Paper 2023/1838

Quantifying risks in cryptographic selection processes

Daniel J. Bernstein
Abstract

There appears to be a widespread belief that some processes of selecting cryptosystems are less risky than other processes. As a case study of quantifying the difference in risks, this paper compares the currently-known-failure rates of three large groups of cryptosystems: (1) the round-1 submissions to the NIST Post-Quantum Cryptography Standardization Project, (2) the round-1 submissions not broken by the end of round 1, and (3) the round-1 submissions selected by NIST for round 2 of the same project. These groups of cryptosystems turn out to have currently-known-failure rates that are strikingly high, and that include statistically significant differences across the groups, not matching the pattern of differences that one might expect. Readers are cautioned that the actual failure rates could be much higher than the currently-known-failure rates.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
cryptographic risk analysispost-quantum cryptographycryptosystem selectionstandardization
Contact author(s)
authorcontact-qrcsp @ box cr yp to
History
2023-12-02: revised
2023-11-29: received
See all versions
Short URL
https://ia.cr/2023/1838
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/1838,
      author = {Daniel J. Bernstein},
      title = {Quantifying risks in cryptographic selection processes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1838},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1838}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.