Hacker News new | ask | show | jobs
by cyberax 68 days ago
It's purely a matter of _potential_ issues. The research on lattice-based crypto is still young compared to EC/RSA. Side channels, hardware bugs, unexpected research breakthroughs all can happen.

And there are no downsides to adding regular classical encryption. The resulting secret will be at least as secure as the _most_ secure algorithm.

The overhead of additional signatures and keys is also not that large compared to regular ML-KEM secrets.
1 comments
tptacek 68 days ago
No it's not. This is the wrong argument. It's telling how many people trying to make a big stink out of non-hybrid PQC don't even get what the real argument is.
link
cyberax 67 days ago
?

I'm not entirely sure what's the problem?

link
tptacek 67 days ago
It's definitely not that "The research on lattice-based crypto is still young compared to EC/RSA."
link
fc417fc802 67 days ago
Perhaps you would care to enlighten us ignorant plebs rather than taunting us?

My understanding (obviously as a non expert) matches what cyberax wrote above. Is it not common wisdom that the pursuit of new and exciting crypto is an exercise filled with landmines? By that logic rushing to switch to the new shiny would appear to be extremely unwise.

I appreciate the points made in the article that the PQ algorithms aren't as new as they once were and that if you accept this new imminent deadline then ironing out the specification details for hybrid schemes might present the bigger downside between the two options.

I mean TBH I don't really get it. It seems like we (as a society or species or whatever) ought to be able to trivially toss a standard out the door that's just two other standards glued together. Do we really need a combinatoric explosion here? Shouldn't 1 (or maybe 2) concrete algorithm pairings be enough? But if the evidence at this point is to the contrary of our ability to do that then I get it. Sometimes our systems just aren't all that functional and we have to make the best of it.

link
tptacek 67 days ago
Calling out a mistaken assertion isn't a "taunt".
link
john_strinlai 67 days ago
"taunt" in the sense that you dangle some knowledge in front of people and make them beg, not "taunt" in the sense of "insult".

You said:

>"[...] don't even get what the real argument is."

and then refuse to explain what the "real" argument is. someone then asks for clarification and you say:

"It's definitely not [...]""

okay, cool! you are still refusing to explain what the "real" argument is. but at least we know one thing it isnt, i guess.

you haven't even addressed the "mistaken assertion". you just say "nah" and refuse to elaborate. which is fine, i guess. but holy moly is it ever frustrating to read some of your comment chains. it often appears that your sole goal in commenting is to try and dunk on people -- at least that is how many of your comments come across to me.

link
cyberax 67 days ago
Uhm...?

As far as I know, the currently standardized lattice methods are not known to be vulnerable? And the biggest controversy seemed to be the push for inclusion of non-hybrid methods?

I'm not following crypto closely anymore, I stopped following the papers around 2014, right when learning-with-errors started becoming mainstream.

link