|
|
|
|
|
|
by cryptonector
208 days ago
|
|
|
You're not accurately representing DJB's concern. His concern is that NSA will get vendors to ship code that will prefer ML-KEM, which, not being a hybrid of ECC and PQC, will be highly vulnerable should ML-KEM turn out to be weak, and then there's the concern that it might be backdoored -- that this is a Dual_EC redux. |
|
|
This is going to happen anyway (non hybrid) at least inside USG because that's what NSA want.