The cr.yp.to microblog: 2020.04.19 00:32:19

2020.04.19 00:32:19 (1251639726819270656) from Daniel J. Bernstein, replying to "Yehuda Lindell (@LindellYehuda)" (1251636638322696193):

Can you please state clearly which metric you're using for the allegedly "huge" success of the "field of crypto"? You keep giving alleged examples but not stating the metric. Readers can't figure out if the metric sees, e.g., OpenSSL's upcoming emergency patch as a failure.

Context

2020.04.18 23:41:58 (1251627053054599169) from "Yehuda Lindell (@LindellYehuda)":

There are many examples. CCA security as a notion was ready well before Bleichenbacher and so could be used as a mitigation. The whole provable security methodology for padding, modes of encryption, key exchange has been very influential. Note that CCA was laughed at initially.

2020.04.19 00:02:44 (1251632282164539393) from Daniel J. Bernstein, replying to "Yehuda Lindell (@LindellYehuda)" (1251627053054599169):

Sorry, I'm still missing answers to my clarification questions. I understand your examples of deployed crypto, but I don't understand what metric is being used to declare the "huge" success of the "field", and I don't understand what you think you're disputing in what I wrote.

2020.04.19 00:18:42 (1251636300555444224) from "Yehuda Lindell (@LindellYehuda)":

I understand. Let me clarify - I wasn’t being clear at all (I see now). I disagree with what Diffie said as criticism. Doing clever things for that purpose ends up solving a lot of problems that we need solved many years later.

2020.04.19 00:20:03 (1251636638322696193) from "Yehuda Lindell (@LindellYehuda)", replying to "Yehuda Lindell (@LindellYehuda)" (1251636300555444224):

For example, hash based signatures was a clever idea aimed at proving that one way functions imply signatures. Now, it is seriously looked at for PQC. So, not everyone needs to look at real users and applications to do important work.