[Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?

[Arnold Reinhold]

On 1 Oct 2013 23:48 Jerry Leichter wrote:

> The larger the construction project, the tighter the limits on this stuff.  I used to work with a former structural engineer, and he repeated some of the "bad example" stories they are taught.  A famous case a number of years back involved a hotel in, I believe, Kansas City.  The hotel had a large, open atrium, with two levels of concrete "skyways" for walking above.  The "skyways" were hung from the roof.  As the structural engineer specified their attachment, a long threaded steel rod ran from the roof, through one skyway - with the skyway held on by a nut - and then down to the second skyway, also held on by a nut.  The builder, realizing that he would have to thread the nut for the upper skyway up many feet of rod, made a "minor" change:  He instead used two threaded rods, one from roof to upper skyway, one from upper skyway to lower skyway.  It's all the same, right?  Well, no:  In the original design, the upper nut holds the weight of just the upper skyway.  In the modi
> fied version, it holds the weight of *both* skyways.  The upper fastening failed, the structure collapsed, and as I recall several people on the skyways at the time were killed.  So ... not even a factor of two safety margin there.  (The take-away from the story as delivered to future structural engineers was *not* that there wasn't a large enough safety margin - the calculations were accurate and well within the margins used in building such structures.  The issue was that no one checked that the structure was actually built as designed.)
> 
> I'll leave it to others to decide whether, and how, these lessons apply to crypto design.

This would be the 1981 Kansas City Hyatt Regency walkway collapse (http://en.wikipedia.org/wiki/Hyatt_Regency_walkway_collapse), where 114 people died, a bit more than several. And the "take-away" included the fact there there were no architectural codes covering that particular structural design. I believe they now exist and include a significant safety margin.  The Wikipedia article includes a link to a NIST technical report on the disaster, but NIST and its web site are now closed due to the government shutdown. 

The concept of safety margin is a meta-design principle that is basic to engineering.  It's really the only way to answer the questions, vital in retrospect, we don't yet know to ask.  

That nist.gov is down also keeps me from reading the slide sets there on the proposal to change to SHA-3 from the design that won the competition.  I'll reserve judgment on the technical arguments until I can see them, but there is a separate question of how much time the cryptographic community should be given to analyze a major change like that (think years). I would also note that the opinions of the designers of Keccak, while valuable, should not be considered dispositive any more than they were in the original competition.  


Arnold Reinhold