Comment by cyberax

5 hours ago

It's purely a matter of _potential_ issues. The research on lattice-based crypto is still young compared to EC/RSA. Side channels, hardware bugs, unexpected research breakthroughs all can happen.

And there are no downsides to adding regular classical encryption. The resulting secret will be at least as secure as the _most_ secure algorithm.

The overhead of additional signatures and keys is also not that large compared to regular ML-KEM secrets.

4 comments

cyberax

tptacek 2 hours ago

No it's not. This is the wrong argument. It's telling how many people trying to make a big stink out of non-hybrid PQC don't even get what the real argument is.

cyberax 1 hour ago
?
I'm not entirely sure what's the problem?
- tptacek 43 minutes ago
  
  It's definitely not that "The research on lattice-based crypto is still young compared to EC/RSA."
  
  1 reply →