this post was submitted on 20 Dec 2023
18 points (100.0% liked)

technology

22683 readers
1 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 4 years ago
MODERATORS
 

So we all know NIST is being puppeteered by the NSA, specifically in regards to quantum-secure encryption, which means you probably can't use that in certain situations. What are non-14-eye governments doing with encryption? Does anyone have any interesting sources or names of algorithms or anything that can help in this regard?

top 8 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 11 months ago

Frankly, your best bet would either be, say, the Russian Federation or China if you wanted privacy from the 5 Eyes or 14 Eyes or however they've expanded since starting.

But even then, I don't think that non-AES or non-CIS countries are out of the question.

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago) (1 children)

Are you trying to start a website?

Edit: Or web service or social media service or what have you?

[–] [email protected] 5 points 11 months ago* (last edited 11 months ago) (2 children)

Not planning anything, I was just curious about cryptography in RF or PRC. We all use symmetric and asymmetric cryptography approved by the NSA, but we rarely hear of Russian or Chinese (or any other country's) algorithms. The closest I've got was looking at GOST and specifically Kuznyechik, and not very closely. I thought someone else might have had an interest in this like I did, who is more advanced and could point me in the right direction.

So there's GOST for Russian standards and there's SM2/SM3/SM4 (ShangMi) for China's standards (westists seething).

[–] [email protected] 5 points 11 months ago

I am very much thinking of this as well.

I want to start my own website and possibly a web community as well.

And, of course, I'm wondering what to use or what I should know to possibly protect myself.

But no, I'm not advanced on this subject.

[–] [email protected] 5 points 11 months ago

I've also been looking at Chinese vendors for cryptographic hardware accelerator modules, but they all just implement NIST specs.

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago) (1 children)

at least for web stuff I don't think they're using anything that isn't also broadly implemented in the west. Nothing that I've seen anyhow, I am also not a china/russia expert. Approved by NIST doesn't mean developed by NIST, they're just standard algos with a government stamp of approval for certain uses. Though NIST definitely does influence the development of some ciphers/implementations, so its worth being skeptical.

I did a little research and didn't find any prominent english language mentions of quantum-resistant ciphers that weren't developed in western aligned countries. But of what I did see NTRU seems like mayyybe the least-sus one since it was developed by mathematicians originally not crypto people, and was so early to the quantum party (1996) that I haven't found reference to NIST influencing its development like I did for several others.

Anyhow I wouldn't assume that NIST approved crypto is always compromised, just do your own research on specific ciphers, there will probably be some nerd out there criticizing them if they were really weakened by nist

[–] [email protected] 4 points 11 months ago* (last edited 11 months ago) (1 children)

Anyhow I wouldn't assume that NIST approved crypto is always compromised, just do your own research on specific ciphers, there will probably be some nerd out there criticizing them if they were really weakened by nist

Yeah there is a nerd criticizing them 😭😭😭 which is why I posted this

I'll have a look at NTRU, thank you.

Regarding web stuff I know China pushes its own ciphers, I'm gonna read up on them later™.

[–] [email protected] 2 points 11 months ago

damn I didn't realize china had their own TLS ciphers and everything, pretty neat. I haven't seen any substantive criticism of SM4 or its associated hashing function, etc.

Looking into it I found one or two fearmongering sources that go "this is chinese, the ietf only included it for compatibility, DONT USE IT", and a bunch of cryptanalysis papers, mostly from Chinese authors (but written in perfect english which is neat) that seem great but I don't have the expertise to evaluate them in any way.

given that SM4, etc were classified until 2006, a lot of what's cutting edge now is probably classified.

I did find this though: https://en.wikipedia.org/wiki/SM9_(cryptography_standard) which is pretty interesting. I don't know if it's completely novel encryption techniques or if it uses an existing cipher under the hood but regardless very interesting stuff