2025.03.25 17:49:37 (Mastodon 114224331316248723, Twitter 1904591533627617773) from Daniel J. Bernstein:
One of the Classic McEliece security features: IND-CCA2 security (which is what applications use) in the QROM follows tightly from OW-CPA (one-wayness) for the original McEliece system. No need for "decisional" or "indistinguishability" assumptions. See https://classic.mceliece.org/mceliece-security-20221023.pdf.