Comment by throw0101d
3 days ago
> I do not see any flaw in his arguments, while anyone who says that ML-KEM should be used alone is making a bet for which there exists no justification, i.e. the risk is extremely high and the reward is extremely low.
And who is making that 'ML-KEM alone' argument? AIUI, the IETF currently recommends hybrid.
It's on the US government talking to itself that would maybe do non-hybrid:
* https://en.wikipedia.org/wiki/Commercial_National_Security_A...
If the US government wants to compromise itself… then fine?
Also, HQC (FIPS 207) has been chosen as a backup / alternative to ML-KEM (formerly "Kyber"):
* https://www.nist.gov/news-events/news/2025/03/nist-selects-h...
No comments yet
Contribute on Hacker News ↗