| My notes: 1- Competitions should not reduce security for the speed. 2- We need a portfolio of winners, not one winner. 3- Put the experts onto the selection committee. 4- The world has a limited number of cryptographic experts capable of carrying out, and willing to carry out, "public" security analysis. 5- The design of DES takes 17 man-years works and 6 years R&D by IBM and NSA. 6- Narrowing the encryption problem to a single, influential algorithm might drive out competitors, and that "would reduce the field that NSA had to be concerned about". 7- NSA primary mission has always been signals intelligence. 8- What if NIST/NSA know a weakness in 1/10000000 elliptic curves? 9- F^^k publish or perish. 10- We need Boring crypto, crypto that simply works, solidly resists attacks, never needs any upgrades. djb is top expert in high speed cryptography. He was writing a book[1] on this topic, but I can't find his book. What happened to this book? PS. It seems he prefers Serpent to Rijndael! [1] https://cr.yp.to/highspeed.html |