2020.06.27 12:31:05 (1276825371619454977) from Daniel J. Bernstein, replying to "Mike Gardiner (@ObstacleMan)" (1276549466657624064):
I suspect NIST starts round 3 by declaring a small list of things they plan to standardize + explicit backup list. But speed will be overemphasized: people are overconfident; risk is harder to prove than speed. I doubt all security problems will be caught before standardization.
2020.06.26 11:38:29 (1276449748329750528) from Daniel J. Bernstein:
Which post-quantum submissions (1) haven't suffered security losses since the #NISTPQC competition began and (2) are among the 26 submissions in round 2 (which is ending soon)? I think there are exactly 3: SIKE (which scares me for being too new), Classic McEliece, and SPHINCS+.
2020.06.26 18:14:44 (1276549466657624064) from "Mike Gardiner (@ObstacleMan)":
What do you think about draft certification of those 3 now and the rest continue on in a third round? Draft status could alleviate your too new comment by increasing the incentive for people to look into SIKE