andrew catellier


Guilt by Association

This one hits close to home.

I can’t imagine how the NIST staff involved in creating SP 800 (and more specifically, the SP 800-90A Dual Elliptic Curve Deterministic Random Bit Generation…bit) must feel.

First of all, given the definition of a deterministic system, the title itself gives me pause. Maybe there’s some next-level random number theory described in the standard, but I’m not sure I’d ever want a random number generator to exhibit deterministic behavior.1

Second of all, quotes like this make my stomach sink:

“NIST’s decisions used to be opaque and frustrating,” said Matthew Green, a professor at Johns Hopkins University. “Now they’re opaque and potentially malicious. Which is too bad because NIST performs such a useful service.”

NIST is a legitimate, successful research institution. The one-two punch of being required to consult with the NSA and the harsh (if deserved) public reactions do serious damage to the perceived function and utility of government-funded research institutions.

  1. Unless I was trying to recreate the famous THX Deep Note:

    Some months after the piece was released (along with “Return of the Jedi”) they lost the original recording. I recreated the piece for them, but they kept complaining that it didn’t sound the same. Since my random-number generators were keyed on the time and date, I couldn’t reproduce the score of the performance that they liked. I finally found the original version and everybody was happy.