This is one reason why political crimes are treated with different considerations under international treaties and in the day to day norms of states. The right to asylum, for example, in one country to avoid prosecution in another country exists, and it is regularly exercised.
America regularly support people who are charged with normal crimes that have obvious political undertones, as they should. This is an unmitigated good.
Other popular examples exist. These cases are also often very polarizing for the people of the country who is claimed to have been the victim of some political crime.
What makes up a political crime? By definition it can be subjective but some entire categories are usually included.
On the one hand, Assange is considered by many to be a journalist doing journalistic things, while others argue he committed espionage doing political things as some kind of spy. Prosecution for either is usually considered a political persecution worthy of asylum.
Ecuador granted Assange political asylum because of the U.S. investigation into Assange for his publications that were in the public interest.
At the risk of belaboring the obvious: An attacker won't have to say "Oops, researcher X is working in public and has just found an attack; can we suppress this somehow?" if the attacker had the common sense to hire X years earlier, meaning that X isn't working in public. People arguing that there can't be sabotage because submission teams can't be bribed are completely missing the point.
He goes on to say:
I coined the phrase "post-quantum cryptography" in 2003. It's not hard to imagine that the NSA/IDA post-quantum attack team was already hard at work before that, that they're years ahead of the public in finding attacks, and that NSA has been pushing NISTPQC to select algorithms that NSA secretly knows how to break.
Does this seem unreasonable, and if so, why?
He also remarks:
Could such a weakness also be exploited by other large-scale attackers? Best bet is that the answer is yes. Would this possibility stop NSA from pushing for the weakness? Of course not.
Doesn’t sound to me like he only has concerns about bribery. Corruption of the standards to NSA’s benefit is one overarching issue. It’s not the only one, he has concerns about non-American capabilities as well.
The are many methods for the NSA to achieve a win.
Ridiculing people for worrying about this is totally lame and is harmful to the community.
To suggest a few dozen humans are beyond reproach from attack by the most powerful adversaries to ever exist is extremely naive at best. However that literally isn’t even a core point as Bernstein notes clearly.
FFS nobody is saying that the general idea of being skeptical is unreasonable. And nobody is being ridiculed for doing such. This subthread is about the contents of tptacek’s comment, which doesn't do what you are saying. Saying DJB’s claims are inconceivable is the mischaracterization. People are very eager to paint a picture nobody intended so they can say something and be right.
I use djb’s crypto. Everybody knows his speculation. Everybody knows why he’s pursuing more information. Nobody disagrees more information would be a public good. Some people are more skeptical than others that he’ll find anything substantial.
> If you RTFA you'd know it pertains to bribery, not coercion
By quoting the article it seems the text directly contradicts your summary as being too narrow. General coercion is also be included as part of the concerns raised by TFA. He isn’t just talking about NSA giving a person a sack of money.
Meanwhile in this thread and on Twitter, many people are indeed doing the things you say that nobody is doing.
We almost all use Bernstein’s crypto — some as mere users, others as developers, etc. I’m not sure what that brings to the discussion.
I’m glad we agree that his work to gather more information is a public good.
The article discusses it generally but uses bribery as the example. Perhaps that’s the confusion. Someone said the idea that we’re gonna find bribes is silly. Someone else said that’s insane, how could you not imagine the govt doing something coercive. Reply was that’s not what I said. Another challenge follows asserting that the gov’t is generally shady and coercive. I tried to clarify what I see as the confusion (bribery vs coercion as an example used in the article). Sorry if my statement was overly broad, my intention was to say we’re probably mostly on the same side and arguing over semantics. Maybe not all of the world is (e.g. Twitter), but it seemed like the case here. Maybe not and tptacek believes the gov’t is infallible. IDK. I like DJB and appreciate what he’s doing.
One trivial example implied by the blog post: Such corruption could be involved in the non-transparent decision making process at NIST.
Regarding Dual_EC: we still lack a lot of information about how this decision was made internally at NIST. That’s a core point: transparency was promised in the wake of discovered sabotage and it hasn’t arrived.
