Edward Parker and Michael Vermeer want a contest!<\/p>\n
NIST [U.S. National Institute for Standards and Technology] and others in the cryptography community are carefully analyzing several PQC [post-quantum cryptography] algorithms to try to catch any potential vulnerabilities. But it\u2019s almost impossible to mathematically prove the security of most cryptography algorithms. In practice, the strongest evidence<\/a> for an algorithm\u2019s security is simply that\u00a0many experts have tried and failed to break it. The more people try to attack the new PQC algorithms and fail, the more likely it is that they are secure.<\/p>\n
One possible option for further crowdsourcing the analysis of NIST\u2019s final candidate PQC algorithms would be a contest in which the general public is invited to try to break them. As hundreds of companies<\/a>\u00a0that offer public bug bounties have discovered, crowdsourced penetration testing can be a very useful tool for improving cybersecurity. The U.S. Departments of Homeland Security<\/a> and Defense<\/a> have also recently experimented with offering bug bounties to anyone who discovers cyber vulnerabilities in the departments\u2019 systems. A public contest certainly can\u2019t replace a mathematical security analysis, but it could be a useful complement that provides additional evidence of the algorithms\u2019 security. [Lawfare<\/strong><\/a>]<\/em><\/p><\/blockquote>\n
Parker and Vermeer address and repudiate the usual objections to such a contest, and I tend to agree – let “the public,” a necessarily self-selecting group of mathematicians, both professional and amateurs, have a go at it. Both cash and notoriety will accrue to anyone who actually finds a weakness in any of the algorithms.<\/p>\n
And may result in the development of new mathematical techniques and tools. Win-win?<\/p>\n","protected":false},"excerpt":{"rendered":"
Edward Parker and Michael Vermeer want a contest! NIST [U.S. National Institute for Standards and Technology] and others in the cryptography community are carefully analyzing several PQC [post-quantum cryptography] algorithms to try to catch any potential vulnerabilities. But it\u2019s almost impossible to mathematically prove the security of most cryptography algorithms. \u2026 Continue reading