A great example of the unreasonable effectiveness of branding; huge numbers of people who don't really know much at all about cryptography engineering know the "doom principle", because it's much more memorable than "nonce collision" or "error oracle".

> great example of the unreasonable effectiveness of branding

It is indeed.-

Unrelated to "will it run Doom?", of course. What someone here has called "The Carmack Principle" :)

I think "error oracle" is actually a great piece of terminology that really gets to the heart of the nature of the problem. Not as bombastic though!

I think both need some workshopping. I tried search for "error oracle" and all I got were results about errors while using Oracle the database product. I gotta search "error oracle cryptography".

"doom principle" isn't great either since the first hit points to TFA, second to this very thread, and that article doesn't really use the actual term of art.

> gotta search "error oracle cryptography".

Even then it took a page of Oracle errors to get to a single relevant result. Searching "\"error oracle\" cryptography" moves it to the first page in Google and gets a single, relevant result in Brave.

> unreasonable effectiveness of branding

is it really unreasonable? Distilling a concept into a simple, catchy word that the laymen can recognize and remember, esp. by easy association, seems pretty reasonable an outcome! Of course, _doing_ it well is difficult.

OP didn't say it was "unreasonable", but "unreasonably effective".

This applies all the way down to machine code. It can be dangerous to branch on secret data or on unauthenticated data, at least if your threat model includes possible timing attacks.

The corollary to this is that digital signature implantations tend not to be timing hardened, with the assumption that signed-over inputs are not secret. If your scheme assumes that signed-over inputs also need to remain secret, you’re likely misusing your digital signature primitive!