The microblog: 2020.07.07 15:20:21

2020.07.07 15:20:21 (1280491848486621185) from Daniel J. Bernstein, replying to "Amin Sakzad (@AminSakzad)" (1280440936233754624):

The stated criterion was "haven't suffered security losses". Sure, submissions that suffered security losses hope to still be sufficiently secure, but security losses are warning signals regarding future risks. Asymptotic lattice security levels were 42% higher just 10 years ago!


2020.06.27 00:03:28 (1276637226877644801) from "Amin Sakzad (@AminSakzad)":

Which post-quantum submission (1) has not suffered security loss since the #NISTPQC competition began and (2) is not among the 26 submission in round 2? Titanium.

2020.06.27 12:39:28 (1276827481077510145) from Daniel J. Bernstein, replying to "Amin Sakzad (@AminSakzad)" (1276637226877644801):

Not true. There have been various speedups to the state-of-the-art lattice attacks since then, affecting _all_ lattice submissions, including Titanium. There are some lattice submissions that had much bigger losses (e.g., Round2 was completely broken), but nothing was unaffected.

2020.07.07 11:58:03 (1280440936233754624) from "Amin Sakzad (@AminSakzad)":

We allowed an 10% quantum security safety margin and 5% classical security safety margin in setting our parameters for a target security goal. See "conservative choice of parameters" at the bottom of page 5 in Titanium specification documentation.