When assuming a block cipher primitive is secure, or a number theoretic problem is hard, this assumption is usually based on how far we are from breaking the primitive or solving the problem using known techniques – using known algorithms and hardware.
But, from a meta-cryptographic point of view, how do we justify the assumption that there doesn’t exist any significantly more efficient algorithms, or any significantly better hardware? I am not asking for opinions on the matter (or for arguments that fix the algorithms and prove that the necessary hardware would be physically impossible) but for justifications based on e.g. the sociology of cryptography or economics of cryptography, using scientific (justified and repeatable) methods and based on the premise that all research is done in the context of pre-existing research.
- How likely is it that a single small team, basing their research solely on the state of the public research and their own results, would come up with results years or decades ahead of everyone else in the field?
- Is it possible for large organizations to internally accumulate enough research, to give the researchers within that organization a significant head start over independent researchers in the field?
- If “yes” on the previous question, are there ways to reliably tell if an organization has such significant amounts of secret accumulated knowledge? Is it possible to use the numbers of papers and patents the organization outputs, as a reliable indication that it doesn’t have a strategy of accumulating knowledge only internally? What about flows of personnel between organizations, i.e. people changing jobs?
- What is the likelihood that an organization exploiting weaknesses it has found in cryptographic primitives, would be caught in the act? If the organization is only using the weaknesses for intelligence gathering? Does it matter if the weaknesses require passive attacks or active attacks to be conducted?