What do you mean, "how" the decision about Dual EC was made? It's an NSA-designed backdoor. NIST standardized it because NSA told them to. I'm sure NSA told NIST a story about why it was important to standardize it. The Kremlinology isn't interesting: it is NSA's chartered job to break cryptography, and nobody should ever trust them; the only thing NSA can do to improve cryptography is to literally publish secret attacks, and they're not going to do that.
What do I mean? Iran-Contra, Watergate, or a 9/11 report style report, like levels of investigation. Given how widely read the BULLRUN stories were, it’s not credible to suggest the details aren’t important.
The American people deserve to know who picked up the phone or held a meeting to make this happen. Who was present, who at NIST knew what, and so on. Who internally had objections and indeed who set the policy in the first place. What whistleblower protections were in place and why didn’t the IG have involvement in public? Why did we have to learn about this from Snowden?
NSA has a dual mandate, on that I hope we can agree. It’s my understanding that part of their job is to secure things and that part of their job is to break stuff.
NIST has no such dual mandate, heads should roll at NIST. We probably agree that NSA probably won’t be accountable in any meaningful sense, but NIST must be - we are stuck with them. Not trusting them isn’t an option for anyone who files their taxes or banks or does any number of other regulated activities that require using NIST standards.
It can be everybody involved. It should include NIST based on the history alone.
Some of the commentary on this topic is by people who also denied DUAL_EC until (correctly) conceding that it was actually a backdoor, actually deployed, and that it is embarrassing for both NSA and NIST.
This sometimes looks like reactionary denialism. It’s a safe position that forces others to do a lot of work, it seems good faith with some people and not so much with others.
I'm people who denied that Dual EC was a backdoor (my position wasn't an unusual one; it was that Dual EC was too stupid to actually use, which made it an unlikely backdoor). Dan Bernstein didn't educate me about that; like anybody else who held that position, the moment I learned that real products in the industry were built with libraries that defaulted to Dual EC, the jig was up.
I'm honest about what I'm saying and what I've said. You are not meeting the same bar. For instance, here you're insinuating that my problem on this thread is that I think NIST is good, or trustworthy, or that NSA would never have the audacity to try to bribe anybody. Of course, none of that is true.
I don't know how seriously you expect anybody to take you. You wrote 13-paragraph comment on this thread based on Filippo's use of an "It's Always Sunny In Philadelphia Meme", saying that it was a parody of "A Beautiful Mind", which is about John Nash, who was mentally ill, and also an anti-semite, ergo Filippo Valsorda is an anti-semite who punches down at the mentally ill. It's right there for everybody to read.
How could any serious security researcher have been in doubt about Dual EC? The design did not not make any sense at all. Not until you consider that it is designed with a back door, then it is a sleek minimal design that does exactly what it needs to do and not a whole lot more.
If you couldn't see that from a mile away, then you might be too naive to work in security.
Yes, he appears to be unreasonably dismissive of the blindly obvious history and the current situation.
As an aside, this tracks with his choice of employers - at least one of which was a known and documented NSA collaborator (as well as a victim, irony of irony) before he took the job with them.
As Upton Sinclair remarked: “It is difficult to get a man to understand something when his salary depends upon his not understanding it.”
Joining Google after Snowden revealed PRISM and BULLRUN, as well as MUSCULAR, is almost too rich to believe, Meanwhile he asserts and dismisses Bernstein as a conspiracy theorist. It’s a classic bad faith ad-hominem coincidence theory.
One says he’s doing it wrong. The other says he hopes that he wins, of course!
Meanwhile they go on to attack Bernstein, mischaracterize his writing, completely dismiss his historical analysis, mock him with memes as a conspiracy theorist, and to top it off they question his internal
motivations (which they somehow know) as some kind of a sore loser which is demonstrably false.
The plot twist for the last point: he is still in the running for round four and his former PhD students did win major parts of round three.
Two things can easily be true: that NIST mishandled a FOIA request, and that there isn't especially good reason to accept on faith Bernstein's concerns about the PQC process, which is unrelated to how they handle FOIA.
Meanwhile: you haven't actually added any light to this subthread: the tweets we're talking about do not dismiss the suit. Cryptographic researchers that aren't stans of Daniel Bernstein (there are a lot of those) are also unhappy about NIST clowning up FOIA.
