Wrong. KEM combiners don't just work in theory. They work in the real world.
Hybrids are much safer both in theory and in the real world.
I also strongly object to the publication of this document as I've
already stated earlier in this thread.

This is like a game of chess and some of us on this list can see a few
moves ahead.
The implications of publishing a solo PQ document are quite dire.
Many manufacturers will end up making it their default and many more
will likely implement it just to be "complete".
There are certain three letter agencies that will be happy with this
outcome for reasons that have been stated before.
However I don't agree that if you are for the publication of this
document that means you are a minion of a certain three letter agency.

I think in most cases it means that you care more about the rapid
adoption of PQ than you do about several moves ahead in our little
chess game,
the longer term consequences which will surely put people's lives in
jeopardy. Speaking of jeopardy, there's an interesting e-mail on this
list
which also contains the word jeopardy which you can read if you wish,
but don't do anything at my behest.


On Mon, Jun 29, 2026 at 6:35 AM Blumenthal, Uri - 0553 - MITLL
<[email protected]> wrote:
>
> > I would like to register my strong objection to the publication of this 
> >document.
>
> We disagree.
>
> > Hybrid ("double encryption") constructions protect us from classes of 
> > attacks that pure-PQ
> > constructions do not protect us against. Hybrid constructions have a 
> > negligible overhead
> > compared to pure-PQ constructions.
>
> In theory only, ignoring all the practical implications of software and 
> hardware implementations.
> Unfortunately, our “stuff” has to function in a real world, not on paper.
> _______________________________________________
> TLS mailing list -- [email protected]
> To unsubscribe send an email to [email protected]

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to