Score:10

Why cannot I assume that cryptography published in venues/journals handled by the same publishers as prestigious journals is serious?

us flag

I do not know if it is allowed to ask this question.

I have been told that "most of the papers on chaos-based cryptography are appearing in fee/generalist journals, whose focus is not security"

However, I found that journals like Springer and Elsevier are filled with these papers.

I thought that these journals are well regarded as good resources. Many great books on cryptology are published by Springer.

The questions: Why cannot I assume that cryptography published in venues/journals handled by the same publishers as prestigious journals is serious? Is book publication is separated from their journal publication? Should I use their books and be very careful about their papers? What is the good source of cryptology papers? How to pick a good source?

fgrieu avatar
ng flag
Springer and Elsevier are not journals. They publish journals and conference proceedings, of various selectivity, and books (including at least [one](https://doi.org/10.1007/978-3-642-20542-2) on chaos-based cryptography). [This closed question](https://crypto.stackexchange.com/q/50004/555) may help.
DannyNiu avatar
vu flag
I think this is better suited for Academic.SE
user2357 avatar
us flag
@fgrieu Do you mean that their papers are not highly trusted for cryptology stuff? Is it the case for IEEE? Are they classified as predatory journals? What about MDPI?
fgrieu avatar
ng flag
I mean being published by Springer or Elsevier is not a reliable indication of the academic quality of a paper. Being in [these IACR publications](https://www.iacr.org/publications/access.php) (listed there in order about matching decreasing prestige), and a relatively small number of others peer-reviewed sources, is a much better indication. I'm aware of few papers on chaos-based cryptography in these, and in my opinion that's for good reasons.
user2357 avatar
us flag
@fgrieu What would be the good reasons, giving that these proposals in chaos-based cryptosystems are weak/vague that have always been broken in subsequent publications and are doing the same mistakes again and again without significant advance for thirty years? To your information, these papers are filled with false claims, moreover, they cite each other to assure some common false claims, to the point that they falsely criticize the mainstream standardized cipher.
fgrieu avatar
ng flag
To clarify: the good reasons I mention are towards having only few papers on chaos-based cryptography in IACR peer-reviewed publications, rather than reasons to have some. The only such paper I remember reading is [this one](https://doi.org/10.1007/3-540-48658-5_30), and it's a rebuttal.
Geoffroy Couteau avatar
cn flag
I'd like to react to the close votes: I believe it would be beneficial to the community to keep this question open. With a bit of rephrasing, I feel like it fits this stackexchange. It is asking in essence "why cannot I assume that cryptography published in venues/journals handled by the same editors as prestigious journals is serious?", and it is a valid question. Sure, one could ask it outside of crypto, but it is especially relevant here, and it's a confusion many people might have. Having a clear answer to the question, even if its slightly bordeline scope-wise, looks desirable to me.
user2357 avatar
us flag
@GeoffroyCouteau thanks for your support, and I welcome editing my question.
user2357 avatar
us flag
@fgrieu Thank you for the clarification.
ShAr avatar
cn flag
https://eprint.iacr.org/
Score:14
cn flag

In addition to the (good) response of kodlu, let me clarify a point which, I think, is the source of the confusion.

Springer, IEEE, Elsevier, etc, are publishers. What this means is that they are responsible for the edition/printing process for journals and conference proceedings. Since they do the publishing and sell the resulting journal, they put their name on the book they produce. That's all. If you create a new conference and want them to be the publisher, they will happily do it if it is financially interesting to them.

The publishers play no part in the selection process of the papers to a journal or a conference. For peer-reviewed conferences, for example, there is a program committee: a list of researchers which have been contacted by the program chair, and who volunteered to participate to the selection of the paper (it's a huge work, for which they are not paid). The program chair is the head of this process, who chooses the committee and makes the final decision.

There is no formal ties between the publisher and the chair/ the committee members. The publisher is a company that sells its editing abilities. The chair and the committee are researchers doing this work for free because it is beneficial for their community (and/or their CV). The chair is typically chosen by the researchers themselves.

For example: CRYPTO, EUROCRYPT, ASIACRYPT, TCC, PKC, etc are some of the major cryptography conferences. The publisher for the proceedings of these conferences is Springer. However, everything related to the scientific content of these proceedings is handled by the IACR (International Association for Cryptographic Research), of which cryptography researchers are often members. The IACR will choose the next program chair (e.g. during a board meeting, then officially through a vote that takes place during one of the major conferences), who will construct a committee, who will read the submissions and recommend whether to accept of reject.

The important bottom line is: there is zero correlation between the quality of the content and the publisher. If EUROCRYPT, CRYPTO, PKC, TCC, etc are serious conferences, it's because they are handled by the IACR, which is a very serious research organization (it is the association of researchers in cryptography). The fact that Springer is their publisher says nothing about their quality. Springer can be the publisher of dozen, perhaps hundredth of very bad journals, perhaps even predatory journals. They do not care, because assessing quality of the content is just not their goal. They are here to provide a service (edition, printing) in exchange for money.

