[Cryptography] Desirability of standard reference pseudo-codes for essential components of IT-security software

[mok-kong shen]

There is a web site weakdh.org, whose name alone would certainly cause
some feeling of uncertainty in using DH among people who are not
experts IMHO.

In general, i.e. not specifically concerning DH, how is the key sizes
issue being treated in practice today? There are a number of different
recommendations by experts and government institutions like NIST. But
which is the best recommendation and, above all, how much trust should
one have towards these in our era following revelations of Snowden and
other activists? Also IMHO unsatisfying for the common users of
IT-security software is history of the following kind: A certain
earlier recommended key size was found to be insufficient due to a
later discovered cause like logjam attack in the case of DH and one
is simply told that from now on one should use another larger key size
and everything would be ok. But isn't that also a solid testimony of
the fact that in all the time during which the old key size was in
vogue the communications of the users were insecure?

I believe it is highly desirable to mitigate as far as possible the
risks/disadvantages arising in this context via having for all
essential components of IT-security software compact but complete
(i.e. useful for guiding implementations) standard reference
pseudo-codes, e.g. of the kind for AES as given in NIST FIPS-197, that
are thorougly examined by a sufficiently large number of international
experts and published in the standard documents of ISO (in contrast to
publications of a national institution which could eventually be
influenced by some specific national interests). Parameters of such
codes, in particular e.g. the minimum key size of DH, could then be
continuously updated in case of need via official documents issued as
a result of standing cooperative work of such experts. Certainly this
can't be an ideal solution, as long as humans err and unexpected
cryptanalytical breakthroughs can by nature never be ruled out, but
is nonetheless apparently an optimal compromise for the practice.
Once such standard reference pseudo-codes are available, concrete
open-source implementations that are semantically equivalent to them
can be done and certified to be correct by the individual national
standardization bodies and/or IT professional associations. Any common
user could then have the capability to best choose an implementation
for his use, employing a criterion e.g. based on the number of
certificates that an implementation has obtained.

M. K. Shen