2021.05.01 09:48:32 (1388399928280457221) from Daniel J. Bernstein, replying to "Luca De Feo (@luca_defeo)" (1387826799422418944):
5 spends all its time describing some SIKE side-channel countermeasures. How is this supposed to justify the main 5 conclusion, namely that SIKE is easier/cheaper to protect than competitors? Weak, unquantified arguments for SIKE => like ECC => easy; zero analysis of competitors.
2021.04.29 16:44:02 (1387779717370048518) from Daniel J. Bernstein:
Agreeing with main points in 3, 4, 6, 10 in https://eprint.iacr.org/2021/543. More objections to 2, 5, 7, 9. Most important dispute is regarding risk management, 1+8. Recent advances in torsion-point attacks have killed a huge part of the SIKE parameter space, far worse than MOV vs ECDLP.
2021.04.29 19:51:08 (1387826799422418944) from "Luca De Feo (@luca_defeo)":
I'm curious about your objections to 5 (side-channel). Do you mind to expound?