The microblog: 2018.05.26 13:50:07

2018.05.26 13:50:07 (1000343319346589696) from Daniel J. Bernstein:

Sounds like yet another attack exploiting PKE/KEM decryption failures:!topic/pqc-forum/Hr2mTEW0nRo Certainly won't be the last decryption-failure attack. This attack is an example of decryption-failure question #2 from the original version of the NTRU Prime paper posted in 2016.

2018.05.26 14:07:56 (1000347803418230784) from Daniel J. Bernstein:

It's fascinating to look back at some dangerously overconfident responses to the paper, such as "There is abundant literature on CCA2-secure encryption/KEM from LWE problems, which in particular prevents attackers from triggering decryption failures in the sense described here".