> from a classical security point of view PQC cannot be trusted [citation needed]

FiloSottile • last Monday at 7:36 PM • 2 replies • view on HN

> from a classical security point of view PQC cannot be trusted

[citation needed]

https://words.filippo.io/crqc-timeline/#fn:lattices

Replies

Tyyps • yesterday at 4:34 AM

Just a little selections of recent attacks on a few post quantum assumptions:

Isogenie/SIDH: https://eprint.iacr.org/2022/975

Lattices: https://eprint.iacr.org/2023/1460

Classical McEliece: https://eprint.iacr.org/2024/1193

Saying that you can trust blindly PQ assumptions is a very dangerous take.

➕ show 2 replies

cyberax • yesterday at 1:04 AM

It's purely a matter of _potential_ issues. The research on lattice-based crypto is still young compared to EC/RSA. Side channels, hardware bugs, unexpected research breakthroughs all can happen.

And there are no downsides to adding regular classical encryption. The resulting secret will be at least as secure as the _most_ secure algorithm.

The overhead of additional signatures and keys is also not that large compared to regular ML-KEM secrets.

➕ show 1 reply

alt Hacker News

Replies