Some relevant additional detail from NIST's paper selecting HQC.. On Thursday, 13 March 2025 10:01 UTC, Alicja Kario wrote: > NIST has selected HQC for standardisation this week... No idea about > its patent situation, or if we want something with ciphertexts this big in > TLS... (reminder: 4.4 kiB, 8.8 kiB, and 14.1 kiB for 128, 192 and 256 > bit level of security respectively)
As well as HQC's selection, NIST also called out Classic McEliece in their report as a possible future NIST standard once ISO/IEC is finished with it: See https://nvlpubs.nist.gov/nistpubs/ir/2025/NIST.IR.8545.pdf > In the event that Classic McEliece does become widely > used through other standards, and that NIST remains confident in its security while also > determining that there is sufficient need, NIST may develop a NIST standard based on the > widely used version. It has better ciphertext sizes, but much much worse encapsulation/decapsulation key sizes. Andrew Scott https://aes.id.au/
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
