[Cryptography] We need a new encryption algorithm competition.

Sandy Harris sandyinchina at gmail.com
Sun Mar 16 17:47:32 EDT 2014

Phillip Hallam-Baker <hallam at gmail.com> wrote:

> On Sun, Mar 16, 2014 at 12:33 AM, James A. Donald <jamesd at echeque.com>
> wrote:
>> On Sat, 15 Mar 2014 16:31:05 ianG wrote:
>>> If people stop believing in institutions such as standards bodies,
>>> certification bodies, and governments, the question is, what or whom
>>> will they trust?  And what could actually deliver that trust?
>>> It seems that without a good answer to that, there isn't much point in
>>> choosing one technical approach versus another.
>> Trust individuals.
>> As I posted on this list previously:
>> Let us have Jon Callas as unelected president for life of symmetric
>> cryptography, Bernstein as God King of public key cryptography.

That's not enough. For a block cipher, tell me Callas designed it,
Knudsen says he cannot break the algorithm, and Bellovin has
approved the proposed usage, and you are pretty close.

You also need a gang for hashes -- Preneel and who else? Then
one for random number generators.

> Right now we have a fairly well established mandatory to implement set:
> ...
> So we can hypothesize a backup set of algorithms:
> Spot the problem? We currently have no backup for an encryption algorithm.

I think the problem is that you include DSA. As I see it, that should be
deprecated now and removed from future versions all standards as
hopelessly flawed. It is just too fragile.

> We really do need a backup for that slot and I don't think we can just take
> one of the AES runners up.

I do. Better, take all of them with open licenses, which I think is all
except RC6. Anywhere that AES is a MUST, make them all
SHOULD. Cost is low since there are open source implementations.

> The criteria for a reserve algorithm are not the
> same as for the default. Since the idea is that you can depend on the
> reserve algorithm even if the default is broken, it has to be tuned for
> security rather than performance.

So use Serpent, apparently the most conservative choice among
the AES candidates.

More information about the cryptography mailing list