Comment by tptacek
2 days ago
I'm simply repeating what Damien Miller said.
https://news.ycombinator.com/item?id=32366614
I'm curious where you got the idea that they had mlkem available to them? They disagree with you.
2 days ago
I'm simply repeating what Damien Miller said.
https://news.ycombinator.com/item?id=32366614
I'm curious where you got the idea that they had mlkem available to them? They disagree with you.
From the link:
> We (OpenSSH) haven't "disregarded" the winning variants, we added NTRU before the standardisation process was finished and we'll almost certainly add the NIST finalists fairly soon.
Nothing in his statements talks about 'availability', just a particular choice (from the ideas floating around at the time).
CRYSTALS-Kyber (now ML-KEM) was available at the same time as SNTRUP because they were both candidates in the NIST competition. NTRU (Prime) is listed as round three finalist / alternate (along with CRYSTALS-Kyber):
* https://en.wikipedia.org/wiki/NIST_Post-Quantum_Cryptography...
Given that they were both candidates in the same competition, they would have been available at the same time. Tiny/OpenSSH simply chose a candidate that ended up not winning (I'm not criticizing / judging their choice: they made a call, and it happened to be a different call than NIST).