10

I do not know if it is allowed to ask this question.

I have been told that "most of the papers on chaos-based cryptography are appearing in fee/generalist journals, whose focus is not security"

However, I found that journals like Springer and Elsevier are filled with these papers.

I thought that these journals are well regarded as good resources. Many great books on cryptology are published by Springer.

The questions: Why cannot I assume that cryptography published in venues/journals handled by the same publishers as prestigious journals is serious? Is book publication is separated from their journal publication? Should I use their books and be very careful about their papers? What is the good source of cryptology papers? How to pick a good source?

Crypt01
  • 417
  • 3
  • 10
  • 8
    Springer and Elsevier are not journals. They publish journals and conference proceedings, of various selectivity, and books (including at least one on chaos-based cryptography). This closed question may help. – fgrieu Sep 20 '21 at 04:52
  • 4
    I think this is better suited for Academic.SE – DannyNiu Sep 20 '21 at 05:10
  • @fgrieu Do you mean that their papers are not highly trusted for cryptology stuff? Is it the case for IEEE? Are they classified as predatory journals? What about MDPI? – Crypt01 Sep 20 '21 at 07:08
  • 4
    I mean being published by Springer or Elsevier is not a reliable indication of the academic quality of a paper. Being in these IACR publications (listed there in order about matching decreasing prestige), and a relatively small number of others peer-reviewed sources, is a much better indication. I'm aware of few papers on chaos-based cryptography in these, and in my opinion that's for good reasons. – fgrieu Sep 20 '21 at 07:15
  • 1
    @fgrieu What would be the good reasons, giving that these proposals in chaos-based cryptosystems are weak/vague that have always been broken in subsequent publications and are doing the same mistakes again and again without significant advance for thirty years? To your information, these papers are filled with false claims, moreover, they cite each other to assure some common false claims, to the point that they falsely criticize the mainstream standardized cipher. – Crypt01 Sep 20 '21 at 07:34
  • 2
    To clarify: the good reasons I mention are towards having only few papers on chaos-based cryptography in IACR peer-reviewed publications, rather than reasons to have some. The only such paper I remember reading is this one, and it's a rebuttal. – fgrieu Sep 20 '21 at 08:01
  • 7
    I'd like to react to the close votes: I believe it would be beneficial to the community to keep this question open. With a bit of rephrasing, I feel like it fits this stackexchange. It is asking in essence "why cannot I assume that cryptography published in venues/journals handled by the same editors as prestigious journals is serious?", and it is a valid question. Sure, one could ask it outside of crypto, but it is especially relevant here, and it's a confusion many people might have. Having a clear answer to the question, even if its slightly bordeline scope-wise, looks desirable to me. – Geoffroy Couteau Sep 20 '21 at 10:31
  • @GeoffroyCouteau thanks for your support, and I welcome editing my question. – Crypt01 Sep 20 '21 at 12:13
  • @fgrieu Thank you for the clarification. – Crypt01 Sep 21 '21 at 10:43
  • 1
    https://eprint.iacr.org/ – ShAr Sep 21 '21 at 13:14

2 Answers2

15

In addition to the (good) response of kodlu, let me clarify a point which, I think, is the source of the confusion.

Springer, IEEE, Elsevier, etc, are publishers. What this means is that they are responsible for the edition/printing process for journals and conference proceedings. Since they do the publishing and sell the resulting journal, they put their name on the book they produce. That's all. If you create a new conference and want them to be the publisher, they will happily do it if it is financially interesting to them.

The publishers play no part in the selection process of the papers to a journal or a conference. For peer-reviewed conferences, for example, there is a program committee: a list of researchers which have been contacted by the program chair, and who volunteered to participate to the selection of the paper (it's a huge work, for which they are not paid). The program chair is the head of this process, who chooses the committee and makes the final decision.

There is no formal ties between the publisher and the chair/ the committee members. The publisher is a company that sells its editing abilities. The chair and the committee are researchers doing this work for free because it is beneficial for their community (and/or their CV). The chair is typically chosen by the researchers themselves.

For example: CRYPTO, EUROCRYPT, ASIACRYPT, TCC, PKC, etc are some of the major cryptography conferences. The publisher for the proceedings of these conferences is Springer. However, everything related to the scientific content of these proceedings is handled by the IACR (International Association for Cryptographic Research), of which cryptography researchers are often members. The IACR will choose the next program chair (e.g. during a board meeting, then officially through a vote that takes place during one of the major conferences), who will construct a committee, who will read the submissions and recommend whether to accept of reject.

The important bottom line is: there is zero correlation between the quality of the content and the publisher. If EUROCRYPT, CRYPTO, PKC, TCC, etc are serious conferences, it's because they are handled by the IACR, which is a very serious research organization (it is the association of researchers in cryptography). The fact that Springer is their publisher says nothing about their quality. Springer can be the publisher of dozen, perhaps hundredth of very bad journals, perhaps even predatory journals. They do not care, because assessing quality of the content is just not their goal. They are here to provide a service (edition, printing) in exchange for money.

