On Wed, May 27, 2026 at 02:01:08PM -0700, Watson Ladd wrote: > On Wed, May 27, 2026, 1:48 PM Simon Josefsson <simon= > [email protected]> wrote: > > Repeating that statement doesn't make it true. The analog motivation > > for doing PQ hybrids is Man-In-The-Middle attacks. If your non-hybrid > > PQ signature has a weakness (e.g., implementation bug), it facilitate > > man-in-the-middle's. > > > > The only way to achieve that is to have a quantum computer at the time of > attack
Not so. Find the victim's classical public key (they'll gladly tell you it), use a quantum computer to break it off-line and recover the private key, then use the private key at will to impersonate the victim, then its counterparties become victims too. Nico -- _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
