1- Competitions should not reduce security for the speed.
2- We need a portfolio of winners, not one winner.
3- Put the experts onto the selection committee.
4- The world has a limited number of cryptographic experts capable of carrying out, and willing to carry out, "public" security analysis.
5- The design of DES takes 17 man-years works and 6 years R&D by IBM and NSA.
6- Narrowing the encryption problem to a single, influential algorithm might drive out competitors, and that "would reduce the field that NSA had to be concerned about".
7- NSA primary mission has always been signals intelligence.
8- What if NIST/NSA know a weakness in 1/10000000 elliptic curves?
9- F^^k publish or perish.
10- We need Boring crypto, crypto that simply works, solidly resists attacks, never needs any upgrades.
djb is top expert in high speed cryptography. He was writing a book[1] on this topic, but I can't find his book. What happened to this book?
My notes:
1- Competitions should not reduce security for the speed.
2- We need a portfolio of winners, not one winner.
3- Put the experts onto the selection committee.
4- The world has a limited number of cryptographic experts capable of carrying out, and willing to carry out, "public" security analysis.
5- The design of DES takes 17 man-years works and 6 years R&D by IBM and NSA.
6- Narrowing the encryption problem to a single, influential algorithm might drive out competitors, and that "would reduce the field that NSA had to be concerned about".
7- NSA primary mission has always been signals intelligence.
8- What if NIST/NSA know a weakness in 1/10000000 elliptic curves?
9- F^^k publish or perish.
10- We need Boring crypto, crypto that simply works, solidly resists attacks, never needs any upgrades.
djb is top expert in high speed cryptography. He was writing a book[1] on this topic, but I can't find his book. What happened to this book?
PS. It seems he prefers Serpent to Rijndael!
[1] https://cr.yp.to/highspeed.html