Many cryptographic designs across all areas have been broken classically. There is a reason there was a ~ten year international competition that started with 88 ~new schemes that was whittled down to ~4 (the NIST PQC series). There was also a NIST competition to select a new block cipher, with 15 submissions, two of which were broken in the process. There is nothing special about the post-quantum-ness in this regard
On Wed, Feb 25, 2026, 11:57 PM Rob Sayre <[email protected]> wrote: > Hi, > > I think the argument was that many of the PQ algorithms have been broken > by non-quantum computers, so the hybrid approach is better. > > It's named after a distant relative (we are all related), so I know it: > > https://en.wikipedia.org/wiki/Sayre%27s_law > > I don't see any reason for a non-hybrid approach. > > thanks, > Rob > > > On Wed, Feb 25, 2026 at 2:27 PM Blumenthal, Uri - 0553 - MITLL < > [email protected]> wrote: > >> >> Admittedly your answer (reported here below) was not addressing my >> concerns. >> >> > . . . . . >> >> > A hybrid still has a chance of being secure if old good crypto would be >> successfully attacked, so your argument does not stand. >> >> >> Let me repeat myself. If the data must *remain secure for a long time*, >> then the Classic part does not help, and the security of that data lies >> solely within the PQ component. Which part of this “does not stand”? >> >> > >> > Isn't the point that the pure PQ ones might be broken by conventional >> computers >> > (and they have in the past)? That's my understanding of the argument. >> >> The point is that if the data requires protection against CRQC — then if >> “pure” PQ is broken, the data is compromised no matter what. Because the >> Classic component will protect it *at best* until CRQC, at worst — even >> before that. >> >> Many algorithms, both Classic and PQ, have been broken in the past. The >> current standards (Classic and PQ) haven’t. >> Please take a look at the timeline table in the email you were responding >> to. >> > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
