[Cryptography] Quillon Graph: A private, post-quantum electronic cash system

[Jerry Leichter]

>> The TLAs hate simple algorithms and simple protocols because they can be
>> shown to work easily, proven correct etc. They love complex algorithms &
>> protocols bc devs make mistakes and committees are required to add further
>> complexity & mistakes to make them 'safe', as well as opportunity to distract
>> by committee procedure and eventual cartelisation.
> 
> Is it that or because their cryptographers are all hardcore mathematicians and they choose mathematically interesting stuff that works fine on a whiteboard but fails in a million subtle ways when deployed in the real world?
> 
> As an aside, if their internal-use stuff follows the same well-it-works-fine-
> on-paper design philosophy, I wonder how vulnerable the implementations are
> given that they don't have access to the crowdsourced pen-testing that public
> designs and implementations have?
We've gotten to see a few of their designs - Skipjack, for example.  For internal or approved-for-US-secrets use, they seem to go for reasonably simple designs.  (They also seem to be willing to use parameters that don't provide a great deal of redundancy "just in case":  If 8 rounds is enough, they won't use 10.)

The complexity seems to be reserved for stuff they expect others to implement.

                                                        -- Jerry