2023.06.19 10:57:42 (Mastodon 110570521423615384, Twitter 1670747701569355779) from Daniel J. Bernstein:
Wow, finally an honest version of FrodoKEM! New paper https://eprint.iacr.org/2023/947 from Joel Gärtner proves that 2^128 QROM IND-CCA2 security for dimension 79510 with 37-bit modulus follows from a reasonably conjectured quantitative hardness assumption for worst-case approximate SIVP.