user2357 avatar
us flag
Thanks for your interest in my questions. I have read your comment on a question related to chaos-based cryptography. It was one of the first things that guided me and made me feel confident with my impression of chaos-based cryptography.
user2357 avatar
us flag
That is the point: there is zero correlation between the quality of the content and the editor. Thank you very much.
Fractalice avatar
in flag
There may be a confusion with saying that springer/etc. are "editors", since proceedings usually call the *program chairs* the "editors". I guess more common is to call them "publishers".
Ievgeni avatar
cn flag
Notice that some IACR conferences (CHESS, FSE) have no more link with Springer..
Geoffroy Couteau avatar
cn flag
I actually did not include ToSC (formerly FSE) or CHES for this reason
Chris Peikert avatar
in flag
While this is an excellent answer, I second @Fractalice ‘s point that Springer etc. are best described as publishers, not editors. Usually, the program chairs are listed as the “editors” of conference proceedings, and Springer etc. are considered the publishers.
Geoffroy Couteau avatar
cn flag
I am planning to edit the answer along these lines indeed. I blame not being a native speaker for having an incorrect term in mind - though of course I could also have simply checked before writing the answer :)
Score:6
sa flag

The comments have provided lots of useful information. Distinction between publisher and journal, focused vs broad publishing venues.

This question is somewhat opinion based but not entirely.

All bibliometrics is inaccurate to an extent, and citation rates are NOT perfect, but I think most of the commenters on this question would broadly agree with the following listing of top venues in cryptography and security.

https://scholar.google.com/citations?view_op=top_venues&hl=en&vq=eng_computersecuritycryptography

  1. ACM Symposium on Computer and Communications Security
  2. IEEE Transactions on Information Forensics and Security
  3. USENIX Security Symposium
  4. IEEE Symposium on Security and Privacy
  5. Network and Distributed System Security Symposium (NDSS)
  6. Computers & Security
  7. International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT)
  8. IEEE Transactions on Dependable and Secure Computing
  9. International Cryptology Conference (CRYPTO)
  10. International Conference on Financial Cryptography and Data Security
  11. Security and Communication Networks
  12. IEEE European Symposium on Security and Privacy
  13. International Conference on The Theory and Application of Cryptology and Information Security (ASIACRYPT)
  14. IACR Transactions on Cryptographic Hardware and Embedded Systems
  15. ACM on Asia Conference on Computer and Communications Security
  16. Journal of Information Security and Applications
  17. Theory of Cryptography
  18. Designs, Codes and Cryptography
  19. Symposium On Usable Privacy and Security
  20. IEEE Security & Privacy

Please go read about how these google rankings are done, read about what h5 means, etc., etc. before coming back and asking another question which can be easily researched by yourself.

Also, you will see some IEEE venues, I bet you none of the chaos based crypto articles you have asked about before were in one of these venues, but I am happy to be proved wrong.

user2357 avatar
us flag
Thanks for your advice. I am just new to the topic of chaos cryptography, which Is not very rigorous, to the best of my knowledge. Besides, sometimes I want to have people comments on my intuition. I have suffered too much from their claims.
user2357 avatar
us flag
And as you said in your answer, "All bibliometrics is inaccurate to an extent, and citation rates are NOT perfect". This causes huge confusion, which forces people to ask for clarification. I think this is the most confusion primitive that chaos-based cryptography provides:)
user2357 avatar
us flag
I think you win the bet, but still, other IEEE venues publish new proposals of the chaos-based cipher. How and Why? Are they not belong to the same organization?
Geoffroy Couteau avatar
cn flag
I added my own answer, I hope it will clarify the questions you ask in comments :) (also, the list above misses several important places, but it was to be expected)
user2357 avatar
us flag
To be more clear about the winning of kodlu in his bet, this is the kind of paper that I was familiar with that was published in one of the journals that he suggested, https://ieeexplore.ieee.org/abstract/document/8306512 this paper criticizes chaos-based practice. kodlu, Thank you very much.
fgrieu avatar
ng flag
The above paper ([_Depreciating Motivation and Empirical Security Analysis of Chaos-Based Image and Video Encryption_](https://doi.org/10.1109/TIFS.2018.2812080)) was probably accepted because it says aloud with detailed arguments what any experienced cryptographer wants to shout without needing to prove it: virtually all those many paper that visually show how well they (digitally) encrypt [Lena](https://en.wikipedia.org/wiki/Lenna), and/or "prove" it experimentally with the NIST statistical suite or some other bogus measure, are nonsense.
user2357 avatar
us flag
@fgrieu That is the project (criticizing chaos-based cryptography) I am working on. However, this project should be more comprehensive, so it would contain other fundamental flaws in chaos-based cryptography, e.g., numerical degradation due to the use of finite precision. Moreover, it would contain the indication of their tricks that are not accepted by the cryptography community. This is the source of my "weird" questions. So I hope the crypto SE community will be patient, and I welcome any guidance.
fgrieu avatar
ng flag
@ThePrince: asking for examples of chaos-based cryptosystems that would do one thing / be secure with infinite precision, but actually do something else / are insecure with floating point arithmetic, would I guess make an acceptable question (but one very different from the present one, so keep it separate). You could make the present question more precise asking pitfalls papers on chaos-based cryptosystems often get into. We have visual example (Lena), proof by statistical suite (NIST's), ignoring FP precision. There are a few more, including proof of security by affirmation or self-citation.
user2357 avatar
us flag
@fgrieu I think I have the material to formulate these questions. I am planning to work on them. Thank you for your advice.
user2357 avatar
us flag
Here is a link to a review on some crypto venues: http://www.cs.sjsu.edu/~stamp/securityJournals.html
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.