[tptacek]

Two things can easily be true: that NIST mishandled a FOIA request, and that there isn't especially good reason to accept on faith Bernstein's concerns about the PQC process, which is unrelated to how they handle FOIA.

Meanwhile: you haven't actually added any light to this subthread: the tweets we're talking about do not dismiss the suit. Cryptographic researchers that aren't stans of Daniel Bernstein (there are a lot of those) are also unhappy about NIST clowning up FOIA.

You are in a deeply weird and broken place if you think you can divide the world into "people who take what Daniel Bernstein says on faith" and "people who trust NIST". I don't know if you're in that place! But some people on this thread clearly are.

[onetimeusename]

You wrote a large number of comments on this so I am asking this here since it's fresh.

Can you comment on why you think djb thinks it is worth investigating if the NSA is attempting to destroy cryptography with weak pqc standards? I read through some of the entries NIST just announced and there are indeed attacks, grave attacks, that exist against Kyber and Falcon. I have no reason to believe the authors of those specs work with the NSA. Wouldn't a more reasonable conclusion be that we need to do more work on pqc? Maybe I have it wrong and he is just trying to rule out that possibility but his long rant which was 80% about NIST and their history with the dual EC backdoor really points at djb concluding the NSA is deliberately trying to weaken crypto by colluding with a bunch of people who probably don't care about money or the NSA's goals that much.

[tptacek]

You'd have to ask Bernstein. I think it's helpful to take a bit of time (I know this is a big ask) to go see how Bernstein has comported himself in other standards groups; the CFRG curve standardization discussion is a good example. The reason I said there's a lot of eye-rolling about this post among cryptographers is that I think this is pretty normal behavior for Bernstein.

I used to find it inspiring; he got himself crosswise against the IETF DNS working group, which actively ostracized him, and I thought the stance he took there was almost heroic (also, I hate DNSSEC, and so does he). But when you see that same person get in weird random fights with other people, over and over again, well: there's a common thread there.

Is it worth investigating whether NSA is trying weaken PQC? Sure. Nobody should trust NSA. Nobody should trust NIST! There's value in NIST catalyzing all the academic asymmetric cryptography researchers into competing against each other, so the PQC event probably did everybody a service. But no part of that value comes from NIST blessing the result.

It's probably helpful for you to know that I think PQC writ large is just a little bit silly. Quantum computers of unusual size? I don't believe they exist. I think an under-appreciated reason government QC spending happens is because government spending is a goal in and of itself; one of NSA's top 3 missions is to secure more budget for NSA --- it might even be the #1 goal. Meanwhile, PQC is a full-employment program for academic cryptographers working on "Fun" asymmetric schemes that would otherwise be totally ignored in an industry that has more or less standardized on the P-curves and Curve25519.

Be that as it may: whether or not NSA is working to "weaken" CRYSTALS-Kyber is besides the point. NSA didn't invent CRYSTALS. A team of cryptographers, including some huge names in modern public key crypto research, did. Does NSA have secret attacks against popular academic crypto schemes? Probably. You almost hope so, because we pay them a fuckload of a lot of money to develop those attacks. But you can say that about literally every academic cryptosystem.

You probably also don't need me to tell you again how much I think formal cryptographic standards are a force for evil in the industry.

[onetimeusename]

ok, thanks. I didn't know that about djb's history as far as picking fights with standards groups. I don't know much about him outside of the primitives he designed. That makes some sense in context now because the implication just seemed like a stretch. Cryptosystems break and have flaws in them, that's nothing new. It's just strange to leap to "The NSA did it", but again, I didn't know he just tends to accuse people of that.

I agree about the PQC stuff and committees. Anyways, thanks for clarifying this.

[tptacek]

Just bear in mind that this is just opinions and hearsay on my part. Like, I think there's value in relaying what I think I know and what I've heard, but I'm not a cryptographer, I paid almost no attention to the PQC stuff (in fact, I pretty much only ever swapped PQC into my resident set when Bernstein managed to start drama with other cryptographers whose names I knew), and there are possibly other sides to these stories. I've seen Bernstein drama where it's pretty clear he's deeply in the wrong, and I've seen Bernstein drama where it's pretty clear he wasn't.

