[3084] in cryptography@c2.net mail archive
Re: DES Applicability Statement for Historic Status
daemon@ATHENA.MIT.EDU (C Matthew Curtin)
Sun Jul 26 18:34:44 1998
Date: Sun, 26 Jul 1998 16:44:05 -0400 (EDT)
From: C Matthew Curtin <cmcurtin@interhack.net>
To: "William Allen Simpson" <wsimpson@greendragon.com>
Cc: Marc Horowitz <marc@cygnus.com>, cryptography@c2.net
In-Reply-To: <7427.wsimpson@greendragon.com>
Reply-To: cmcurtin@interhack.net
>>>>> "William" == William Allen Simpson <wsimpson@greendragon.com> writes:
William> But other folks would not listen. Other folks would not even
William> let us proceed to make Triple DES a Proposed Standard,
William> forcing it to be published as "Experimental" instead.
This isn't surprising.
An article I coauthored, which was published in a special issue of
;login:, was rejected as a refereed paper for the USENIX Security
Symposium. In it, we said that each crack from here on out would only
be done with less expense and/or less time. Among the complaints
against our paper was this:
Page 5 -- Your assertion that targets worth more than $10,000 are
now very vulnerable to this attack is false. A second Internet
challenge would draw less support, as would one that appeared to
be a real attack on someone's secrets.
A comparison of the rate with which the second crack of a DES-
encrypted message proves the point that we made.
I was *sure* that our assertion was correct. I was angry that an
anonymous referee made a counterclaim with no ancillary references,
and held that against us. After all, it was *our* research, and who
was *he* to make such a bald claim?
A very unfortunate series of events took place, which caused me to
completely miss "Financial Cryptography '97" conference CFP, which
would probably have been the best place to have our paper published
formally. In the end, it never was, and USENIX carried it
informally. A copy is now available on my web site.
It's very difficult for me to articulate my level of disappointment.
What I thought to be (and what another of the Security Symposium
referees called) `a significant piece of history in cryptography'
seemed to be reduced to a project whose results would go unpublished
in the research journals.
I spent a lot of time thinking about this.
At (long) length, I've decided that advances (or observations of the
state of an art) that go against "conventional wisdom" will have
difficulty being published in peer-review circles, including
conferences, IETF documentation, etc., until enough people are
convinced that "conventional wisdom" will at least be viewed with some
skepticism by enough in the field to make a difference.
It means that when we discover that we're doing stupid things, we're
going to keep on doing stupid things until more than one (or two)
obscure researchers or groups draw attention to the fact.
This can be dangerous, because we might not understand certain
vulnerabilities as well as we should, or take them as seriously as we
ought, for a time.
But we need to have faith in the process of peer review. It is, after
all, how we weed out snake oil and nonsense. Even if it means
frustration and disappointment for us[*] individually in the short
term.
[* Especially those of us whose reputations have yet to be firmly
established.]
--
Matt Curtin cmcurtin@interhack.net http://www.interhack.net/people/cmcurtin/
