[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140323124939.GA9796@bolet.org>
Date: Sun, 23 Mar 2014 13:49:39 +0100
From: Thomas Pornin <pornin@...et.org>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Can I have two entries?
On Sun, Mar 23, 2014 at 04:21:52AM +0400, Solar Designer wrote:
> What do others think?
I'd say that what matters is how "different" the entries are from each
other. Authorship is mostly irrelevant. For PHC we want diversity: a
large panel of password hashing schemes which exhibit various methods
and algorithms, but not too large because this could dilute scrutiny
resources: the point of the competition is to be able to say afterwards
that the "winner(s)" sustained heavy exposure to many cryptographers,
and survived, and thus can be deemed mostly secure. If we end up with 50
schemes, that stance could be tricky to maintain.
A sweet figure would be around 15. That's what we got on AES
competition, and it was fine. With SHA-3, there where a whooping 64
entries, 13 of which being rejected for incompleteness. The remaining 51
were quite overwhelming. Fortunately, a number of them were found to be
weak in some sense, and some people worked hard to kill them off early
enough in the process. Yet actual detailed scrutiny, the one where
cryptographers spend weeks or months on each function, did not begin in
earnest until the list was trimmed down by NIST to 15 candidates (soon
reduced to 14 because MD6 dropped out on its own accord).
It is well-known that when there is a deadline, most submissions will be
sent within the last 72 hours, so even committee members (of which I am
not) cannot claim to have precise estimates on the total number of
candidates.
In all of the above, what matters is finding the right balance between
diversity (more schemes are better) and scrutiny (less schemes will
imply more thorough analysis). Who puts his name under each submission
does not matter much, if at all; PHC is a competition between _schemes_,
not between people (at least, not formally). In that view (that's only
my opinion, of course), any individual is free to submit as many
candidates as he wishes to. But people are encouraged NOT to submit
different variants of the same scheme as different candidates.
As a final note, I must state that the final packaging, where you put
together the specification and reference code and test vectors, and
adjust all the details so that the specification is clear and readable
and the code works well and is portable, that final stretch implies a
substantial amount of effort and time, and is often underestimated(*). I
write these lines on March 23rd, 8 days before the deadline. If you are
preparing a submission and are still tweaking the algorithm, then you
are in trouble. If you want to push two submissions, then you are twice
as much in trouble.
--Thomas Pornin
Powered by blists - more mailing lists