The suit is good. NIST isn't allowed to clown up FOIA; they have to do it right.

[throwaway654329]

I am definitely not in that place. We clearly disagree on a few points.

The issues raised in the blog post aren’t just about NIST mishandling the FOIA. By reducing it to the lawsuit, this is already a bad faith engagement.

The blog post is primarily about the history of NSA sabotage as well as contemporary efforts, including (NIST’s) failures to stop this sabotage. Finally it finishes the recent history by raising that there are mishandling issues in the pq-crypto competition. The lawsuit is at the end of a long chronological text with the goal of finding more information to extend the facts that we know. This is a noble goal, and it’s hard to accept any argument that the past in this area hasn’t been troubled.

Weirdly there is an assumption made immediately by Filippo, made without basis in fact: he supposes Bernstein somehow lost the contest and that this is his motivation for action. Bernstein hasn’t lost, though some structured lattices have won. He still has submitted material in the running as far as I understand things. None the less we see that Filippo tells us the deepest internal motivations of Bernstein, though we don’t learn how he learned these personal secrets. This is simply not reasonable. Maybe it could be phrased as a question but then the rhetorical tool of denying questions as a valid form of engagement would start to fade away.

Back to the core of the tweets: One of the two says he hopes he wins the suit, the other says he’s doing it wrong. We could read that as they’re both hoping he wins, and yet… it’s hard to believe when the rhetoric centers around Bernstein’s supposedly harmful rhetoric in the blog post and lawsuit as being harmful to the community at large.

Bernstein isn’t attacking a singular person as Filippo is attacking Bernstein. Filippo even includes a meme to drive home the personal nature of the attacks.

For me personally, I used to find this meme funny until I learned the history of the meme. This strikes me as blind spot, my very own once. The context and history of that meme and that scene is dark.

So then, here is some light for you: This meme is a parody from a comedy. In turn it is a parody of a famous scene from a film portraying John Nash. It’s about a very famous mentally ill mathematician. Nash in this scene is the iconic, quintessential conspiracy theorist insane person once considered a genius. Nash is drawing connections that aren’t there and that aren’t reasonable. He was deeply mentally ill at that point in his life. That is a brutal thing to say in itself about anyone, but… it gets worse.

Nash was also famously a virulent antisemitic in some of his psychological breaks and outbursts. I don’t hold him responsible for his ravings as he was a paranoid schizophrenic, but wow I would not throw up that specific meme at a (Jewish) mathematician while implying he’s a crazy conspiracy theorist. It’s some really gross mental health hate mixed with ambiguity about the rest. It could be funny in some contexts, I suppose, but not this one.

So in summary: that is a gross meme to post in a series of ad-hominem tweet attacks calling (obviously Jewish family name) Bernstein a conspiracy theorist, saying he is making obviously crazy, baseless connections. The root of his concern is not insane and ignoring the history of sabotage in this area by NSA is unreasonable.

I assume this meme subtext is a mistake and it wasn’t intended as antisemitic. Still after processing the mental health punching down part of the meme, I had trouble assuming good faith about any of it. Talk about harmful rhetoric in the community.

I also note that they attack him in a number of other bad faith ways which make me lose my assumption of good faith generally about their well wishing on his lawsuit being successfully.

Meanwhile, I don’t take Bernstein on faith. I find his arguments and points in the blog post convincing. I find his history of work in the public interest convincing. I don’t care about popularity contests or personal competition. Meanwhile you say you’re not following the contest.

Corruption of NIST and other related parties isn’t just possible, we know it has happened. We should be extra vigilant that it doesn’t repeat. FOIA is a weak mechanism but it’s something. Has any corruption or sabotage happened here? We don’t know yet, and more important NIST have promised transparency that they haven’t delivered. A promise is a good start but it’s not sufficient.

NIST have slipped their own deadlines, they have been silent in concerning ways, and they’re still failing to provide critical details about the last round of NSA sabotage that directly involved NIST standardization.

