usenix-e.tex 2.48 KB
 Peter Schwabe committed Oct 01, 2020 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 \newpage \section{Usenix Security 2020 Review \#324E} \begin{tabular}{rl} \toprule Review recommendation & 1. Reject \\ Writing quality & 2. Needs improvement \\ Reviewer interest & 1. I am not interested in this paper \\ Reviewer expertise & 2. Some familiarity \\ \bottomrule \end{tabular} \begin{center} \subheading{===== Paper summary =====} \end{center} This paper presents a proof and technique for proving the correctness of and implementation of the X25519 key exchange protocol. The authors provide a sketch of the system and related various components of the formal analysis. \begin{center} \subheading{===== Strengths =====} \end{center} This is an exceptionally sophisticated approach for formally verifying the correctness of a crypto library. The authors have provided a usable library implementing an important protocol. \begin{center} \subheading{===== Weaknesses =====} \end{center} This paper does not feel like a great fit for USENIX security. This should likely go to a formal verification or crypto conference, because the details and contributions are likely to be lost on the USENIX community. To that point, the paper is very, very dense and requires an incredible amount of background to appreciate the nuances of the work. For example, to appreciate the work, you have to study the code, definitions, and intermediate languages on pages 5-7. The whole thing reads like a technical report without much prose to help me understand what is going on. I had a difficult time understanding how this work generalizes. Even the introduction failed to provide a clear statement of the contributions of this work. This is highlighted in the previous reviews when prior reviewers could not fully ascertain the contribution of this work. Oddly, I found that the responses to the past reviewer's questions were often more instructive than the paper itself. I am also not sure that the authors really appreciated that the previous reviews were asking you to provide a more structured and less detail oriented paper. In the end, I strongly feel that this paper must be rewritten with the low level details deemphasized and the contributions and intuition presented with clarity. \begin{center} \subheading{===== Questions for authors' response =====} \end{center} Why was this submitted to USENIX? S\&P seems like a much better venue. What am I to take away from this? How does this generalize?