographer, and someone from the US government told me to do something immoral or else they would, say, kill my family, and they gave me reason to believe the threat was genuine, I'm not so sure I wouldn't have done what they told me. And I know this sounds like spy movie shit, but this is the US government.

    One last thing though, if you're giving me the black and white choice between blindly trusting the outcome of a US government cryptography standard competition or distrusting the field of cryptography altogether, I choose the latter.

    • tptacek  2 years ago

      As long as we're clear that your concern involves spy movie shit, and not mathematics or computer science, I'm pretty comfortable with where we've landed.

      2 replies →

    • thadt  2 years ago

      It's an interesting thought, but then you would need those cryptographers to not only stay quiet about it, but also spend a good chunk of the next part of their lives selling the lie.

      Secrets are hard to keep at scale. Trying to do it with coercion, to a group of people who's entire field of study is covert communication, seems like an unenviable prospect.