[Cryptography] On the Impending Crypto Monoculture

Brian Gladman brg at gladman.plus.com
Fri Mar 25 04:51:21 EDT 2016 

On 25/03/2016 05:27, Andrew Donoho wrote:
> 
>> On Mar 24, 2016, at 18:55 , Brian Gladman <brg at gladman.plus.com> wrote:
>>
>> We certainly want to reduce the 'size' of our multi-culture but moving
>> to the other end of the spectrum is surely not the answer, especially so
>> if this means throwing out primitives that have proved to be effective.
> 
> Gentlefolk,
> 
>   Admittedly, I’m new to this list and, as an iOS developer, I am limited in my algorithm choices by what Apple provides. (For example, Apple internal to the OS uses ECC. But they only allow us hoi polloi to use the suite below.) But lets look at that list and compare it to NSA suite B. Basically, I can implement suite B communications as they specify today.

[snip details]
Much of what cryptographic protocols are about is the protection of
communications so when individual platform suppliers make their own
individual monocultures we are stuck either with no ability to
communicate securely between those using products from different
suppliers or with applications from other parties who are prepared to
support multiple supplier choices in what soon becomes a messy and
brittle multiculture.

So the issue is not that the Apple (or any other platform supplier) has
individually made good or bad choices but rather that they have made
different choices.  In overall terms this produces an unmanaged
multi-culture that has little or no chance of producing a good
information security result.

Moreover when it dawns on these companies that they have to meet wider
needs for communications with users on other platforms, the role of
their participants in standardisation processes is, at least in part,
one of protecting their existing investment in their security choices.
This inevitably results in extra complexity that introduces exploitable
security vulnerabilities and contibutes to the evolution of a brittle
mullti-culture and one that is much more difficult and costly to
implement for everyone involved.  So I can understand the IETF
motivation for wanting to 'start again and do it better this time'. But
I don't see their argument for throwing out primitives such as AES that
are now very widely supported and have proved to be effective in real
use.

I do not like monocultures and I argued during the AES standardisation
process for the selection of three AES winners rather than one. The
immediate response from industry was that this would be a disaster
because they would have to implement all three at enormous cost.  But at
least this would have been a 'managed' multiculture rather than the
chaotic multiculture that emerges from a combination of the individual
choices made by the many individual players in the market.

So planned multicultures don't work and we are left with unplanned ones
driven by market interests in which better security plays very little
part (at least until now).

   Brian Gladman

More information about the cryptography mailing list