2021.09.09 17:19:51 (1435986315066019844) from Daniel J. Bernstein, replying to "azet (@a_z_e_t)" (1435968676868464645):
From https://competitions.cr.yp.to/caesar-call.html: "The submitter/submitters understand that the committee will not comment on the algorithms". Whatever misinformation you heard from some sore losers, maybe consider (1) engaging in basic fact-checking and (2) not hijacking unrelated threads? Thanks!
2021.09.09 01:22:34 (1435745406181273603) from Daniel J. Bernstein:
Let's review. 2016-2020: NSA doesn't admit its involvement in NISTPQC. 2020.07.22 15:03: First NSA message (https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/um_1oBVCtjU/m/vhTAdxp7BgAJ). 2020.07.22 22:51: NIST announces round 3 (https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/0ieuPB-b8eg/m/Cl7Ji8TpCwAJ). NSA now says: Use lattices (https://www.nsa.gov/what-we-do/cybersecurity/post-quantum-cybersecurity-resources/) and PLEASE TURN OFF ECC. https://twitter.com/mjos_crypto/status/1433443198534361101
2021.09.09 10:23:04 (1435881427795599364) from "mjos\dwez (@mjos_crypto)":
Note that NSA makes those decisions for National Security Systems (NSS) only. Outside the classified/military setting, they do not have authority. However, defence has a large purchasing power so this will affect especially hardware offerings. It's tempting to drop ECC hardware.
2021.09.09 14:17:18 (1435940374699151372) from Daniel J. Bernstein, replying to "mjos\dwez (@mjos_crypto)" (1435881427795599364):
NSA "actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs" to make them "exploitable". This goes far beyond military purchasing. See https://cr.yp.to/papers.html#dual-ec and Section 3.6 of https://cr.yp.to/papers.html#competitions.
2021.09.09 16:09:46 (1435968676868464645) from "azet (@a_z_e_t)":
reading the analysis on competitions; I remember CAESAR very well. I remember some of the teams becoming desperate with the process. no one knew about even a rough time line nor under which criteria algos were actually promoted. one rejection/review I've seen was sketchy at best.