Why cannot I assume that cryptography published in venues/journals handled by the same publishers as prestigious journals is serious?

Question

I do not know if it is allowed to ask this question.

I have been told that "most of the papers on chaos-based cryptography are appearing in fee/generalist journals, whose focus is not security"

However, I found that journals like Springer and Elsevier are filled with these papers.

I thought that these journals are well regarded as good resources. Many great books on cryptology are published by Springer.

The questions: Why cannot I assume that cryptography published in venues/journals handled by the same publishers as prestigious journals is serious? Is book publication is separated from their journal publication? Should I use their books and be very careful about their papers? What is the good source of cryptology papers? How to pick a good source?

Answer 1

In addition to the (good) response of kodlu, let me clarify a point which, I think, is the source of the confusion.

Springer, IEEE, Elsevier, etc, are publishers. What this means is that they are responsible for the edition/printing process for journals and conference proceedings. Since they do the publishing and sell the resulting journal, they put their name on the book they produce. That's all. If you create a new conference and want them to be the publisher, they will happily do it if it is financially interesting to them.

The publishers play no part in the selection process of the papers to a journal or a conference. For peer-reviewed conferences, for example, there is a program committee: a list of researchers which have been contacted by the program chair, and who volunteered to participate to the selection of the paper (it's a huge work, for which they are not paid). The program chair is the head of this process, who chooses the committee and makes the final decision.

There is no formal ties between the publisher and the chair/ the committee members. The publisher is a company that sells its editing abilities. The chair and the committee are researchers doing this work for free because it is beneficial for their community (and/or their CV). The chair is typically chosen by the researchers themselves.

For example: CRYPTO, EUROCRYPT, ASIACRYPT, TCC, PKC, etc are some of the major cryptography conferences. The publisher for the proceedings of these conferences is Springer. However, everything related to the scientific content of these proceedings is handled by the IACR (International Association for Cryptographic Research), of which cryptography researchers are often members. The IACR will choose the next program chair (e.g. during a board meeting, then officially through a vote that takes place during one of the major conferences), who will construct a committee, who will read the submissions and recommend whether to accept of reject.

The important bottom line is: there is zero correlation between the quality of the content and the publisher. If EUROCRYPT, CRYPTO, PKC, TCC, etc are serious conferences, it's because they are handled by the IACR, which is a very serious research organization (it is the association of researchers in cryptography). The fact that Springer is their publisher says nothing about their quality. Springer can be the publisher of dozen, perhaps hundredth of very bad journals, perhaps even predatory journals. They do not care, because assessing quality of the content is just not their goal. They are here to provide a service (edition, printing) in exchange for money.

Answer 2

The comments have provided lots of useful information. Distinction between publisher and journal, focused vs broad publishing venues.

This question is somewhat opinion based but not entirely.

All bibliometrics is inaccurate to an extent, and citation rates are NOT perfect, but I think most of the commenters on this question would broadly agree with the following listing of top venues in cryptography and security.

https://scholar.google.com/citations?view_op=top_venues&hl=en&vq=eng_computersecuritycryptography

1. ACM Symposium on Computer and Communications Security
2. IEEE Transactions on Information Forensics and Security
3. USENIX Security Symposium
4. IEEE Symposium on Security and Privacy
5. Network and Distributed System Security Symposium (NDSS)
6. Computers & Security
7. International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT)
8. IEEE Transactions on Dependable and Secure Computing
9. International Cryptology Conference (CRYPTO)
10. International Conference on Financial Cryptography and Data Security
11. Security and Communication Networks
12. IEEE European Symposium on Security and Privacy
13. International Conference on The Theory and Application of Cryptology and Information Security (ASIACRYPT)
14. IACR Transactions on Cryptographic Hardware and Embedded Systems
15. ACM on Asia Conference on Computer and Communications Security
16. Journal of Information Security and Applications
17. Theory of Cryptography
18. Designs, Codes and Cryptography
19. Symposium On Usable Privacy and Security
20. IEEE Security & Privacy

Please go read about how these google rankings are done, read about what h5 means, etc., etc. before coming back and asking another question which can be easily researched by yourself.

Also, you will see some IEEE venues, I bet you none of the chaos based crypto articles you have asked about before were in one of these venues, but I am happy to be proved wrong.