Techly NewsGet the app

Get the latest tech news

Debunking NIST's calculation of the Kyber-512 security level (2023)


[Sidney Harris cartoon used with permission. Copyright holder: ScienceCartoonsPlus.com.] Quick, what's 240 plus 240? It's 280, right? No, obviously not.

#pqcrypto #patents #ntru #lpr #ding #peikert #newhope 2020.12.06: Optimizing for the wrong metric, part 1: Microsoft Word: Review of "An Efficiency Comparison of Document Preparation Systems Used in Academic Research and Development" by Knauff and Nejasmic. We can elaborate a little bit further on our reasoning leading to our current assessment that Kyber512 likely meets NIST category I (similar considerations apply to the other parameter sets we plan to standardize for lattice-based schemes.) Presumably NIST obtained 40 in the following easy way: look at the security-level table on page 103 of the source; observe that pre-quantum sieving for sntrup653 at the top is listed as 169 and 129 for "real" and "free" respectively; subtract the 129 from the 169.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Security

Security

Photo of inability

inability

Photo of Debunking

Debunking

Related news:

News photo

AtomicOS – A security-first OS with real crypto and deterministic language

News photo

Can users reset their own passwords without sacrificing security?

News photo

Google to scale up AI-powered fraud detection and security operations in India

« Why Your Car's Touchscreen Is More Dangerous Than Your Phone
Starting with macOS Tahoe beta 1, FireWire 400 and FireWire 800 standards are no longer supported. »