The microblog: 2022.07.06 01:01:31

2022.07.06 01:01:31 (1544456469038645248) from Daniel J. Bernstein:

Looks like NIST didn't actually nail down the patent buyouts before announcing Kyber's selection, so now the patent holders have even more power. But, wait, NIST's expert negotiators say that they "may consider" switching to NTRU if agreements aren't signed "by the end of 2022".

2022.07.06 01:13:53 (1544459581312471040) from Daniel J. Bernstein:

Can someone point me to where NIST's new report explains why they didn't simply select NTRU back in 2021? Is it the part where NIST says it finds the MLWE problem "marginally more convincing" than the NTRU problem? "Marginally" justifies leaping straight into a patent minefield?

2022.07.06 01:18:36 (1544460769642758144) from Daniel J. Bernstein:

Aha, clearly this is the explanation: "A significant factor in the decision to choose KYBER over NTRU was NTRU’s performance". But wait: the same report says "KYBER, NTRU, and Saber ... Most applications would be able to use any of them without significant performance penalties."

2022.07.06 01:36:35 (1544465294214672389) from Daniel J. Bernstein:

"Issues relating to patents were a factor in NIST’s decision during the third round as NIST became aware of various third-party patents." Actually, the CNRS patent and the Ding patent and several other patent threats were on NIST's web site in 2018, long before the third round.

2022.07.06 01:42:15 (1544466717870436357) from Daniel J. Bernstein:

"NIST negotiated with several third parties to enter into various agreements to overcome potential adoption challenges posed by third-party patents." Where does the report evaluate the delay involved in (maybe) getting this done, and the security damage caused by this delay?

2022.07.06 01:45:11 (1544467458144157697) from Daniel J. Bernstein:

"An evaluation factor is whether a patent might hinder adoption of the cryptographic standard." Compare to the original call (emphasis added): "it is CRITICAL that this process leads to cryptographic standards that can be freely implemented in security technologies and products."

2022.07.06 01:53:45 (1544469614133800960) from Daniel J. Bernstein:

While all of this is going on: SLURRRRRRRRRRRRRRRRRRRRRRRRRP [that's the actual sound, amazingly the same everywhere around the world, of month after month of user data being systematically intercepted and recorded by the espionage agencies for various out-of-control governments]