2022.08.30 03:15:28 (1564421509866696705) from Daniel J. Bernstein, replying to "Thái "thaidn" Dương (@XorNinja)" (1564075667582361601):
By "released", you mean "suppressed until they saw that the public had the quantum core of the attack (Eisentraeger--Hallgren--Kitaev--Song) and the applicability to lattice-based cryptography, so the only piece missing in public was the note that cyclotomic units are short"?
2022.08.30 03:20:38 (1564422810071576576) from Daniel J. Bernstein:
That was a critical note, and the public _could_ easily have missed it for many years. But the timeline, according to GCHQ, was _not_ that GCHQ was issuing a prompt public warning. There was never an explanation of what triggered them to publish the attack at the moment they did.
2022.08.29 04:21:12 (1564075667582361601) from "Thái "thaidn" Dương (@XorNinja)":
TIL: GCHQ released a quantum attack on their own lattice-based cryptosystem.