2013.04.30 16:58:38 (329248432072056832) from Daniel J. Bernstein, replying to "Matthew Green (@matthew_d_green)" (329047848295493632):
Is the claim that the proofs are wrong, or that the indifferentiability definitions are bogus? Not clear at this point. @matthew_d_green
2013.04.30 03:32:13 (329045491658657796) from Daniel J. Bernstein:
Interesting: Luo and Lai (http://eprint.iacr.org/2013/233) claim that the security proofs for the SHA-3 finalist JH were all flawed.
2013.04.30 03:41:35 (329047848295493632) from "Matthew Green (@matthew_d_green)":
@hashbreaker These iterative proofs based on ideal components should be great candidates for machine aided proof techniques.