The microblog: 2017.12.09 02:09:35

2017.12.09 02:09:35 (939300964472905728) from Daniel J. Bernstein, replying to "Adam Langley (@agl__)" (939299369978798080):

Something else: There's a second KEM, ntrulpr4591761, in the NTRU Prime submission. 58756/94508/128316 Haswell cycles keypair/enc/dec.


2017.12.09 01:46:08 (939295059853287424) from "Adam Langley (@agl__)":

Agreed. I was just going to throw out the CPA ones. Did I mistakenly include some CPA-only?

2017.12.09 01:52:06 (939296562991136768) from "Adam Langley (@agl__)", replying to "Adam Langley (@agl__)" (939295059853287424):

(Added a note to that effect, thanks.)

2017.12.09 01:57:39 (939297960164241408) from Daniel J. Bernstein, replying to "Adam Langley (@agl__)" (939296562991136768):

Frodo leapt out at me as an example where the paper wasn't doing the extra work for CCA. Maybe the submission to NIST is different.

2017.12.09 02:03:15 (939299369978798080) from "Adam Langley (@agl__)":

The original Frodo paper didn’t do CCA, but I believe FrodoKEM does.