alt Hacker News> You use both a quantum-safe algorithm and a classical algorithm, encrypting your data twice and remaining secure if either one is broken.
No. Don't do that.
If you encrypt your data twice, and one of them is broken by a quantum computer, the adversary gets the plaintext anyway.
You want a Hybrid KEM, not encrypting twice. The nuance matters.
> If you encrypt your data twice, and one of them is broken by a quantum computer, the adversary gets the plaintext anyway.
Is the idea here that "you broke quantum and quantum breaks classical, therefor layering is pointless"?