On 27-May-26 09:59, Deirdre Connolly wrote:
Does not say anything about 'very significantly harder to break' or similar.
The point being that all hybrid constructions are argued to be secure as long
as /one/ of the components is /still secure/, assuming that the hybrid
constructor is itself secure.
Which is true, as far as I can tell, of *any* double encryption, as long as the
two algorithms are strictly independent.
The 'significantly harder' argument, which requires that independence, is that
if the probablity of one being broken over the next n years is p, and the
probability of the other being broken over the next n years is q, then the
probability of both being broken is pq.
Brian
On Tue, May 26, 2026, 5:52 PM Rob Sayre <[email protected]
<mailto:[email protected]>> wrote:
On Tue, May 26, 2026 at 2:39 PM Deirdre Connolly <[email protected]
<mailto:[email protected]>> wrote:
> I have been led to understand that hybrid algorithms are very
significantly harder to break than either conventional or PQ algorithms
>From where?
This is a decent summary:
https://en.wikipedia.org/wiki/Post-quantum_cryptography#Hybrid_encryption
<https://en.wikipedia.org/wiki/Post-quantum_cryptography#Hybrid_encryption>
thanks,
Rob
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
