Cryptography is not a science currently

Ryan Carboni ryacko at gmail.com
Sat Dec 5 15:13:21 PST 2015 

Recently The Moral Character of Cryptographic Work was published online by
Philip Rogaway.

I am going to explain that the disciplinary culture of cryptography is not
a scientific discipline. Cryptography itself is a science. Cryptography in
many respects is the inverse of forensic science, while forensics follow a
protocol, their results are no better than guessing. While cryptography's
results are concrete, the culture is a serious failure.

Cryptographers are well aware of the moral implications of their work...
since Diffie and Hellman condemned DES's short key length (
http://www.toad.com/des-stanford-meeting.html ). If according to Rogaway,
"Most academic cryptographers seem to think that our field is a fun, deep,
and politically neutral game—a set of puzzles involving communicating
parties and notional adversaries", the fault is not with most
cryptographers, but with all cryptographers.

Paranoid fear surrounded the AES competition, that a cipher might have a
backdoor (it turns out backdooring ciphers are more difficult than
expected). Yet after the AES report turns out the full of lies (
http://csrc.nist.gov/archive/aes/round2/r2report.pdf ), that additions are
more vulnerable to timing attacks then... table lookups, one should do some
critical self analysis.

That a cryptographer calls for some sort of self-analysis long after the
AES competition, the SHA-3 competition, basically after all the currently
accepted ciphers have become entrenched is alarming.

Each and every cryptographer seems to fail to understand what the US
intelligence community actually does. They truly do, they do not seem to
understand that for anyone of import, they'd develop biographies on people,
if one is important enough, they might create a psychological profile.

Maybe this sounds paranoid. But given that the greatest intelligence
scandals involve what is believed to be true to be absolutely false and
what is believed to be false to be absolutely true, paranoia is to be
expected if the state takes an interest in your profession.

And all cryptographers know that the state is interested in cryptography.
What about the constant struggles of cryptographers getting their papers
published in the seventies and eighties? Maybe only Dan Bernstein remembers
that he went to court just to publish his own cipher.

Naturally for Philip Rogaway, these issues came to a head after the Snowden
disclosures (I'm still waiting for the next drip). For anyone to discredit
themselves in the first paragraph of a forty-six page PDF is amazing.
Potentially if all cryptographers somehow manage to ignore this immense
logical failing is an indictment against the entire cryptographic
profession. Especially given that it is commonly accepted that mathematics
requires logic.

Truly Rogaway is the Chomsky of Cryptography. Chomsky will deny the
Cambodian holocaust and claim that oppression in the US "isn't that bad".

For anyone to run out and say they are taking on the elite without knowing
a damn thing about anything, I wish them a lot of luck.

I might as well post a modest suggestion: cryptographers should support an
FPGA integrated into the CPU or the ability to use integrated graphics for
cryptography. This would remove entrenchment of standards, and allow people
to pick their own ciphers. It's possible the AES-NI instructions were
developed after the NSA panicked at seeing AES usage in TLS drop rapidly
after the timing attacks were revealed. The AES-NI instructions are
overkill, and seem to take CISC too literally. One only needs,
mixcolumn+subbytes, subbyte, reverse+mixcolumn+subbytes, AESIMC and
subbytes instructions of 32-bit sizes each (no need for AESENC, AESENCLAST,
AESKEYGENASSIST, AESDECLAST, AESDEC, AESIMC), it would save one
instruction, and the instruction will use only one operand. The way the
AES-NI instructions are designed precludes usage for Rijndael with 256 bit
blocks, and it seems odd that the AES-NI instructions only accept data from
the XMM registers.

Rigidity should be viewed with suspicion.
"Therefore the clever combatant imposes his will on the enemy, but does not
allow the enemy's will to be imposed on him." -Sun Tzu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4681 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151205/f4ca06e3/attachment-0002.txt>

More information about the cypherpunks mailing list