I think all you need is something like “The failure rate for ML-KEM is sufficiently low that it is highly unlikely that any implementation will ever encounter it in practice.”
On Sep 24, 2025 at 6:48:20 PM, Viktor Dukhovni <[email protected]> wrote: > On Thu, Sep 25, 2025 at 12:31:21AM +0000, Wang Guilin wrote: > > "The failure rate for ML-KEM is extremely low, so it is not necessary > > to address it in this specification." > > > I don't think this is sufficiently clear. What does "extremely low" > mean? Should the implementer care about it or not (despite lack of > further clarification in the specification)? So I still think it is > best to say nothing at all, but if a claim is to be made, it would > have to a stronger statement, that is more clear: > > The failure rate of ML-KEM with honest inputs is of theoretical > interest only, its probability is negligible and SHOULD be ignored. > Implementations SHOULD NOT attempt to distinguish between failures > given bad inputs and essentially "impossible" failures with honest > inputs. > > -- > Viktor. 🇺🇦 Слава Україні! > > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
