Re: VMPC isn't free

From: Tom St Denis (tomstdenis_at_iahu.ca)
Date: 08/27/03 

Date: Wed, 27 Aug 2003 14:21:37 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mok-Kong Shen wrote:
|
| Tom St Denis wrote:
|
|
|>I've thrown in my share of research topics with mixed results. For
|>instance, I did get some nice replies to my study of the branch
|>properties of FFT-like networks [for instance].
|>
|>The problem is when people like Barzotak [or whatever] discover "new and
|>great" ciphers they waste weeks of time where legitimate questions
|>almost always get ignored. In the end their contributions are zero
|>since they brought nothing to the table.
|
|
| There are clever and less clever or stupid people, good
| and bad researchers. Maybe you are lucky to belong to the
| genius class, but still one has to have certain tolerance
| towards the less gifted ones. Note also that everyone
| starts as a beginner who can't yet do things that a profi
| could do.

Yah, tom the genius. That'll be the day.

How about just Tom the student who can't get no knowledge in a
discussion group because people flee it?

Sure you can read all the papers you want [and certainly I've read my
share] but there are always details left out [e.g. assumes prior
knowledge]. This is where being able to chat it up with the pros would
come in handy.

For example, in the case of CEILIDH I was offering todo an independent
implementation so I can time it against algorithms like XTR/DH/RSA, etc...

I'm sure the questions I asked via private email are questions other
newbies may want to know the answer to.

|>The problem is he [like the others] don't take the science seriously.
|>They trivialize everything and insult the regulars. This is what drives
|>the real pros away. Even if Barzatols didn't "insult people" his
|>constant barrage of mootness is enough to drive the S/N ratio straight
|>to zero.
|>
|>Believe it or not but there are actually real people who study crypto
|>for a living. Having their work trivialized at every step is just
|>insulting and they'd rather do without. This is where us amateurs
lose out.
|
|
| I am not sure that you could correctly decide whether
| others are taking the science seriously in many cases.

Signs of taking it seriously

1. No handwaving conjectures.

2. No "best ever" or "patent-pending" buzzwords

3. Actually state what problem the project solves. This could [for
instance] be something as simple as "efficient cipher design for an
8-bit MCU].

4. Write up the project formally as a paper [even if not submitting it
to a conference]. This means you organize your thoughts in a consistent
and logical manner. This also means you include real analysis [not just
random meaningless tests]. Normally also you set forth to theorize
something and prove it.

5. Not insult those that are not convinced or interested.

You won't see this from dscott, mrsjunecarey, dabiker, bartoszalky,
etc... for the sole fact they are not interested in academia. They
don't read previous papers/books so they rarely if ever know what they
are talking about. Since they don't read past academia they don't care
about future academia [which is abundantly evident in their behaviour].

And don't get me wrong, not all ideas and projects have to be
earth-shattering nobel winning work. For instance, when I was [er
starting, I still am!] learning cryptography I often wrote up what I was
learning in the form of a paper. It helped me practice writing as well
as really understand the topics.

| (Yes, there are on the other hand politicians who
| think to be able to always correctly decide who have the
| right or wrong 'thought'.) First class researchers don't
| spend much of their time in our group in my view. That's
| bad, but I don't think you, as individual, could ever
| change that.

Why not? If I could make a case that these nut-cases should be ignored
then maybe the S/N ratio will improve which will entice the pros to come
back.

The pros don't post because sharing knowledge for free is beneath them.
~ They don't because they can do without the flame wars and such. They
share knowledge via books, conferences and private communications.

| On the other hand, I am personally of the
| opinion that this group should provide the opportunity
| to amateurs and beginners to express their (eventually
| very wrong) ideas so that they could have a certain chance
| to mature to become profis oneday. If you are a profi and
| have the goodwill to help others, you should have a certain
| amount of patience and tolerance to the amateurs and
| beginners in my opinion. (Note, though, that you are never
| 'required' to help others or even to follow-up at all.)

Newbies shouldn't be sharing complete ideas as often as they do. They
should be asking questions and sharing problems.

Specially ciphers. All these scottu19 and L1/2/3/4/5/... and
javascript-h4x0rz are a prime example of what not to send. And it isn't
as if I didn't do that too when I started. Just when I was "told" by
Wagner [politely I might add] I took the hint and did some reading.

Admitedly I designed quite a few ciphers but I never claimed they were
secure and often my designs were never very similar [e.g. feistels with
very different round functions, spn ciphers of varying forms]. So
perhaps I should have curbed some of my ideas but I didn't share many of
the faults of the trolls I'm trying to make an example of

1. I always maintained my ciphers were not to be used/trusted. Though
a few of them I argued were strong

2. I always tried new ideas/configurations. I never kept at the same
design over and over.

3. I graciously accepted attacks [on the design] from people specially
Fluhrer and Fisher.

This VMPC guy is all about "use my design, replace AES with it, it's
uber strong" etc... Which in my opinion is not only arrogant it's
frustrating because you know some tool with his hand on an executive
decision button will say "VMPC is the shiz-nitz!" and boom we're thrown
back to the stone age.

|>So you're damn right I'm pissed off at the troll-of-the-week when they
|>post their useless design of the week. People have to ignore them
|>completely and eventually they'll just leave.
|
|
| For the general people, I like to re-iterate my hint of
| the possibility of employing kill-file and (in case a
| suitable browser is not available for that) of refraining
| from clicking on posts of certain selected persons.

Ideally what we need is more moderator activity in sci.crypt.research.

I know Jason Holt is setting up a private mailing list [similar to
wassabi but only for academics not just cryptoers in general]. That may
prove interesting.

Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/TL50sP+tEsHHY0ARAmBQAKCLno3X/MOa/lv6pxypyfKvJYrNNwCcCzCU
jjYYgX2aUhFRZj4GCN63+D4=
=IF2V
-----END PGP SIGNATURE-----