The main reason this cites is correct: Bernstein's algorithms are simpler and easier to implement correctly than RSA, DSA, or even AES. They're smaller in code, easier to port, and easier to understand.
Barring major problems with the algorithms, their simplicity also makes them inherently more secure. Complexity is anathema to security-- complex code is hard to audit, hard to understand, and has more "bug surface area." Bernstein himself calls this "boring crypto": the use of simple easy to understand constructions in simple predictable and easily auditable ways.
1 comment
[ 2.1 ms ] story [ 12.9 ms ] threadBarring major problems with the algorithms, their simplicity also makes them inherently more secure. Complexity is anathema to security-- complex code is hard to audit, hard to understand, and has more "bug surface area." Bernstein himself calls this "boring crypto": the use of simple easy to understand constructions in simple predictable and easily auditable ways.