The point is that it happened. "One of the algorithms used in the 2019 test, SIKE, was broken in 2022, but the non-PQ X25519 layer (already used widely in TLS) still protected the data.[111] Apple's PQ3 and Signal's PQXDH are also hybrid.[101]"
thanks, Rob On Tue, May 26, 2026 at 2:59 PM Deirdre Connolly <[email protected]> wrote: > Does not say anything about 'very significantly harder to break' or > similar. > > The point being that all hybrid constructions are argued to be secure as > long as /one/ of the components is /still secure/, assuming that the hybrid > constructor is itself secure. > > On Tue, May 26, 2026, 5:52 PM Rob Sayre <[email protected]> wrote: > >> On Tue, May 26, 2026 at 2:39 PM Deirdre Connolly < >> [email protected]> wrote: >> >>> > I have been led to understand that hybrid algorithms are very >>> significantly harder to break than either conventional or PQ algorithms >>> >>> From where? >>> >> >> This is a decent summary: >> https://en.wikipedia.org/wiki/Post-quantum_cryptography#Hybrid_encryption >> >> thanks, >> Rob >> >> >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
