The first proposed lattice-based cryptosystem was completely broken within 2 years of its announcement, which is an lovely harbinger of Kyber’s fate.

>>> There is a committee at TU/e charged by law with ensuring proper grading, and I have recently learned that claims by Mr. de Valence related to this topic have been formally investigated and rejected by that committee. Now that Mr. de Valence has issued public accusations, it would seem that a public resolution will be necessary, starting with Mr. de Valence making clear what exactly his accusations are.

He also points out that de Valence is himself likely guilty of academic misconduct based on his own admissions.

We have two people making contradictory statements. The only ways to resolve it are facts (which were presumably reviewed by the committee) and credibility. You clearly think de Valence is more credible because he’s one of your feline friends, and because your other feline friends accused Appelbaum of sexual crimes, and you hate that Bernstein worked with Appelbaum because in your mind a sexual abuse accusation is as good as guilt of sexual abuse.

de Valence chose the same credibility-destroying path as Lovecruft, Honeywell, et al. did: make serious accusations in the public sphere instead of letting our public institutions charged with addressing these type of accusations do their job. Wise people realize that you can’t be criminally charged for publishing a smear campaign online, but you can be criminally charged for filing a police report, and evaluate accordingly.

You’ve previously argued that “cryptosystems based on ring-LWE hardness have been worked on by giants in the field since the mid-1990s” and suggested this is a point in Kyber’s favor. Well, news flash, McEliece has been worked on by giants in the field for 45 years. It shows up in NSA’s declassified internal history book, though their insights into the crypto system are still classified to this day.

EDIT: Adding more to my post here because it would be hypocritical for you to complain:

1. I feel like given how I can make accurate predictions about Henry’s sphere of influence, that might gain me a little credibility: https://news.ycombinator.com/item?id=45495180

2. The reason I insulted you is because I know for a fact that when the mob came and demanded you shun and persecute someone, you caved.

The slides seem like a pretty nice summary of the 2015-era SafeCurves work, which you acknowledge elsewhere on this site (this thread? They all blend together) was based on good engineering.

Comments URL: https://news.ycombinator.com/item?id=45732025

Points: 4

# Comments: 0

“Apache chunked encoding is not exploitable” —- Dowd, 2002

In 2016, Isis Lovecruft was romantically involved with Jacob Appelbaum. Isis lost a coveted PhD student spot studying under Bernstein to… Jacob Appelbaum. Isis broke up with Jacob and accused him of sexual abuse in a spectacularly public manner.

Isis became romantically involved with Henry de Valence, another Bernstein PhD student. Valence became acquainted with Appelbaum. Later, under Isis’ direction, Valence published a wild screed full of bizarre accusations trying to get Appelbaum expelled and Bernstein fired. When this failed, Isis dumped Valence and publicly accused him of sexual abuse.

Isis Lovecruft is now married to Matthew Garrett. Obviously Matthew is going to work to discredit Bernstein, because if he fails, he knows what the next two steps are.

You’ve admitted you were “loudly wrong” when you announced Dual-EC couldn’t be an NSA cryptography backdoor. Snowden let us all know the NSA spends $250 million every year secretly convincing/bribing the private sector to use bad cryptography. Despite that history, you are still convinced there’s no way ML-KEM is an NSA cryptographic backdoor and that all the bizarre procedural errors in the PQ crypto contest are mere coincidences.

[checks my text messages] Lucy just texted me, Thomas. She’s outside waiting for you to kick her football.

You find it offensive now to compare ML-KEM and SIKE because SIKE was so thoroughly broken and demonstrated to be worse than pre-quantum crypto. But ML-KEM may already be broken this thoroughly by NSA and friends, and they’re keeping it secret because shipping bad crypto to billions of people enables SIGINT. The idea that your professional crypto acquaintances might be on the NSA’s payroll clearly disturbs you enough that you dismiss it out of hand.

Bernstein is proposing more transparency because that is what was promised after the Dual-EC debacle. Do you disagree with Bernstein because he advocates for transparency (which could prevent bad crypto shipping), or because of his rhetorical style?