top | item 31990937

(no title)

dsp | 3 years ago

Obligatory djb warnings: https://ntruprime.cr.yp.to/warnings.html

discuss

Here's the warning: Lattice-based cryptography is much more risky than commonly acknowledged. This applies, in particular, to lattice KEMs under consideration within the NIST Post-Quantum Cryptography Standardization Project (NISTPQC) as of October 2021. The above document...

There's a linked PDF paper with more detail.

mixedmath|3 years ago

What does "djb" mean here?

Retr0id|3 years ago

https://en.wikipedia.org/wiki/Daniel_J._Bernstein

kzrdude|3 years ago

Is djb involved in any of the standardized algorithms here by the way?

markschultz|3 years ago

Yes, many. I believe he's on the SPHINCS+ team (was standardized), Classic McCliece (round 3, not standardized), and NTRU_PRIME (round 3, passed over for Kyber). Perhaps more, but he has significant skin in the game.

bawolff|3 years ago

Isn't that the point of having "hybrid" mode?

api|3 years ago

HMAC(pqc_shared_secret, ecc_shared_secret)

forty|3 years ago

What's the "obligatory djb warnings"? Something like "any crypto that's not mine isn't great"? ;)

sterlind|3 years ago

from skimming it, his main argument is that Kyber relies on many constructions (e.g. cyclotomic polynomials) that are actively under attack - researchers have been successfully chipping away at them and show no signs of stopping.

he also alleges that NIST have been moving the goal posts to favor Kyber, and they've been duplicitous in their narrative.

he favors NTRU, which iirc isn't his.

0des|3 years ago

should really be higher up.

unknown|3 years ago

[deleted]