[Cryptography] Quillon Graph: A private, post-quantum electronic cash system
iang
iang at iang.org
Thu Jan 8 08:24:28 EST 2026
On 08/01/2026 09:26, Viktor S. Kristensen via cryptography wrote:
> Going hybrid costs about 3x signature size and 2x key-exchange overhead.
Worse than that - it costs 3 times in complexity and therefore attack
surface - you've introduced 2 algorithms to attack and the gap between
them is a complexity that introduces weaknessees.
The TLAs hate simple algorithms and simple protocols because they can be
shown to work easily, proven correct etc. They love complex algorithms &
protocols bc devs make mistakes and committees are required to add
further complexity & mistakes to make them 'safe', as well as
opportunity to distract by committee procedure and eventual cartelisation.
WYTM? Unless you've got something that the spooks really value and
you're likely a kinetic target already, you're better off going best of
simple class and forgetting about the tail risk. If the tail risk turns
up, you'll also be able to hide amongst the noise and quickly swap over
with an emergency update.
iang
More information about the cryptography
mailing list