[Cryptography] Kyber PQC Key Exchange

Stephen Farrell stephen.farrell at cs.tcd.ie
Mon Aug 8 21:57:23 EDT 2022


Hiya,

On 08/08/2022 22:19, Phillip Hallam-Baker wrote:
> if they can't explain it to people outside the
> number-theory world at a level higher than 'trust us', that is a
> problem.

I strongly agree.

ISTM that unless we can arrange an IETF meeting session
(be that cfrg or ssag) where kyber is explicable to the
satisfaction of ramdom IETF security-types, then yes we
have a significant problem with PQC.

The significant problem being a lack of transparency. I
would assert that it's no longer sufficient to have one
bit of output (good/bad) from these competitions.

Yes, not every programmer needs to understand all algs.
But personally I'm pretty convinced that no PQC algorithm
is going to be very widely accepted unless it's possible
for the top N% of programmers to understand that algorithm.
(My current guess: N needs to be >=10, and we're nowhere
near there now for PQC.)

S.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x5AB2FAF17B172BEA.asc
Type: application/pgp-keys
Size: 10715 bytes
Desc: OpenPGP public key
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220809/23a65fba/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220809/23a65fba/attachment.sig>


More information about the cryptography mailing list