The microblog: 2020.04.18 23:49:10

2020.04.18 23:49:10 (1251628864159137793) from Daniel J. Bernstein, replying to "Thaddée Tyl (@espadrine)" (1251513083727687680):

The community doesn't (and doesn't want to!) systematically filter crypto through competitions, and doesn't catch all weaknesses in submissions to competitions. Rijndael's table-lookups-are-constant-time mistake wasn't publicly caught until years after AES standardization.


2020.04.18 16:09:05 (1251513083727687680) from "Thaddée Tyl (@espadrine)":

The perverse incentives are counterbalanced by virtuous cycles, too. Take the competitions (AES, SHA, CAESAR): if you are too weak, a competitor will get you eliminated by publishing the weakness. And all competitors want to win.