[Cryptography] On the Impending Crypto Monoculture
ianG
iang at iang.org
Sat Mar 26 21:18:50 EDT 2016
On 25/03/2016 08:51 am, Brian Gladman wrote:
> I do not like monocultures and I argued during the AES standardisation
> process for the selection of three AES winners rather than one. The
> immediate response from industry was that this would be a disaster
> because they would have to implement all three at enormous cost. But at
> least this would have been a 'managed' multiculture rather than the
> chaotic multiculture that emerges from a combination of the individual
> choices made by the many individual players in the market.
>
> So planned multicultures don't work and we are left with unplanned ones
> driven by market interests in which better security plays very little
> part (at least until now).
AES standardisation worked. Monoculture worked - if AES was a guide.
SHA continues to demonstrate this. In fact, any reasonably tested good
block cipher would have worked in the last 30 years - DES has still not
been broken, any of the five AES contenders would have worked. Same
with the SHAs.
The question is - does monoculture on one algorithm bring more costs
that the alternate? History leans *strongly* towards monoculture in
algorithms. IETF's TLS is a casebook study in the alphabet soup of
algorithmic agility, but it's not the only data point.
Is monoculture therefore golden? No. By no means - it's a risk
decision. We all know we're putting our one egg in one basket and
feeding the world. It's just that over time, this risk is lower than
any other we know of - like Churchill's democracy, monoculture in
algorithms is a really bad idea, but it's the least bad of the rest of
the ideas.
iang
More information about the cryptography
mailing list