2022.05.07 14:42:53 (1522919901278601216) from Daniel J. Bernstein:
"Math doesn’t seem to care very much about the energy budget of an earth sized planet or how many atoms are in its crust, so if your claim to have a large security margin relies crucially on exceeding some such physical limit, you might not have as much as you think." (NIST 2020)
2022.05.07 14:58:11 (1522923750768857088) from Daniel J. Bernstein:
2022, after attack advances appear to show that NSA's favorite candidate flunks NIST's minimum security requirements: "realistic ...?", "42% of the width of Planet Earth", "small-moon-sized cryptanalytic device", "importing matter from other solar systems", etc., etc., etc.
2022.05.07 15:08:45 (1522926411375202304) from Daniel J. Bernstein:
The same submission also offers larger keys (which have also been losing security), but continues to exploit smaller keys to attract attention in benchmarks. NIST, continuing to play both sides of the bait and switch, plans to avoid specifying key sizes in its next announcement.