So we all know NIST is being puppeteered by the NSA, specifically in regards to quantum-secure encryption, which means you probably can't use that in certain situations. What are non-14-eye governments doing with encryption? Does anyone have any interesting sources or names of algorithms or anything that can help in this regard?
at least for web stuff I don't think they're using anything that isn't also broadly implemented in the west. Nothing that I've seen anyhow, I am also not a china/russia expert. Approved by NIST doesn't mean developed by NIST, they're just standard algos with a government stamp of approval for certain uses. Though NIST definitely does influence the development of some ciphers/implementations, so its worth being skeptical.
I did a little research and didn't find any prominent english language mentions of quantum-resistant ciphers that weren't developed in western aligned countries. But of what I did see NTRU seems like mayyybe the least-sus one since it was developed by mathematicians originally not crypto people, and was so early to the quantum party (1996) that I haven't found reference to NIST influencing its development like I did for several others.
Anyhow I wouldn't assume that NIST approved crypto is always compromised, just do your own research on specific ciphers, there will probably be some nerd out there criticizing them if they were really weakened by nist
Yeah there is a nerd criticizing them 😭😭😭 which is why I posted this
I'll have a look at NTRU, thank you.
Regarding web stuff I know China pushes its own ciphers, I'm gonna read up on them later™.
damn I didn't realize china had their own TLS ciphers and everything, pretty neat. I haven't seen any substantive criticism of SM4 or its associated hashing function, etc.
Looking into it I found one or two fearmongering sources that go "this is chinese, the ietf only included it for compatibility, DONT USE IT", and a bunch of cryptanalysis papers, mostly from Chinese authors (but written in perfect english which is neat) that seem great but I don't have the expertise to evaluate them in any way.
given that SM4, etc were classified until 2006, a lot of what's cutting edge now is probably classified.
I did find this though: https://en.wikipedia.org/wiki/SM9_(cryptography_standard) which is pretty interesting. I don't know if it's completely novel encryption techniques or if it uses an existing cipher under the hood but regardless very interesting stuff