You are in a deeply weird and broken place if you think you can divide the world into "people who take what Daniel Bernstein says on faith" and "people who trust NIST". I don't know if you're in that place! But some people on this thread clearly are.
You wrote a large number of comments on this so I am asking this here since it's fresh.
Can you comment on why you think djb thinks it is worth investigating if the NSA is attempting to destroy cryptography with weak pqc standards? I read through some of the entries NIST just announced and there are indeed attacks, grave attacks, that exist against Kyber and Falcon. I have no reason to believe the authors of those specs work with the NSA. Wouldn't a more reasonable conclusion be that we need to do more work on pqc? Maybe I have it wrong and he is just trying to rule out that possibility but his long rant which was 80% about NIST and their history with the dual EC backdoor really points at djb concluding the NSA is deliberately trying to weaken crypto by colluding with a bunch of people who probably don't care about money or the NSA's goals that much.
You'd have to ask Bernstein. I think it's helpful to take a bit of time (I know this is a big ask) to go see how Bernstein has comported himself in other standards groups; the CFRG curve standardization discussion is a good example. The reason I said there's a lot of eye-rolling about this post among cryptographers is that I think this is pretty normal behavior for Bernstein.
I used to find it inspiring; he got himself crosswise against the IETF DNS working group, which actively ostracized him, and I thought the stance he took there was almost heroic (also, I hate DNSSEC, and so does he). But when you see that same person get in weird random fights with other people, over and over again, well: there's a common thread there.
Is it worth investigating whether NSA is trying weaken PQC? Sure. Nobody should trust NSA. Nobody should trust NIST! There's value in NIST catalyzing all the academic asymmetric cryptography researchers into competing against each other, so the PQC event probably did everybody a service. But no part of that value comes from NIST blessing the result.
It's probably helpful for you to know that I think PQC writ large is just a little bit silly. Quantum computers of unusual size? I don't believe they exist. I think an under-appreciated reason government QC spending happens is because government spending is a goal in and of itself; one of NSA's top 3 missions is to secure more budget for NSA --- it might even be the #1 goal. Meanwhile, PQC is a full-employment program for academic cryptographers working on "Fun" asymmetric schemes that would otherwise be totally ignored in an industry that has more or less standardized on the P-curves and Curve25519.
Be that as it may: whether or not NSA is working to "weaken" CRYSTALS-Kyber is besides the point. NSA didn't invent CRYSTALS. A team of cryptographers, including some huge names in modern public key crypto research, did. Does NSA have secret attacks against popular academic crypto schemes? Probably. You almost hope so, because we pay them a fuckload of a lot of money to develop those attacks. But you can say that about literally every academic cryptosystem.
You probably also don't need me to tell you again how much I think formal cryptographic standards are a force for evil in the industry.
ok, thanks. I didn't know that about djb's history as far as picking fights with standards groups. I don't know much about him outside of the primitives he designed. That makes some sense in context now because the implication just seemed like a stretch. Cryptosystems break and have flaws in them, that's nothing new. It's just strange to leap to "The NSA did it", but again, I didn't know he just tends to accuse people of that.
I agree about the PQC stuff and committees. Anyways, thanks for clarifying this.
Just bear in mind that this is just opinions and hearsay on my part. Like, I think there's value in relaying what I think I know and what I've heard, but I'm not a cryptographer, I paid almost no attention to the PQC stuff (in fact, I pretty much only ever swapped PQC into my resident set when Bernstein managed to start drama with other cryptographers whose names I knew), and there are possibly other sides to these stories. I've seen Bernstein drama where it's pretty clear he's deeply in the wrong, and I've seen Bernstein drama where it's pretty clear he wasn't.
The suit is good. NIST isn't allowed to clown up FOIA; they have to do it right.
I am definitely not in that place. We clearly disagree on a few points.
The issues raised in the blog post aren’t just about NIST mishandling the FOIA. By reducing it to the lawsuit, this is already a bad faith engagement.
The blog post is primarily about the history of NSA sabotage as well as contemporary efforts, including (NIST’s) failures to stop this sabotage. Finally it finishes the recent history by raising that there are mishandling issues in the pq-crypto competition. The lawsuit is at the end of a long chronological text with the goal of finding more information to extend the facts that we know. This is a noble goal, and it’s hard to accept any argument that the past in this area hasn’t been troubled.
