1. 4

Abstract. This paper presents an attack against common proceduresfor comparing the size-security tradeoffs of proposed cryptosystems. Theattack begins with size-security tradeoff data, and then manipulates thepresentation of the data in a way that favors a proposal selected by theattacker, while maintaining plausible deniability for the attacker.As concrete examples, this paper shows two manipulated comparisons ofsize-security tradeoffs of lattice-based encryption proposals submitted tothe NIST Post-Quantum Cryptography Standardization Project. One ofthese manipulated comparisons appears to match public claims made byNIST, while the other does not, and the underlying facts do not. Thisraises the question of whether NIST has been subjected to this attack.This paper also considers a weak defense and a strong defense that canbe applied by standards-development organizations and by other peoplecomparing cryptographic algorithms. The weak defense does not protectthe integrity of comparisons, although it does force this type of attackto begin early. The strong defense stops this attack.

Keywords: back doors, NSA, NIST, NISTPQC, category theory

    1. 1

      Available documents and news stories strongly suggest that Dual EC was part of a deliberate, coordinated, multi-pronged attack on this ecosystem: designing a PRNG that secretly contains a back door; pub- lishing evaluations claiming that the PRNG is more secure than the alternatives; influencing standards to include the PRNG; further in- fluencing standards to make the PRNG easier to exploit; and paying software developers to implement the PRNG, at least as an option but preferably as default. —“Dual EC: a standardized back door”