2017.12.09 02:51:08 (939311418343657472) from Daniel J. Bernstein, replying to "Matthew Green (@matthew_d_green)" (939305423265566721):
Formal definitions: same queries but now quantum computation. Engineering: same disastrous impact of giving CCA-vulnerable tools to users.
2017.12.09 03:03:05 (939314427362447360) from Daniel J. Bernstein:
I argued in https://blog.cr.yp.to/20161030-pqnist.html that NIST should allow CCA-vulnerable submissions _for wrapping in SIGMA_. But _users_ reusing keys need CCA security.
2017.12.09 02:27:19 (939305423265566721) from "Matthew Green (@matthew_d_green)":
Was wondering if all the standard definitions were out the window and we had to use new ones in the PQ world :)