2020.07.30 06:12:52 (1288688989927399424) from Daniel J. Bernstein, replying to "note to self. cease tweeting. (@int_ijk)" (1288684785523539970):
Slides from some introductory talks I gave about lattice-based cryptography a week ago: https://cr.yp.to/talks.html#2020.07.20-1 https://cr.yp.to/talks.html#2020.07.21-1 Includes summaries of 17 selected papers in the last decade, mostly 2018-2020, better breaking lattice-based cryptosystems in 6 different ways.
2020.07.30 05:16:32 (1288674811120463872) from Daniel J. Bernstein:
In apparently coordinated announcements, NIST and NSA are strongly pushing for lattice-based crypto, specifically structured lattices, specifically cyclotomic lattices, including sizes where published attacks already seem to violate the minimum #NISTPQC security requirements.
2020.07.30 05:24:01 (1288676696531509249) from Daniel J. Bernstein:
The claimed asymptotic lattice security levels were 42% higher just 10 years ago. They were superexponentially higher just 20 years ago. Structured lattices, especially cyclotomic lattices, raise further concerns. Gentry's original STOC 2009 FHE system is broken for cyclotomics.
2020.07.30 05:46:02 (1288682235533516801) from Daniel J. Bernstein:
NIST's report says that if something even worse happens _publicly_ to cyclotomics _before standardization_ then it will reconsider its "confidence". Meanwhile it displays no understanding of the bigger picture of lattices indisputably losing security again and again and again.
2020.07.30 05:56:10 (1288684785523539970) from "note to self. cease tweeting. (@int_ijk)":
paper(s) for the illiterate, please. math grad student, no number theory or crypto.