logoalt Hacker News

avidiaxtoday at 1:29 AM1 replyview on HN

This post was pretty technical. Let's explain a couple of terms:

ML-KEM -- Module-Lattice-Based Key-Encapsulation Mechanism

ML-DSA -- Module-Lattice-Based Digital Signature Algorithm

solo PQ -- Using post-quantum crypto on its own

ECC+PQ -- Using post-quantum crypto as a layer on top of traditional elliptical curve cryptography (ECC)

So what's at stake here, is that the PQ crypto is not proven yet, and had recent implementation vulnerabilities (Kyberslash 1 & 2).

In the NSA's defense, combining cryptosystems also creates attack surfaces, timing problems, additional complexity, etc. Perhaps they know something we don't. They have sometimes acted to strengthen public cryptography, as with the DES S-boxes and differential cryptanalysis. Of course, they also weakened the key-space...


Replies

g-b-rtoday at 3:20 AM

> Perhaps they know something we don't

Perhaps

https://blog.cr.yp.to/20260704-bugs.html#damage