It deeply surprises me that IEEE is starting off its PQC transition with non-hybrids rather than hybrids. If they have done no analysis, we should tell them the risks and that hybrids are currently preferable. That's why I keep emphasizing that we should first recommend hybrids and that risks should be thoroughly mentioned in pure ML-KEM draft, if we are to publish it.
I want to assure you that people who prefer non-hybrids have done their analysis, not less rigorously than the proponents of the hybrid approach. Both groups are well-aware of their opponents’ arguments. The fact remains that these two groups disagree in their conclusions. For how much longer will the opponents of non-hybrid (because the other side has nothing against hybrids — they simply want the freedom to exercise other options, based on their educated conclusion) beat this dead horse?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
