Perhaps to illustrate my point, WolfSSL has received a CVE for a bug in
ML-KEM on https://nvd.nist.gov/vuln/detail/CVE-2026-10097.
I do remember seeing this with a CWE of CWE-327: Use of a Broken or
Risky Cryptographic Algorithm, but that has since changed in the NVD to
read CWE-697: Incorrect Comparison. (See the CVE change history in the NVD.)
Cheers
Stephan
On 7/1/26 12:32 PM, Stephan Neuhaus wrote:
I do not support the publication of this document.
I remember well that security standards get broken: when they have been
well-reviewed, but especially when they're new. Bugs show up in the
math, but also in implementations. Lattice cryptography seems to me to
be a very active field of research, when quite fundamental results (and
bugs!) are still being discovered, both in the math and in the
implementations. From a risk-management perspective alone, I believe
that it's too risky to standardise, even as "informational", a mode of
encryption that relies only on these new methods.
Cheers
Stephan
PS: Full disclosure: I have just joined the TLS mailing list, mainly to
say just this. I also have no standing in the cryptographic community,
except that I have published a paper last year together with Peter
Gutmann of this parish, about how all of the published quantum
factorisation records are bogus [1]. What kind of standing this gives
me, if any, is anybody's guess.
[1] https://eprint.iacr.org/2025/1237
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]