2020.02.03 14:30:18 (1224324233892913152) from Daniel J. Bernstein, replying to "Jonathan P. Dowling (@jpdowling)" (1221496341790064640):
It is also possible that there is a fast quantum attack against all QKD schemes, or even a fast non-quantum attack. See generally https://cr.yp.to/papers.html#holographic. QKD keeps getting broken this way, despite its limited functionality (basically, trying to replace AES) and massive funding.
2020.01.26 01:15:40 (1221225153910255617) from "Jonathan P. Dowling (@jpdowling)":
Reporter: "There's even a book on post-quantum cryptography." Me: (There's even a book on postmodern Satanism.)
2020.01.26 17:02:13 (1221463362220908544) from "Gui-Lu Long (@guilu_long)", replying to "Jonathan P. Dowling (@jpdowling)" (1221225153910255617):
They are unsure it’s security. NIST mathematician Dustin Moody said:”Most fall into three large families—lattice, code-based, multivariate—together with a few miscellaneous types. That’s to hedge against the possibility that if someone breaks one, we could still use another.”
2020.01.26 19:13:16 (1221496341790064640) from "Jonathan P. Dowling (@jpdowling)", replying to "Gui-Lu Long (@guilu_long)" (1221463362220908544):
See Joe's argument below. It is possible that there is a generic quantum attack against ALL PQC schemes.