← Back to context

Comment by philodeon

4 days ago

I’m not sure why you’re hung up on SNTRUP, since DJB didn’t submit it past round 2 of NISTPQC. In round 3, DJB put his full weight behind Classic McEliece.

You’ve previously argued that “cryptosystems based on ring-LWE hardness have been worked on by giants in the field since the mid-1990s” and suggested this is a point in Kyber’s favor. Well, news flash, McEliece has been worked on by giants in the field for 45 years. It shows up in NSA’s declassified internal history book, though their insights into the crypto system are still classified to this day.

4 comments

philodeon

Reply
tptacek  4 days ago

How long do you think people have been working on lattice cryptography?

  • philodeon  4 days ago

    Lattices themselves have been analyzed since the days of Gauss. Lattice cryptography is only a couple decades old (in the unclassified literature).

    The first proposed lattice-based cryptosystem was completely broken within 2 years of its announcement, which is an lovely harbinger of Kyber’s fate.

    • tptacek  4 days ago

      That's a funny claim given NTRU goes back to 1996 and was a PQC finalist. I barely know what I'm talking about here and even I think you're bluffing your way through this. At this point you're making arguments Bernstein would presumably himself reject!

      1 reply →