So we all know NIST is being puppeteered by the NSA, specifically in regards to quantum-secure encryption, which means you probably can't use that in certain situations. What are non-14-eye governments doing with encryption? Does anyone have any interesting sources or names of algorithms or anything that can help in this regard?
Frankly, your best bet would either be, say, the Russian Federation or China if you wanted privacy from the 5 Eyes or 14 Eyes or however they've expanded since starting.
But even then, I don't think that non-AES or non-CIS countries are out of the question.
Are you trying to start a website?
Edit: Or web service or social media service or what have you?
Not planning anything, I was just curious about cryptography in RF or PRC. We all use symmetric and asymmetric cryptography approved by the NSA, but we rarely hear of Russian or Chinese (or any other country's) algorithms. The closest I've got was looking at GOST and specifically Kuznyechik, and not very closely. I thought someone else might have had an interest in this like I did, who is more advanced and could point me in the right direction.
So there's GOST for Russian standards and there's SM2/SM3/SM4 (ShangMi) for China's standards (westists seething).
I've also been looking at Chinese vendors for cryptographic hardware accelerator modules, but they all just implement NIST specs.
I am very much thinking of this as well.
I want to start my own website and possibly a web community as well.
And, of course, I'm wondering what to use or what I should know to possibly protect myself.
But no, I'm not advanced on this subject.
at least for web stuff I don't think they're using anything that isn't also broadly implemented in the west. Nothing that I've seen anyhow, I am also not a china/russia expert. Approved by NIST doesn't mean developed by NIST, they're just standard algos with a government stamp of approval for certain uses. Though NIST definitely does influence the development of some ciphers/implementations, so its worth being skeptical.
I did a little research and didn't find any prominent english language mentions of quantum-resistant ciphers that weren't developed in western aligned countries. But of what I did see NTRU seems like mayyybe the least-sus one since it was developed by mathematicians originally not crypto people, and was so early to the quantum party (1996) that I haven't found reference to NIST influencing its development like I did for several others.
Anyhow I wouldn't assume that NIST approved crypto is always compromised, just do your own research on specific ciphers, there will probably be some nerd out there criticizing them if they were really weakened by nist
Anyhow I wouldn't assume that NIST approved crypto is always compromised, just do your own research on specific ciphers, there will probably be some nerd out there criticizing them if they were really weakened by nist
Yeah there is a nerd criticizing them 😭😭😭 which is why I posted this
I'll have a look at NTRU, thank you.
Regarding web stuff I know China pushes its own ciphers, I'm gonna read up on them later™.
damn I didn't realize china had their own TLS ciphers and everything, pretty neat. I haven't seen any substantive criticism of SM4 or its associated hashing function, etc.
Looking into it I found one or two fearmongering sources that go "this is chinese, the ietf only included it for compatibility, DONT USE IT", and a bunch of cryptanalysis papers, mostly from Chinese authors (but written in perfect english which is neat) that seem great but I don't have the expertise to evaluate them in any way.
given that SM4, etc were classified until 2006, a lot of what's cutting edge now is probably classified.
I did find this though: https://en.wikipedia.org/wiki/SM9_(cryptography_standard) which is pretty interesting. I don't know if it's completely novel encryption techniques or if it uses an existing cipher under the hood but regardless very interesting stuff