rwc2023 Paper #39 Reviews and Comments =========================================================================== Paper #39 Comments on certain past cryptographic faults affecting randomized censorship circumvention protocols Review #39A =========================================================================== Overall merit ------------- 4. Accept Paper summary ------------- This talk describes three different vulnerabilities in different censorship-circumvention systems. The vulnerabilities are not all recent and, as I understand, the speaker did not discover any of them personally. At the same time, each of these attacks is technically interesting and is very clearly described in the talk abstract. I would be very happy to see this talk in the RWC 2023 program. Comments for authors -------------------- Pros: + Censorship-circumvention tools are widely used and yet have gotten little attention at RWC. The meta-level discussion on censorship circumvention should generate lots of good discussion at the conference. + The attacks are technically interesting. While they will not necessarily be shocking to this audience, they are also not obvious or trivial. Publicizing these vulnerabilities may lead the community to discover more: my guess is that the Elligator bug appears in other protocols. + The speaker is an expert on the topic. Cons: - The attack techniques (decryption-oracle attacks, etc.) are well known. - It's not clear that these attacks mattered terribly much in practice. Review #39B =========================================================================== Overall merit ------------- 2. Weak reject Paper summary ------------- The talk describes different failures in cryptographic software used for censorship circumvention. With these failures, the author wants to notify censorship circumvention developers that cryptography is not the primary consideration in circumvention. ## Pros - Interesting vulnerabilities to be discussed - Important and interesting topic - I do not know the speaker but he did a great job at Defcon (https://www.youtube.com/watch?v=M-Uq7YSfZ4I). I am sure he would deliver a good talk here. ## Cons - While the topic seems to be interesting, a lot of content concentrates on vulnerabilities the speaker has not found. I would prefer to give the possibility to talk at RWC to somebody, who presents their own work. - After reading the paper, I am still not sure what the final advice to the developers/community is and which lessons learned we retrieve. Comments for authors -------------------- (minor) The paper exceeds the submission length (2 pages). Review #39C =========================================================================== Overall merit ------------- 4. Accept Paper summary ------------- David Fifield surveys three cryptographic vulnerabilities in censorship circumvention software. Comments for authors -------------------- From the title I thought this would be about fault attacks, not flaws/vulnerabilities.