Score:2

Crypto

What is the mainstream cryptography?

user2357

2/10/23, 5:11 PM

I am always hearing the term "mainstream cryptography", I am looking forward to more clarification on this concept.

What I the mainstream cryptography?

Is its definition subjective?

Is symmetric cryptography within the mainstream cryptography?

Are there good cryptography out of the mainstream? (Aside: If so, how can we judge snake-oil cryptography being out of the mainstream?)

716

0 + 0

symmetric

snake-oil-cryptography

kodlu

2/10/23, 10:51 PM

why have you changed your handle from "the prince"? none of my business but it's a little curious.

user2357

2/11/23, 3:56 AM

@kodlu for fun. at least it made you respond to my questions, again. I wish you continue and do not get annoyed by them. It was not my intention to get anyone annoyed. I am looking forward to having your engagement in my questions. I am sorry if my questions are a little weird. (This comment is to be deleted)

user

2/11/23, 2:53 PM

@user2357 I don't think anyone will get annoyed by a user and ignore their questions, or at least not enough people to make a difference (especially not over something as trivial as a username).

Conrado

2/11/23, 4:36 PM

Fun fact: when Merkle invented public-key cryptography, it was rejected for not being mainstream https://www.merkle.com/1974/

user2357

2/11/23, 5:12 PM

@Conrado good story.

Score:8

Crypto

Mikero

2/10/23, 7:46 PM

What [is] mainstream cryptography?

I would define mainstream cryptography as "the kinds of papers that get published at IACR venues" (Crypto, Eurocrypt, Asiacrypt, TCC, PKC, CHES, FSE, Journal of Cryptology). The IACR is the main professional society for cryptography research.

BTW, I'm not trying to say that these are the only legitimate venues for cryptographic research. There are many other excellent venues, but the cryptography papers published there would also be largely suitable for IACR venues too.

Is its definition subjective?

The norms and conventions of any scientific community are established by the humans that practice that science. Humans suffer from all sorts of biases. There is always an element of arbitrariness to what is considered mainstream practice and what isn't.

I seem to recall that Mihir Bellare's distinguished lecture discusses some of these elements in the context of cryptography. For example, the choice between asymptotic vs concrete statements of security is arbitrary and socially constructed by the community -- so is the choice of which problems are popular at any given time. Bellare references Kuhn's Structure of Scientific Revolutions as a resource that outlines the concepts more generally.

Is symmetric cryptography within the mainstream cryptography?

Yes, there are proposals for new symmetric cryptography and attacks on existing symmetric cryptography, at almost every IACR conference. Additionally, I would guess that the vast majority of cryptography papers use at least some symmetric-key cryptographic building blocks somewhere.

Within symmetric cryptography, there are mainstream approaches and non-mainstream approaches. For example, basing a hash function on a wide public permutation is mainstream -- most new hash functions use this design paradigm. Justifying your designs by showing resistance to linear/differential cryptanalysis is the mainstream expectation. Basing a hash function on "chaotic systems" is not mainstream, and I cannot recall seeing this kind of work published at IACR venues.

Are there good cryptography out of the mainstream?

Almost certainly.

If so, how can we judge chaos-based cryptography being out of the mainstream?

It is reasonable to be skeptical if someone dismisses an area simply for being outside the mainstream. You should ask why it is outside of the mainstream. In the case of chaos-based cryptography, many such reasons have been given here on stackexchange.

0 + 0

kodlu

2/10/23, 10:50 PM

nice answer. one could add venues like Designs Codes and Cryptography.

Mikero

2/11/23, 2:14 AM

Thanks. I have tried to not attempt an exhaustive list of mainstream/quality venues. As you yourself suggest in [this response](https://crypto.stackexchange.com/a/95163/192), Google Scholar's list of [top security/cryptography venues](https://scholar.google.com/citations?view_op=top_venues&hl=en&vq=eng_computersecuritycryptography) is a good place to start.

user2357

2/11/23, 5:36 AM

Is symmetric encryption, like AES, mainstream?

Mikero

2/11/23, 6:07 AM

AES is the most widely used cryptographic algorithm in the world. Most modern processors have special instructions to accelerate AES. Improving the known attacks on AES would make someone's career. If that's not mainstream, I don't know what is.

user2357

2/11/23, 7:07 AM

@Mikero Very instructive. Thank you.

user2357

2/11/23, 10:57 AM

If there is a good cryptography out of the mainstream, is it a matter of time to be within mainstream? Do you have examples of this cryptography that is good and out of the mainstream?

Mikero

2/11/23, 2:15 PM

I'd like to think that all good work eventually makes its way into the mainstream, but I have no idea whether it's inevitable. I'm not an expert on scientific revolutions. I am also deeply embedded in the mainstream of cryptography, so have a hard time thinking of good work outside of the mainstream.

Score:0

Crypto

Paul Uszak

2/11/23, 12:49 PM

And of course quantum key distribution (QKD), using either classical symmetric encryption for speed, or pure one time pads for complete security.

Whilst unpopular, QKD is probably the largest area of cryptographic research at the moment in terms of spend. So I simply offer this link to NATO, this to current research, and the following map of partners working on QKD. And this is only in the continent of Europe. Similar exists in the US and Indochina:-

If that's not mainstream given other 1 billion EURO budgets like this, I don't know what is.

0 + 0

fgrieu

2/11/23, 1:44 PM

Kudos for changing to "unpopular". I wish QKD can be discussed here!

Maeher

2/11/23, 2:20 PM

I do believe that this answer is incorrect. I don't dispute any of the facts you state. A lot of money and time *is* being thrown at QKD. However, crucially *not* from the cryptographic research community. Now, you may argue that the community is in the wrong there and *should* spend their time on it, but they don't. So the majority of (at least academic) cryptographers would *not* think of QKD as "mainstream". In fact many would probably point to it as an example of *non*-mainstream. And as I understand the question, it asks what cryptographers *mean* by the term, not what they ought to.

bmm6o

2/12/23, 12:47 AM

I assume the opening line is meant to answer "Are there good cryptography out of the mainstream?" If so, it should probably be edited to not assume the reader is thinking of question 4/4.

fgrieu

2/12/23, 6:18 AM

Picture is from [OpenKQD](https://openqkd.eu/) material, which [attracted 15M€ from EU out of 18M€ of funding over 3 years](https://cordis.europa.eu/project/id/857156). Is this "largest"? Research can be useful in unexpected ways, but IMHO KQD itself won't be largely used unless Cryptographically Relevant Quantum Computers happen _and_ Post-Quantum Cryptography fails. See the [spec of available gear](http://www.toshiba.co.jp/qkd/en/products.htm): 120 km, 300 kbit/s, extending that requires trust in intermediary nodes, and we still need a trusted courier at each link setup.

Paul Uszak

2/28/23, 12:07 AM

@Maeher I think that you've hit the nail on the head. Cryptography doesn't have to be performed by cryptographers any more. Engineers and scientists can now partake in secure QKD. So I guess the reason they hate it so much is that it's going to make legacy cryptographers obsolete. Which I can understand as it's their rice bowl. Doesn't change the facts though...

Geoffroy Couteau

2/28/23, 7:30 AM

"Cryptography doesn't have to be performed by cryptographers any more": I guess you meant "solely" by crypto researchers? As far as I know, cryptography was never exclusively the field of researchers, far from it (and of course, that's a good thing). "So I guess the reason they hate it so much is that it's going to make legacy cryptographers obsolete": afaik, crypto researchers don't hate QKD, they find it useless-ish. Did you consider that perhaps, the many good reasons to think QKD is not currently useful (while still interesting) are a better explanation than fear of loosing their job?