Geoffroy Couteau
  • 19,919
  • 2
  • 46
  • 68
  • 2
    Thanks for your interest in my questions. I have read your comment on a question related to chaos-based cryptography. It was one of the first things that guided me and made me feel confident with my impression of chaos-based cryptography. – Crypt01 Sep 20 '21 at 11:17
  • That is the point: there is zero correlation between the quality of the content and the editor. Thank you very much. – Crypt01 Sep 20 '21 at 11:33
  • 11
    There may be a confusion with saying that springer/etc. are "editors", since proceedings usually call the program chairs the "editors". I guess more common is to call them "publishers". – Fractalice Sep 20 '21 at 19:02
  • 1
    Notice that some IACR conferences (CHESS, FSE) have no more link with Springer.. – Ievgeni Sep 21 '21 at 16:59
  • 1
    I actually did not include ToSC (formerly FSE) or CHES for this reason – Geoffroy Couteau Sep 21 '21 at 20:15
  • 2
    While this is an excellent answer, I second @Fractalice ‘s point that Springer etc. are best described as publishers, not editors. Usually, the program chairs are listed as the “editors” of conference proceedings, and Springer etc. are considered the publishers. – Chris Peikert Sep 22 '21 at 12:55
  • 1
    I am planning to edit the answer along these lines indeed. I blame not being a native speaker for having an incorrect term in mind - though of course I could also have simply checked before writing the answer :) – Geoffroy Couteau Sep 22 '21 at 17:58
6

The comments have provided lots of useful information. Distinction between publisher and journal, focused vs broad publishing venues.

This question is somewhat opinion based but not entirely.

All bibliometrics is inaccurate to an extent, and citation rates are NOT perfect, but I think most of the commenters on this question would broadly agree with the following listing of top venues in cryptography and security.

https://scholar.google.com/citations?view_op=top_venues&hl=en&vq=eng_computersecuritycryptography

  1. ACM Symposium on Computer and Communications Security
  2. IEEE Transactions on Information Forensics and Security
  3. USENIX Security Symposium
  4. IEEE Symposium on Security and Privacy
  5. Network and Distributed System Security Symposium (NDSS)
  6. Computers & Security
  7. International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT)
  8. IEEE Transactions on Dependable and Secure Computing
  9. International Cryptology Conference (CRYPTO)
  10. International Conference on Financial Cryptography and Data Security
  11. Security and Communication Networks
  12. IEEE European Symposium on Security and Privacy
  13. International Conference on The Theory and Application of Cryptology and Information Security (ASIACRYPT)
  14. IACR Transactions on Cryptographic Hardware and Embedded Systems
  15. ACM on Asia Conference on Computer and Communications Security
  16. Journal of Information Security and Applications
  17. Theory of Cryptography
  18. Designs, Codes and Cryptography
  19. Symposium On Usable Privacy and Security
  20. IEEE Security & Privacy

Please go read about how these google rankings are done, read about what h5 means, etc., etc. before coming back and asking another question which can be easily researched by yourself.

Also, you will see some IEEE venues, I bet you none of the chaos based crypto articles you have asked about before were in one of these venues, but I am happy to be proved wrong.

kodlu
  • 22,423
  • 2
  • 27
  • 57
  • 2
    Thanks for your advice. I am just new to the topic of chaos cryptography, which Is not very rigorous, to the best of my knowledge. Besides, sometimes I want to have people comments on my intuition. I have suffered too much from their claims. – Crypt01 Sep 20 '21 at 07:58
  • 2
    And as you said in your answer, "All bibliometrics is inaccurate to an extent, and citation rates are NOT perfect". This causes huge confusion, which forces people to ask for clarification. I think this is the most confusion primitive that chaos-based cryptography provides:) – Crypt01 Sep 20 '21 at 08:56
  • I think you win the bet, but still, other IEEE venues publish new proposals of the chaos-based cipher. How and Why? Are they not belong to the same organization? – Crypt01 Sep 20 '21 at 08:57
  • 3
    I added my own answer, I hope it will clarify the questions you ask in comments :) (also, the list above misses several important places, but it was to be expected) – Geoffroy Couteau Sep 20 '21 at 09:23
  • To be more clear about the winning of kodlu in his bet, this is the kind of paper that I was familiar with that was published in one of the journals that he suggested, https://ieeexplore.ieee.org/abstract/document/8306512 this paper criticizes chaos-based practice. kodlu, Thank you very much. – Crypt01 Sep 20 '21 at 14:37
  • 3
    The above paper (Depreciating Motivation and Empirical Security Analysis of Chaos-Based Image and Video Encryption) was probably accepted because it says aloud with detailed arguments what any experienced cryptographer wants to shout without needing to prove it: virtually all those many paper that visually show how well they (digitally) encrypt Lena, and/or "prove" it experimentally with the NIST statistical suite or some other bogus measure, are nonsense. – fgrieu Sep 21 '21 at 13:38
  • @fgrieu That is the project (criticizing chaos-based cryptography) I am working on. However, this project should be more comprehensive, so it would contain other fundamental flaws in chaos-based cryptography, e.g., numerical degradation due to the use of finite precision. Moreover, it would contain the indication of their tricks that are not accepted by the cryptography community. This is the source of my "weird" questions. So I hope the crypto SE community will be patient, and I welcome any guidance. – Crypt01 Sep 21 '21 at 15:46
  • 2
    @ThePrince: asking for examples of chaos-based cryptosystems that would do one thing / be secure with infinite precision, but actually do something else / are insecure with floating point arithmetic, would I guess make an acceptable question (but one very different from the present one, so keep it separate). You could make the present question more precise asking pitfalls papers on chaos-based cryptosystems often get into. We have visual example (Lena), proof by statistical suite (NIST's), ignoring FP precision. There are a few more, including proof of security by affirmation or self-citation. – fgrieu Sep 21 '21 at 17:28
  • @fgrieu I think I have the material to formulate these questions. I am planning to work on them. Thank you for your advice. – Crypt01 Sep 21 '21 at 18:22
  • Here is a link to a review on some crypto venues: http://www.cs.sjsu.edu/~stamp/securityJournals.html – Crypt01 Oct 17 '21 at 11:16