2022.05.25 00:51:51 (1529233746922156032) from Daniel J. Bernstein:
"I'm not happy with the field of candidates for post-quantum public-key signature systems." 2003, in the posting that introduced the "post-quantum" phrase: https://archive.is/BHGOM Then https://eprint.iacr.org/2004/297 surveyed these sig systems; almost all now broken, except hash-based.
2022.05.25 01:12:29 (1529238939323682816) from Daniel J. Bernstein:
Will today's post-quantum proposals turn out to have a better track record when we look back at them 18 years from now? Some people sound awfully confident in supposed dividing lines between new structured-lattice systems and old broken structured-lattice/structured-code systems.
2022.05.25 01:25:43 (1529242270280560640) from Daniel J. Bernstein:
When there's a long history of cryptographic failures, is this because there are a dozen pitfalls surrounding a safe core idea? Or is the core idea fundamentally flawed? It's deeply disturbing to see cryptographic decisions being made by people who think these are easy questions.