Recent searches
Search options
Let me try to explain what’s going on here.
The substance here is that Dan Bernstein had a submission to the competition that was rejected in favor of another candidate, Kyber. He has been running a blog/FOIA campaign to discredit both NIST and Kyber ever since. In principle this is not bad, provided one sticks to facts.
The problem with Dan’s approach, however, is that it has featured many dark insinuations that the NSA is collaborating with NIST to sabotage cryptography. These are all carefully worded so as to stimulate the “let’s rise up with pitchforks” hacker crowd, without ever saying anything that might be a clear factual accusation.
In the most recent blog post (the subject of this pop-sci article) Dan appears to have found a small potential error in the security calculation applied to a NIST finalist, Kyber. This needs to be verified but if valid, it’s important to consider! So that’s good. However, the result is articles with headlines like the top-level article. Which is destructive to the whole process. https://blog.cr.yp.to/20231003-countcorrectly.html
For the record, the PQC community is actively debating the topic and they aren’t even certain there is an error. This probably could have been discussed on a mailing list and resolved, without the need for blog posts and big scary headlines. But what fun would that be? https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E/m/UGeTmPCqBAAJ
People will say “but NSA has sabotaged encryption standards, look at Dual EC.” And they’re right! This kind of thing has happened. But I think it’s very unlikely it happened this time.
Which is what’s so frustrating about this accusation. We know there are real wolves, and that’s why it’s so important NOT to cry wolf when there probably isn’t one.
What’s so aggravating to me is that the NSA holds a vast amount of the US (and global) cryptanalytic knowledge. We need them to weigh in on these new algorithms, which will ultimately be used to secure US classified data and military secrets.
And yet, by interfering with and sabotaging cryptography in the past, the NSA has utterly destroyed its credibility with the scientific world. This is ultimately enabling the current campaign against NIST’s PQC standardization effort, and the result could be really harmful to global infosec.
I think the academic community could benefit from less cynical exploitation of this fact. But the NSA is still ultimately to blame for where we are.
Whatever benefits the agency got from its sabotage campaign in the past were short-term and ephemeral. But the damage is cumulative and lasting — like spending too much time in the sun.