Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="vrC7pxoCwugS8tdh" --vrC7pxoCwugS8tdh Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Mike Hamburg writes: > Is anyone here treating SIKE unfairly? Yes. For a discussion of what's unfair here (given the evidence available), see, e.g., my email dated 23 Jun 2022 21:19:45 +0200, especially the initial paragraphs not quoted in your reply. > I thought everyone in the discussion had agreed that SIKE shouldn=E2=80= =99t be > penalized based on this paper. Really? Where? I don't see where various unjustified anti-SIKE snipes have been withdrawn (see, e.g., the quote in the second paragraph in the message mentioned above). I don't see any protections against the damage caused by the "attacks on SIKE" naming. Also, this list isn't an island; I still see https://www.hertzbleed.com saying "attack on SIKE". More to the point, we've still seen no comments from NIST. What assurances are there that NIST won't immediately take an "attack on SIKE" as a negative for SIKE, possibly even negative enough to push SIKE under the water line for surviving past the end of round 3? It takes extra work to investigate and realize that the available evidence does _not_ support the natural reaction to an "attack on SIKE". People confident that SIKE is going to make it anyway (or confident that it has drowned already!) _could_ be right. But maybe NIST was thinking "Hmmm, speedups seem to have stalled, applications seem to prefer lattices, not sure SIKE is useful to keep around, but we do like the arguments for SIKE's side-channel resistance"---and then what happens when suddenly there's a side-channel "attack on SIKE"? > > Since Mike has decided to issue an incorrect public characterization of > > an off-list discussion, I believe I'm authorized to give quotes > > disproving this characterization. > Really? You believe that since I said the discussion "went nowhere" > (this is, by the way, an accurate characterization) that you are > =E2=80=9Cauthorized=E2=80=9D to selectively quote from a multi-thousand w= ord off-list > discussion? This is an inexcusable breach of etiquette and you > know it. Publish a false characterization of an off-list discussion, and then complain about "an inexcusable breach of etiquette" when there's a response giving quotes disproving the characterization? And, as icing on the cake, repeat the same false characterization, not addressing the glaring contradiction with the quotes? Impressive. Regarding the false claim that triggered the discussion ("It quite clearly had a more specific meaning many of the times you used it"), I don't see where a defense has been laid out for this claim. The actual usage of the word "constant" in all of my messages in this thread is normal in discussions of defenses against timing attacks, and (just in case the reader isn't already familiar with it) also noted in the first message the first time the word is used: "Running the CPU at a constant speed, independent of the data being processed, is the obvious, straightforward, auditable way to eliminate this problem" etc. I'm baffled by now seeing convoluted attempts to argue that the text actually has three different possible readings. Structurally, arguing that other readings are _possible_, or even _plausible_, is failing to allege any problems with the simple, straightforward reading of the text as writing "constant" to mean "independent of the data being processed", and is failing to support the claim that the text "quite clearly" meant something else. ---D. J. Bernstein --=20 You received this message because you are subscribed to the Google Groups "= pqc-forum" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to pqc-forum+unsubscribe@list.nist.gov. To view this discussion on the web visit https://groups.google.com/a/list.n= ist.gov/d/msgid/pqc-forum/20220627010959.1008897.qmail%40cr.yp.to. --vrC7pxoCwugS8tdh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3QolqQXydru4e4ITsMANTjsOVFkFAmK5A2YACgkQsMANTjsO VFmMoA/8CNFtRM+o4cFoLpLDvclL4/qZTgG52C0M9o4iZKOTp6WS+k8eiHdLQEPX ytahgBkTtOX48xRuuG2Oh4IcrN3kDdAA575XE93mKutFhqto1fBRdWZ7HMQUS5G2 Z5Knvxz2JkZZLZ0alUV2xjt9zedNCDF4Wu1P5AhcMzCAu3qxlGv9R11Ag/OZLp7V 44Z7CFVLOXw7HANy7YaLZUo/NINJFZd23oKzk3LUbUvGGBh14ZlO52SpnHeygxMN ziOGyLv/lT6o0p4qJlERWvlKsFSSMsqre3UgeDyAyoTy80mjde8kNVgMnoG55xhf ryRPv8zynfrCENetoMVANxV4Nud41yH85dB5kn3EsYD7Hr4+Vsks5O7Re3aFOTcm 2vKiV9R+NLeUIBMt28uB/7+bkcjt82MoE8/2MRJERFh48UC+3cT2zFHOm6BHtNaH lsz1jGiJkwlCvpkk4F5UNAmrmMTNBhCeRGi6WqOqrHWMmSW1dsTOq5dfE1KZwZ+y v1HyaScEJKFOfyUxHbUyUZ8SFGUJo04cjUDPae+mVfttZ/tytXPrhXyFYz8G3arR +JRNg8mpl7kX66P0hohxjAYYMp+JdmqDwdx2uR7KF04tIgms/eb1825YMzUDAWH9 NCJn3WHLMAQvIBAIxWFagXIcaQRorHwJRm22+Mah8qw0AwMLa+k= =3sMk -----END PGP SIGNATURE----- --vrC7pxoCwugS8tdh--