[tptacek]

I just want to jump back here for a second, because when I responded to this comment last night, I hadn't really read it (for I think obvious reasons, but also I was watching Sandman). So I wrote some replies last night that I'm not super proud of --- not because I said anything wrong, but because I didn't acknowledge the majesty of the argument I had been confronted with.

This right here is a comment that makes the following argument, which I will helpfully outline:

* Filippo Valsorda wrote a tweet that included a meme from "It's Always Sunny In Philadelphia"

* That meme is a parody of "A Beautiful Mind"

* "A Beautiful Mind" is about John Nash --- hold on to that fact, because the argument is about to bifurcate

* John Nash was mentally ill

* John Nash was virulently anti-semitic (hold on to your butts...)

* Ergo, Filippo Valsorda is both bigoted against the mentally ill, and also an anti-semite.

Can we do other memes like this? I'd like your exegesis of the "Homer Simpson dissolves backwards into the hedges" meme next!

[throwaway654329]

> … I didn't acknowledge the majesty of the argument I had been confronted with.

Gee, thanks, I think. Sorry to say we don’t agree on your summary of my comment.

> Filippo Valsorda wrote a tweet that included a meme from "It's Always Sunny In Philadelphia"

From this, we already have serious disagreements. It’s part of a series of tweets amplified by others. It isn’t a single tweet in isolation even when we only look at the direct author. We do agree on the source of the clip, though I think you weren’t familiar with the background of the subject parodied in the clip as I raised it. Perhaps you do not believe it or perhaps you think that the parody somehow erases what was parodied originally. Reasonable people can read it many ways.

> That meme is a parody of "A Beautiful Mind"

There are many memes with text included, though this was a video, and it seems clearly a parody of Nash from that film. Here is one example meme that I did not create: https://me.me/i/mathematician-john-nash-during-a-schizophren...

> John Nash was mentally ill

Yep. The implication of using such a meme to punch down is mirrored in the words of the related tweets calling him a conspiracy theorist. This wasn’t as you tried to say, a single tweet, it’s presented in a context that is harsh, and condemning.

> John Nash was virulently anti-semitic

Maybe, it’s unclear if it was a byproduct of his mental illness or a sincerely held belief. It’s a third rail, regardless. I won’t hold a mentally ill person accountable for stuff they say during an episode, and I also won’t use it as a joke.

> Ergo, Filippo Valsorda is both bigoted against the mentally ill, and also an anti-semite.

This isn’t my claim. My claim is that it’s completely inappropriate on many levels to post not only that meme but to use it in tandem with direct personal attacks on Bernstein. This seems especially relevant in a thread supposedly about damaging behavior of other people in the community.

I would prefer you don’t cover for mental health stigmatization or antisemitic dog whistling even a tiny bit, especially if it was not intended. Painting me as crazy for my analysis is shitty. You asked me to bring some light and then attack me for sharing my actual thoughts. You didn’t acknowledge my insight about Jewish names, either. Was that news to you? Dismissively omitting anything about that insight is weird.

Please leave no room for ambiguity here, it is a very dangerous time in the world, and in America, especially after the Tree of Life murders. There are many many other examples of terrible stuff like that - and anything that even remotely smells like that must be immediately challenged in my view. No doubt this personal context makes myself and others extra sensitive. That is exactly why I explained my understanding of the meaning.

I am happy to provide an analysis of Homer Simpson memes in context if it can help us break the ice and not end this thread on hard or hateful terms.

[tptacek]

"Crazy" is not the word I would use about what you've written here. It is unlikely you and I are going to have any productive dialog after this, which is totally fine; I'm happy to disengage here.

[throwaway654329]

Okay, I’m happy to disengage as well. Thank you for your time and also for your insight.

[tptacek]

There's nothing "bad faith" about it. The tweet is supportive of the lawsuit, and not supportive of Bernstein's weird, heavily-telegraphed, long-predicted claims that a NIST contest he opted to participate in was corrupted by dint of not prioritizing his own designs.

