|
|
|
|
|
|
by tptacek
256 days ago
|
|
|
I mean, if you're putting me in the same camp as Mark Dowd, I'm flattered. What I think you're not seeing is that this isn't a SIKE vs. Lattice kind of debate; it's a Curve25519 vs. P-256 kind of debate. P-256 was never broken. Curve25519 made smart engineering decisions that for years foreclosed on some things that were common in-the-real-world implementation pitfalls. P-256 has closed that gap now, but for the whole run of the experience they were both sane choices. That's a generous interpretation. Another parallel would be Rijndael vs. Serpent, where the Serpent advocates were all "I don't know about this Rijndael stuff seems dicy". Turned out: Rijndael was great. But Bernstein wants you think that rather than a curve-selection type debate, this is more akin to a "discrete log vs. knapsack" debate. It isn't. |
|
|