Weirdly there is an assumption made immediately by Filippo, made without basis in fact: he supposes Bernstein somehow lost the contest and that this is his motivation for action. Bernstein hasn’t lost, though some structured lattices have won. He still has submitted material in the running as far as I understand things. None the less we see that Filippo tells us the deepest internal motivations of Bernstein, though we don’t learn how he learned these personal secrets. This is simply not reasonable. Maybe it could be phrased as a question but then the rhetorical tool of denying questions as a valid form of engagement would start to fade away.
Back to the core of the tweets: One of the two says he hopes he wins the suit, the other says he’s doing it wrong. We could read that as they’re both hoping he wins, and yet… it’s hard to believe when the rhetoric centers around Bernstein’s supposedly harmful rhetoric in the blog post and lawsuit as being harmful to the community at large.
Bernstein isn’t attacking a singular person as Filippo is attacking Bernstein. Filippo even includes a meme to drive home the personal nature of the attacks.
For me personally, I used to find this meme funny until I learned the history of the meme. This strikes me as blind spot, my very own once. The context and history of that meme and that scene is dark.
So then, here is some light for you: This meme is a parody from a comedy. In turn it is a parody of a famous scene from a film portraying John Nash. It’s about a very famous mentally ill mathematician. Nash in this scene is the iconic, quintessential conspiracy theorist insane person once considered a genius. Nash is drawing connections that aren’t there and that aren’t reasonable. He was deeply mentally ill at that point in his life. That is a brutal thing to say in itself about anyone, but… it gets worse.
Nash was also famously a virulent antisemitic in some of his psychological breaks and outbursts. I don’t hold him responsible for his ravings as he was a paranoid schizophrenic, but wow I would not throw up that specific meme at a (Jewish) mathematician while implying he’s a crazy conspiracy theorist. It’s some really gross mental health hate mixed with ambiguity about the rest. It could be funny in some contexts, I suppose, but not this one.
So in summary: that is a gross meme to post in a series of ad-hominem tweet attacks calling (obviously Jewish family name) Bernstein a conspiracy theorist, saying he is making obviously crazy, baseless connections. The root of his concern is not insane and ignoring the history of sabotage in this area by NSA is unreasonable.
I assume this meme subtext is a mistake and it wasn’t intended as antisemitic. Still after processing the mental health punching down part of the meme, I had trouble assuming good faith about any of it. Talk about harmful rhetoric in the community.
I also note that they attack him in a number of other bad faith ways which make me lose my assumption of good faith generally about their well wishing on his lawsuit being successfully.
Meanwhile, I don’t take Bernstein on faith. I find his arguments and points in the blog post convincing. I find his history of work in the public interest convincing. I don’t care about popularity contests or personal competition. Meanwhile you say you’re not following the contest.
Corruption of NIST and other related parties isn’t just possible, we know it has happened. We should be extra vigilant that it doesn’t repeat. FOIA is a weak mechanism but it’s something. Has any corruption or sabotage happened here? We don’t know yet, and more important NIST have promised transparency that they haven’t delivered. A promise is a good start but it’s not sufficient.
NIST have slipped their own deadlines, they have been silent in concerning ways, and they’re still failing to provide critical details about the last round of NSA sabotage that directly involved NIST standardization.
I just want to jump back here for a second, because when I responded to this comment last night, I hadn't really read it (for I think obvious reasons, but also I was watching Sandman). So I wrote some replies last night that I'm not super proud of --- not because I said anything wrong, but because I didn't acknowledge the majesty of the argument I had been confronted with.
This right here is a comment that makes the following argument, which I will helpfully outline:
* Filippo Valsorda wrote a tweet that included a meme from "It's Always Sunny In Philadelphia"
* That meme is a parody of "A Beautiful Mind"
* "A Beautiful Mind" is about John Nash --- hold on to that fact, because the argument is about to bifurcate
* John Nash was mentally ill
* John Nash was virulently anti-semitic (hold on to your butts...)
* Ergo, Filippo Valsorda is both bigoted against the mentally ill, and also an anti-semite.
