> I believe the implication that NIST or NSA somehow bribed one of the PQC researchers to weaken a submission is risible.
Could you elaborate on this? I didn't get this from the article at all. There's no researcher(s) being implicated as far as I can tell.
What I read is the accusation of NIST's decision-making process possibly being influenced by the NSA, something that we know has happened before.
Say N teams of stellar researchers submit proposals, and they review their peers. For the sake of argument, let's say that no flaw is found in any proposal; every single one is considered perfect.
NIST then picks algorithm X.
It is critical to understand the decision making process behind the picking of X, crucially so when the decision-making body has a history of collusion.
Because even if all N proposals are considered perfect by all possible researchers, if the NSA did influence NIST in the process, history would suggest that X would be the least trustable of all proposals.
And that's the main argument I got from the article.
Yes, stone-walling a FOIA request may be common, but in the case of NIST, there is ample precedent for malfeasance.
I don't even support NIST's mission; even if you assembled a trustworthy NIST, I would oppose it.
The logical problem with the argument Bernstein makes about NSA picking the least trustworthy scheme is that it applies to literally any scheme NIST picks. It's unfalsifiable. If he believes it, his FOIA effort is a waste of time (he cannot FOIA NSA's secret PQC attack knowledge).
The funny thing here is, I actually do accept his logic, perhaps even more than he does. I don't think there's any reason to place more trust in NIST's PQC selections than other well-reviewed competing proposals. I trust the peer review of the competitors, but not NIST's process at all.
> The logical problem with the argument Bernstein makes about NSA picking the least trustworthy scheme is that it applies to literally any scheme NIST picks. It's unfalsifiable.
That may be true in the strict sense, but in practice, I think there would be a material distinction between a NIST process of "we defer our decision to the majority opinion of a set of three researchers with unimpeachable reputations" (a characterization from another comment) and a process of "NSA said we should pick X."
In the strict sense, I can't trust either process, but in practice [edit: as an absolute layperson who has to trust someone], I'd trust the first process infinitely more (as I would absolutely distrust the second process).
> The funny thing here is, I actually do accept his logic, perhaps even more than he does.
That's actually what I got from your other comments to this story. But that confused me, because it was also what I got from the article. The first two thirds of the article are spent entirely on presenting NIST as an untrustworthy body based on decades of history. Apart from the title, PQC isn't even mentioned until the last third, and that part, to me, was basically "NIST's claims of reform are invalidated if it turns out that NSA influenced the decision-making process again".
My vibe was that both of your positions are more or less in agreement, though I have to say I didn't pick up on any accusations of corruption of a PQC researcher in the article (I attribute that to me being a layperson in the matter).
Could you elaborate on this? I didn't get this from the article at all. There's no researcher(s) being implicated as far as I can tell.
What I read is the accusation of NIST's decision-making process possibly being influenced by the NSA, something that we know has happened before.
Say N teams of stellar researchers submit proposals, and they review their peers. For the sake of argument, let's say that no flaw is found in any proposal; every single one is considered perfect.
NIST then picks algorithm X.
It is critical to understand the decision making process behind the picking of X, crucially so when the decision-making body has a history of collusion.
Because even if all N proposals are considered perfect by all possible researchers, if the NSA did influence NIST in the process, history would suggest that X would be the least trustable of all proposals.
And that's the main argument I got from the article.
Yes, stone-walling a FOIA request may be common, but in the case of NIST, there is ample precedent for malfeasance.