Your bit about the "obviously Jewish family name" thing is itself risible, and you should be embarrassed for trying to make it a thing.

[throwaway654329]

Your augment that the selection doesn’t pick his designs doesn’t square with SPHINCS+ winning, and with others remaining in the running. His former PhD student won with Kyber. Bernstein did very well here and you’re misleading people by suggesting he had his ass handed to him.

He has published (and it is linked from the blog) his views on how to run cryptographic contests before their recent selection finished (late). His comments are not simply the result of the round three announcement.

As to the offensive meme, I note that you don’t even dispute the punching down about mental health. Gross.

Bernstein is a German-Jewish name. These names were given and in some cases forced on people in history to give a signal to others, usually negative. This is a hint, not a fact of his beliefs. My understanding is that he does come from a Jewish family. I won’t presume to speak for Bernstein’s beliefs, just that I see something obviously tense and probably wrong.

It’s your choice to not care to comment about the antisemitic connotations that I raised. My point was that for some people this is impossible to not see. It is highly offensive given the context. Now I understand that you refuse to do so when shown. Also extremely gross.

[tptacek]

I didn't even notice a "punching down about mental health" thing. You wrote a long comment, I skimmed it. Your allegation that Filippo and Matt Green are antisemitic is ludicrous.

I didn't say Bernstein had his ass handed to him. I said that he wrote thousands and thousands of words about his reasons to mistrust NIST (not just here but elsewhere, and often), but still participated in the PQC contest, raising these concerns only at its conclusion.

[throwaway654329]

> I didn't even notice a "punching down about mental health" thing. You wrote a long comment, I skimmed it.

That tracks, okay. It’s the weekend and I’m a nobody on the internet. Thank you for talk the time to continue to engage with me.

> Your allegation that Filippo and Matt Green are antisemitic is ludicrous.

That isn’t an allegation that I am making, you are misunderstanding and misrepresenting my statements. My comment even disclaimed that this probably isn’t intentional, merely that it is one read of that meme. My core point is this: posting that meme is unhelpful in a thread about Bernstein’s supposedly harmful behavior. Maybe you think it’s a funny joke, I don’t.

Either way - funny joke or not - it certainly isn’t a healthy discourse for “the community” to call someone names and to dismiss them as some kind of unhinged conspiracy theorist.

> I didn't say Bernstein had his ass handed to him.

Indeed, I did not claim to quote you there. I am characterizing your words into what I understand as your point. Let’s call this “the sore loser discourse” - it is repeated in this thread by others. It seems to be implied by my read when you say: “…he opted to participate in was corrupted by dint of not prioritizing his own designs.” I preemptively acknowledge that I may have misunderstood you.

What do you mean to convey by “dint of not” roughy? Don’t SPHINCS+ (Standardized in round three) and Classic McEliece (still in the running) count as prioritizing his designs? Also, what is wrong with participating in this standardization process? He seems to be unhappy with NIST before, and during the process, and with ample cause. By participating, it’s clear he has learned more and by winning parts of the competition, he’s not a sore loser.

If he wasn’t a part of this competition, people would probably dismiss his criticism as simply being outside. It’s harder to dismiss him if he is part of it, and even harder when his submissions win. It isn’t a clean sweep, but it’s lifetime achievement levels for some people to have a hand in just one such algorithm, selected in such a process. He has a hand in several remaining submissions as far as I understand the process and the submissions.

> I said that he wrote thousands and thousands of words about his reasons to mistrust NIST (not just here but elsewhere, and often),

So you note he has been saying these things for a long time. On that we agree.

> but still participated in the PQC contest,

You go on to note that he then participated in the process. He is documented in his attempts to use the process tools to raise specific issues and to try to have them settled by NIST as promised, with transparency. NIST has failed to bring that transparency.

Confusingly (to me anyway) your next statement continues with a contradiction:

> raising these concerns only at its conclusion

Which is it? Was he constantly raising these issues or only raising them at the end (of round three)?

Alternatively I could read this as “at its (the blog post) conclusion” which would be extremely confusing. I presume this isn’t what you meant but if so, okay, I am really missing the point.