1. 7

  2. 2

    Great post from djb. Deep dive into algebraic cryptanalysis of DSA, ECDSA, and discussion as to why EdDSA is mostly unaffected (and thus the Minerva vulnerability publishers were overhyping themselves).

    Really cool to see linear algebra behind cryptanalyzing DSA lead into lattice crypto, and then into LPN, LWE, and HNP hardness assumptions! That kind of blew my mind.

    Last paragraph opens with

    I see cryptography as a basic operating-system service, just like access to network cards. We don’t, and we shouldn’t, write network-card drivers in many different application languages; we write them in a few network-card-driver languages, and on top of this we provide simple networking abstractions to the designers of other languages, who in turn provide various higher-level networking abstractions to applications.

    Which is an interesting way to say “don’t roll your own crypto.” As awesome as djb is at designing and implementing cryptosystems, I fear a world where all crypto is written by one person/team (Ed25519 ChaCha/Salsa poly1305 …) and obviously that’s not where we are, but we’re not that far off either.