On 1/10/13 00:21 AM, James A. Donald wrote:
On 2013-10-01 00:44, Viktor Dukhovni wrote:
Should one also accuse ESTREAM of maliciously weakening SALSA? Or
might one admit the possibility that winning designs in contests
are at times quite conservative and that one can reasonably
standardize less conservative parameters that are more competitive
in software?
"less conservative" means weaker.
Weaker in ways that the NSA has examined, and the people that chose the
winning design have not.
Why then hold a contest and invite outside scrutiny in the first place.?
This is simply a brand new unexplained secret design emerging from the
bowels of the NSA, which already gave us a variety of backdoored crypto.
The design process, the contest, the public examination, was a lie.
Therefore, the design is a lie.
This could be the uninformed opinion over unexpected changes. It could
also be the truth. How then to differentiate?
Do we need to adjust the competition process for a "tweak" phase?
Let's whiteboard. Once The One is chosen, have a single round +
conference where each of the final contestants propose their optimised
version. They then vote on the choice.
(OK, we can imagine many ways to do this ... point being that if NIST
are going to tweak the SHA3 then we need to create a way for them to do
this, and have that tweaking be under the control of the submitters, not
NIST itself. In order to maintain the faith of the result.)
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
