Daniel J. Bernstein (#djb, to those who know and love him [1]) has a new blog entry about the NIST post-quantum #cryptography standardization process that's been ongoing for some years. Also, follow him nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq97qqqj2gfydepp0prr33atwsvr06u2gvymd6ek5vrcypwwh92f7q39cshz (nprofile…cshz) .
If you're not aware of some of the controversy about how NIST is running this process, it's a must-read.
https://blog.cr.yp.to/20250423-mceliece.html
My $0.02: it sure looks like NIST is backstopping an attempt by the NSA to get everyone to standardize on cryptography #standards that the #NSA knows how to break.
Again.
Yes, they did it before. If you read up on the Dual_EC calamity and its fallout, and how this time it was supposed to be different - open, transparent, secure - then prepare to be disappointed. NIST is playing #Calvinball with their rules for this contest, yanking the rug out from under contenders that appear to be more #secure and better understood, while pushing alternatives that are objectively worse (#weaker encryption, less studied, poorer #performance).
Frankly, I think organizations outside of the #USA would be foolish to trust anything that comes out of #NIST's current work. Well, those inside the USA too, but some of those may be forced by law to use whatever NIST certifies.
[1] Some people think djb is "prickly", not lovable. Oddly, it seems that the only people who say this are those who are wildly incorrect about code/algorithms and are being gently but publicly corrected about by djb at the time
#quantum #PostQuantum #PostQuantumCryptography
Charles /
npub1pd…64jrl
2025-04-24 05:40:34
Author Public Key
npub1pdaz4j0ezt8km4e4p0tmt3qx7st49gkw8f9gg6unz47glzd8j4hqr64jrlSeen on
wss://relay.mostr.pubPublished at
2025-04-24 05:40:34Event JSON
{
"id": "171fe9fa1668a04b66b47cd366e22faf6610016f766540413b51205f010ed2a6",
"pubkey": "0b7a2ac9f912cf6dd7350bd7b5c406f41752a2ce3a4a846b93157c8f89a7956e",
"created_at": 1745473234,
"kind": 1,
"tags": [
[
"p",
"2f80004948491b9085e118e31eadd060dfae290c26dbacda8c1e08173ae5527c",
"wss://relay.mostr.pub"
],
[
"p",
"dfc7d34aef2cd15aa9eb1c20d755dbf8cafb7bbd155f737c941e14d8c3c1f95a",
"wss://relay.mostr.pub"
],
[
"t",
"djb"
],
[
"t",
"cryptography"
],
[
"t",
"standards"
],
[
"t",
"nsa"
],
[
"t",
"calvinball"
],
[
"t",
"secure"
],
[
"t",
"weaker"
],
[
"t",
"performance"
],
[
"t",
"usa"
],
[
"t",
"nist"
],
[
"t",
"quantum"
],
[
"t",
"postquantum"
],
[
"t",
"postquantumcryptography"
],
[
"proxy",
"https://mindly.social/users/cazabon/statuses/114391333897400729",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.mostr.pub"
]
],
"content": "Daniel J. Bernstein (#djb, to those who know and love him [1]) has a new blog entry about the NIST post-quantum #cryptography standardization process that's been ongoing for some years. Also, follow him nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq97qqqj2gfydepp0prr33atwsvr06u2gvymd6ek5vrcypwwh92f7q39cshz .\n\nIf you're not aware of some of the controversy about how NIST is running this process, it's a must-read.\n\nhttps://blog.cr.yp.to/20250423-mceliece.html\n\nMy $0.02: it sure looks like NIST is backstopping an attempt by the NSA to get everyone to standardize on cryptography #standards that the #NSA knows how to break.\n\nAgain.\n\nYes, they did it before. If you read up on the Dual_EC calamity and its fallout, and how this time it was supposed to be different - open, transparent, secure - then prepare to be disappointed. NIST is playing #Calvinball with their rules for this contest, yanking the rug out from under contenders that appear to be more #secure and better understood, while pushing alternatives that are objectively worse (#weaker encryption, less studied, poorer #performance).\n\nFrankly, I think organizations outside of the #USA would be foolish to trust anything that comes out of #NIST's current work. Well, those inside the USA too, but some of those may be forced by law to use whatever NIST certifies.\n\n[1] Some people think djb is \"prickly\", not lovable. Oddly, it seems that the only people who say this are those who are wildly incorrect about code/algorithms and are being gently but publicly corrected about by djb at the time\n\n#quantum #PostQuantum #PostQuantumCryptography",
"sig": "a0e32cd04c6cad6a2abd4f058e4e873175c25d58e997913b4f65e23264a73ee701ae3417d1a2c192c83acfad7b2adf90a36c28406a629ca289ef8104f4391915"
}