Can we do other memes like this? I'd like your exegesis of the "Homer Simpson dissolves backwards into the hedges" meme next!
> … I didn't acknowledge the majesty of the argument I had been confronted with.
Gee, thanks, I think. Sorry to say we don’t agree on your summary of my comment.
> Filippo Valsorda wrote a tweet that included a meme from "It's Always Sunny In Philadelphia"
From this, we already have serious disagreements. It’s part of a series of tweets amplified by others. It isn’t a single tweet in isolation even when we only look at the direct author. We do agree on the source of the clip, though I think you weren’t familiar with the background of the subject parodied in the clip as I raised it. Perhaps you do not believe it or perhaps you think that the parody somehow erases what was parodied originally. Reasonable people can read it many ways.
Yep. The implication of using such a meme to punch down is mirrored in the words of the related tweets calling him a conspiracy theorist. This wasn’t as you tried to say, a single tweet, it’s presented in a context that is harsh, and condemning.
> John Nash was virulently anti-semitic
Maybe, it’s unclear if it was a byproduct of his mental illness or a sincerely held belief. It’s a third rail, regardless. I won’t hold a mentally ill person accountable for stuff they say during an episode, and I also won’t use it as a joke.
> Ergo, Filippo Valsorda is both bigoted against the mentally ill, and also an anti-semite.
This isn’t my claim. My claim is that it’s completely inappropriate on many levels to post not only that meme but to use it in tandem with direct personal attacks on Bernstein. This seems especially relevant in a thread supposedly about damaging behavior of other people in the community.
I would prefer you don’t cover for mental health stigmatization or antisemitic dog whistling even a tiny bit, especially if it was not intended. Painting me as crazy for my analysis is shitty. You asked me to bring some light and then attack me for sharing my actual thoughts. You didn’t acknowledge my insight about Jewish names, either. Was that news to you? Dismissively omitting anything about that insight is weird.
Please leave no room for ambiguity here, it is a very dangerous time in the world, and in America, especially after the Tree of Life murders. There are many many other examples of terrible stuff like that - and anything that even remotely smells like that must be immediately challenged in my view. No doubt this personal context makes myself and others extra sensitive. That is exactly why I explained my understanding of the meaning.
I am happy to provide an analysis of Homer Simpson memes in context if it can help us break the ice and not end this thread on hard or hateful terms.
"Crazy" is not the word I would use about what you've written here. It is unlikely you and I are going to have any productive dialog after this, which is totally fine; I'm happy to disengage here.
There's nothing "bad faith" about it. The tweet is supportive of the lawsuit, and not supportive of Bernstein's weird, heavily-telegraphed, long-predicted claims that a NIST contest he opted to participate in was corrupted by dint of not prioritizing his own designs.
Your bit about the "obviously Jewish family name" thing is itself risible, and you should be embarrassed for trying to make it a thing.
Your augment that the selection doesn’t pick his designs doesn’t square with SPHINCS+ winning, and with others remaining in the running. His former PhD student won with Kyber. Bernstein did very well here and you’re misleading people by suggesting he had his ass handed to him.
He has published (and it is linked from the blog) his views on how to run cryptographic contests before their recent selection finished (late). His comments are not simply the result of the round three announcement.
As to the offensive meme, I note that you don’t even dispute the punching down about mental health. Gross.
Bernstein is a German-Jewish name. These names were given and in some cases forced on people in history to give a signal to others, usually negative. This is a hint, not a fact of his beliefs. My understanding is that he does come from a Jewish family. I won’t presume to speak for Bernstein’s beliefs, just that I see something obviously tense and probably wrong.
It’s your choice to not care to comment about the antisemitic connotations that I raised. My point was that for some people this is impossible to not see. It is highly offensive given the context. Now I understand that you refuse to do so when shown. Also extremely gross.
I didn't even notice a "punching down about mental health" thing. You wrote a long comment, I skimmed it. Your allegation that Filippo and Matt Green are antisemitic is ludicrous.
I didn't say Bernstein had his ass handed to him. I said that he wrote thousands and thousands of words about his reasons to mistrust NIST (not just here but elsewhere, and often), but still participated in the PQC contest, raising these concerns only at its conclusion.
