> I don't like NIST for another, better reason: I think the whole enterprise of picking cryptography standards in advance is bankrupt, and holds the industry back. So I'm not a NIST fan either. But I don't see what's to be gained by derailing conversations about new cryptography so we can relitigate the same points over and over again.
Sorry if you think I'm trying to convince people of anything. I'm simply asking for alternatives to NIST itself, for my own personal and selfish reasons. I'm not arguing against other people trusting NIST, their competitions or anything like that. Just asking a question regarding alternatives.
I'm glad you and others answered. Someone even gave a proper alternative based in Germany, and for that I'm very happy. I'm sorry you feel like people are "relitigating the same points over and over again", I cannot steer the conversation any more than you can and I personally haven't seen any conversations on HN about alternatives to NIST, then obviously I wouldn't ask for it, if I already knew the answer.
You said "NIST worked together with NSA to allow/insert backdoors into cryptography". It's been pointed out a couple times now that neither NIST nor NSA designed these schemes; they were submitted by the highest-profile academic cryptography research teams in the world. You aren't being asked to trust NIST in any meaningful way.
The closest analog to NIST I can think of is ECRYPT and the eSTREAM contest. It produced interesting work and you could follow it in much the same way people followed these last two NIST competitions. But for PQ KEMs, it's likely that NIST's will be the "competition of record".
> You aren't being asked to trust NIST in any meaningful way
I understand that neither NIST nor NSA have designed these schemes, but isn't NIST the organization who picked these winning schemes after all? That's the impression I got, and my history of trusting what NIST picks, isn't the greatest, so I'd like to avoid that. I also understand that countless of people have reviewed the schemes as well, people from all around the world with different types of experience. It's still hard to shake off something that essentially boils down to a feeling: "trust".
Thank you for providing some alternatives in your final paragraph, for the uneducated plebs like myself.
About the worst thing you could say about the NIST competitions is that if NSA knows some horrible flaw in CRYSTAL-KYBER, they're not going to tell us about it. But that's true of any other contest anybody else runs, too.
Why would that be true in any alternate versions of these contests? I understand the enormous incentive mechanisms involved, and yet I cannot see this being obviously true.
Edit to add: if the authorship of the submitters is as above reproach as we are led to assume, why can that not be the case for the NIST decision panel itself?
Sorry if you think I'm trying to convince people of anything. I'm simply asking for alternatives to NIST itself, for my own personal and selfish reasons. I'm not arguing against other people trusting NIST, their competitions or anything like that. Just asking a question regarding alternatives.
I'm glad you and others answered. Someone even gave a proper alternative based in Germany, and for that I'm very happy. I'm sorry you feel like people are "relitigating the same points over and over again", I cannot steer the conversation any more than you can and I personally haven't seen any conversations on HN about alternatives to NIST, then obviously I wouldn't ask for it, if I already knew the answer.