Hi yall. I'm Félix Fischer Marqués. I'm from Chile. I don't support the publication of this document. As to why, that's coming up next. I'll try to be brief.
In cryptography today, we rely on strong assumptions. We try to make the least amount of those we can, but as of right now, we're kind of screwed: we must make assumptions. Nonetheless, we try to keep the number and strength of them as low as we can. This draft assumes that ML-KEM is computationally strong. Meaning, it assumes that any adversary would indeed need an exponentially-growing amount of resources to break it (exponential in terms of the cost to the users). That's an extremely silly assumption to make. There is so much we just don't know about computational complexity that, in the best scenario, I would describe this as hubris. We don't even know if one-way functions exist, much less public-key cryptography. Let's remain humble and accept the reality that ML-KEM might not be computationally strong at all. We have to remember that standards like these are adopted in tens of millions of devices. Hubris here kills people over there. Have a good week. -- Félix
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
