>>> If you are aware of a weakness in ML-KEM, please enlighten us.
>>
>> I second this request — please share.
>
> This is equivalent to asking, in 1979, whether anyone is aware of weaknesses
> in RSA.


RSA was published in 1977, and predating it DH — in 1976.


So, if you insist on analogies — it’s equivalent to asking about RSA sometime 
between 1986 and 2007,
depending on whether you think NTRU studies apply to Kyber that was published 
in 2017, or not.


Or, turning your analogy the other way — asking about Kyber in 2019. You 
might've noticed
there have been work done between then and now:
https://www.google.com/search?q=list+of+publications+analysing+Kyber%3F&oq=list+of+publications+analysing+Kyber%3F&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCTEwNDc0ajBqN6gCALACAA&sourceid=chrome&ie=UTF-8
 <b01f1487-c3a8-4c3e-b6f7-d85d8ac7354f>


You might also observe that, unlike RSA, Kyber (ML-KEM) has been formally 
proven:
https://eprint.iacr.org/2024/843?__cf_chl_f_tk=keuDJvrUIOdSSF1Oo_Q.nqJ1VjDO3EfvbMwkR0rNOL4-1782903077-1.0.1.1-lRpKUBXiaz7K4udL363u4tcz__gsTEVunlUBHBx8jiE
 <77b75eef-dbc7-46cb-b5e2-41a93278bfab>


Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to