> I didn't even notice a "punching down about mental health" thing. You wrote a long comment, I skimmed it.
That tracks, okay. It’s the weekend and I’m a nobody on the internet. Thank you for talk the time to continue to engage with me.
> Your allegation that Filippo and Matt Green are antisemitic is ludicrous.
That isn’t an allegation that I am making, you are misunderstanding and misrepresenting my statements. My comment even disclaimed that this probably isn’t intentional, merely that it is one read of that meme. My core point is this: posting that meme is unhelpful in a thread about Bernstein’s supposedly harmful behavior. Maybe you think it’s a funny joke, I don’t.
Either way - funny joke or not - it certainly isn’t a healthy discourse for “the community” to call someone names and to dismiss them as some kind of unhinged conspiracy theorist.
> I didn't say Bernstein had his ass handed to him.
Indeed, I did not claim to quote you there. I am characterizing your words into what I understand as your point. Let’s call this “the sore loser discourse” - it is repeated in this thread by others. It seems to be implied by my read when you say: “…he opted to participate in was corrupted by dint of not prioritizing his own designs.” I preemptively acknowledge that I may have misunderstood you.
What do you mean to convey by “dint of not” roughy? Don’t SPHINCS+ (Standardized in round three) and Classic McEliece (still in the running) count as prioritizing his designs? Also, what is wrong with participating in this standardization process? He seems to be unhappy with NIST before, and during the process, and with ample cause. By participating, it’s clear he has learned more and by winning parts of the competition, he’s not a sore loser.
If he wasn’t a part of this competition, people would probably dismiss his criticism as simply being outside. It’s harder to dismiss him if he is part of it, and even harder when his submissions win. It isn’t a clean sweep, but it’s lifetime achievement levels for some people to have a hand in just one such algorithm, selected in such a process. He has a hand in several remaining submissions as far as I understand the process and the submissions.
> I said that he wrote thousands and thousands of words about his reasons to mistrust NIST (not just here but elsewhere, and often),
So you note he has been saying these things for a long time. On that we agree.
> but still participated in the PQC contest,
You go on to note that he then participated in the process. He is documented in his attempts to use the process tools to raise specific issues and to try to have them settled by NIST as promised, with transparency. NIST has failed to bring that transparency.
Confusingly (to me anyway) your next statement continues with a contradiction:
> raising these concerns only at its conclusion
Which is it? Was he constantly raising these issues or only raising them at the end (of round three)?
Alternatively I could read this as “at its (the blog post) conclusion” which would be extremely confusing. I presume this isn’t what you meant but if so, okay, I am really missing the point.
Yes, I think so. His former PhD students were among the winners in round three and he has other work that has also made it to round four. I believe he would have sued if he won every single area in every round. This is the Bernstein way.
Does that seem like reasonable behavior by NIST to you?
To my eyes, it is completely unacceptable behavior by NIST, especially given the timely nature of the standardization process. They don’t even understand the fee structure correctly, it’s a comedy of incompetence with NIST.
His FOIA predates the round three announcement. His lawsuit was filed in a timely manner, and it appears that he filed it fairly quickly. Many requesters wait much longer before filing suit.
They’re not in question for many people carefully tracking this process. He filed his FOIA before the round three results were announced.
The lawsuit is because they refused to answer his reasonable and important FOIA in a timely manner. This is not unlike how they also delayed the round three announcement.
America regularly support people who are charged with normal crimes that have obvious political undertones, as they should. This is an unmitigated good.
Example: https://en.wikipedia.org/wiki/Chen_Guangcheng
Other popular examples exist. These cases are also often very polarizing for the people of the country who is claimed to have been the victim of some political crime.
Note the definition of political crime ( https://www.merriam-webster.com/dictionary/political%20crime ) exactly makes the link: “political offenses … exclude any possibility of extradition.”
What makes up a political crime? By definition it can be subjective but some entire categories are usually included.
On the one hand, Assange is considered by many to be a journalist doing journalistic things, while others argue he committed espionage doing political things as some kind of spy. Prosecution for either is usually considered a political persecution worthy of asylum.
Ecuador granted Assange political asylum because of the U.S. investigation into Assange for his publications that were in the public interest.