[Cryptography] On the Impending Crypto Monoculture

ianG iang at iang.org
Sat Mar 26 21:18:50 EDT 2016


On 25/03/2016 08:51 am, Brian Gladman wrote:
> I do not like monocultures and I argued during the AES standardisation
> process for the selection of three AES winners rather than one. The
> immediate response from industry was that this would be a disaster
> because they would have to implement all three at enormous cost.  But at
> least this would have been a 'managed' multiculture rather than the
> chaotic multiculture that emerges from a combination of the individual
> choices made by the many individual players in the market.
>
> So planned multicultures don't work and we are left with unplanned ones
> driven by market interests in which better security plays very little
> part (at least until now).


AES standardisation worked.  Monoculture worked - if AES was a guide. 
SHA continues to demonstrate this.  In fact, any reasonably tested good 
block cipher would have worked in the last 30 years - DES has still not 
been broken, any of the five AES contenders would have worked.  Same 
with the SHAs.

The question is - does monoculture on one algorithm bring more costs 
that the alternate?  History leans *strongly* towards monoculture in 
algorithms.  IETF's TLS is a casebook study in the alphabet soup of 
algorithmic agility, but it's not the only data point.

Is monoculture therefore golden?  No.  By no means - it's a risk 
decision.  We all know we're putting our one egg in one basket and 
feeding the world.  It's just that over time, this risk is lower than 
any other we know of - like Churchill's democracy, monoculture in 
algorithms is a really bad idea, but it's the least bad of the rest of 
the ideas.



iang


More information about the cryptography mailing list