logoalt Hacker News

tptacektoday at 3:03 AM1 replyview on HN

This is completely backwards. The more cryptography-literate you are, the more likely it is you think hybrids are silly. Plenty of cryptographers think this is all bullshit, and that ECC+MLKEM makes about as much sense as an AES+Serpent cascade. It is simultaneously the case that MLKEM is far less mysterious than programmers on message boards think it is, and that conventional ECC and finite field cryptography is much more mysterious and spooky than they think it is.

(I'm only somewhat cryptography-literate and so I would myself default to a hybrid, though that opinion might change the first time I bother banging together an MLKEM implementation.)


Replies

g-b-rtoday at 4:10 AM

> The more cryptography-literate you are, the more likely it is you think hybrids are silly

You are if you're considering a cypher that's extremely likely to be secure.

In this case we're ok to introduce something with a chance to be quantum-resistant before it's been studied enough, because we want a chance of being quantum-resistant soon.

But that's only ok if you add it to the existing, reliable, systems.

Were there not the issue of quantum computers we wouldn't even be considering to use different cyphers at this time.

show 1 reply